Connect-PnPOnline -Credentials using Modern Authentication #3482
Replies: 2 comments 1 reply
-
|
The best way to connect depends on how you are using PnP.PowerShell. For interactive sessions, usually -Credentials is not the best option, since this does not work with Multi-Factor Authentication (which you should be using). Here I would recommend using the -Interactive parameter as this supports MFA. But again, -Interactive is the more safe option. For scripts that run unattended, Automation Accounts and Azure Functions you should use either an app with a certificate or Managed Identities to authenticate. Read these articles/documentation for more info: |
Beta Was this translation helpful? Give feedback.
-
|
Thanks @AndersRask completely agree that -credentials is not the best option. This is for automation account scripts, with service accounts with MFA turned off, before we were 'allowed' to create Managed Identities in our org (don't ask me why :D). |
Beta Was this translation helpful? Give feedback.
-
|
I usually go with clientId and a self signed cert in automation accounts. Just add the .cer file to the app reg and the pfx with pwd to automation account and connect using thumbprint |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
I am hoping this is going to be very quick.
The security team in my org have come to me and have said the Connect-PnPOnline is using Basic Authentication because we are using -Credentials.
We are using v1.12.0, and to my understanding -Credentials certainly in the v1.12.0 is using Modern Authentication (O.Auth2.0). We use credentials to 'connect' yes but the credentials gets a token and it is this token that is used to connect to SharePoint.
Am I right in my thinking here?
What would be the best way to explain and show them that this isn't using Basic Authentication?
Beta Was this translation helpful? Give feedback.
All reactions