Key Vault and Certificate for Term Store Synchronization

01/07/2025

Note

The following operations are only required when you want to work with Term Store Synchronization.

Using a key vault and certificate with Term Store synchronization requires the following steps:

create a key vault
generate a certificate
export this certificate from the key vault
upload this certificate into the App registration
and add a client secret

After you have created an app registration and set up its API permissions, you need to create a key vault. The key vault lets you generate a certificate and a client secret, which the Graphwise for SharePoint Administration application needs to authorize and authenticate against resources.

For more information on how to create a key vault using the Azure portal, refer to the Microsoft Azure documentation.

Tip

Another option is to create a key vault with a custom PowerShell script.

After creating a key vault you can use it to generate a certificate. The Graphwise for SharePoint Administration application needs this certificate to authorize and authenticate against resources.

For more information on how generate a certificate in your key vault using the Azure portal, refer to the Microsoft Azure documentation. On the Create a certificate section in step 3, configure the certificate to your needs. Make sure that the Certificate name matches the Subject.

Select App registration.
The App registration page opens with the Owned applications tab activated by default.
Select the app registration from the list that you created for the Graphwise for SharePoint application.
This will display the application Overview page.
Select Certificates & secrets (3) from the Manage menu (1) on the left.
In the Certificates tab, select Upload certificate.
This opens the Upload a certificate page.
Upload the certificate from your device.
Enter a description.
Confirm with Add.

In addition to a certificate, the Graphwise for SharePoint Administration application also needs a client secret to authorize and authenticate against resources.

A Client secret is required for both tagging and Term Store Synchronization. In the App Registration section go to the Manage (1) item, click it (2) to open the list of available items and click on Certificates & secrets (3) item to configure it.

For more information on how to create a client secret, see the Microsoft Azure documentation.

In this section: