Friday, February 8, 2019

Connect to SharePoint online, with an account has multi factor authentication (MFA) enable

When I deliver PowerShell script to a customer, that contains log in / credential, I normal use this line of code:

$user = "user@tenant.com"
$password = "ZXY" | ConvertTo-SecureString -AsPlainText -Force
$credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $User, $password
$url = "https://tenant.sharepoint.com"
 
Connect-PnPOnline -Url $url -Credentials $credential

Or reading the password from disk like this:

$user = "user@tenant.com"
$password = Get-Content .\password.txt -Raw | ConvertTo-SecureString -AsPlainText -Force
$credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $User, $password
$url = "https://tenant.sharepoint.com"
 
Connect-PnPOnline -Url $url -Credentials $credential

Or from Windows Credential Manager, https://github.com/SharePoint/PnP-PowerShell/wiki/How-to-use-the-Windows-Credential-Manager-to-ease-authentication-with-PnP-PowerShell.

But this will not work if the customer account is configured for use multi factor authentication (MFA). The PnP/PowerShell script will return with an error message:

“The remote server returned an error: (403) Forbidden”

Luckily, we can work around this errror, by using the UseWebLogin. When using the UseWebLogin parameter a Windows Form will open and show an IE control that navigate to the Office 365 log in page. And this process support MFA login.

$url = "https://ameq.sharepoint.com"
 
Connect-PnPOnline -Url $url -UseWebLogin