EntraCP

Installation

This article describes the steps to complete in order to successfully install EntraCP in your SharePoint farm.

Is it safe to (un)install or update EntraCP in my SharePoint farm?

Yes, as long as you follow the steps in the documentation, as the solution’s deployment type (ApplicationServer) means that:

  • Deploying/retracting the solution only copies/removes the files on disk (it does not installs/removes the EntraCP features).
  • The features are installed/removed with a specific step, which prevents conflicts.
  • The files are deployed on truly all SharePoint servers.

The biggest risk is a misconfiguration in the assembly bindings, which could prevent SharePoint to run.

Updated steps order

Make sure to deploy the solution before setting the assembly bindings.

Download the required assets

Browse to the latest release and download the assets assembly-bindings.config and EntraCP.wsp.

Deploy the solution

Run the following script on the server running the central administration, in a new PowerShell process:

Automated installation script for EntraCP
 1<#
 2.SYNOPSIS
 3    Deploys the SharePoint solution EntraCP.wsp, created with the deployment mode "Application"
 4.DESCRIPTION
 5    Run this script ONLY on the server running the central administration, in a new PowerShell process.
 6    The script does not require any modification, except to update the path in $packagefullpath.
 7
 8    EntraCP.wsp uses deployment mode "Application", which by design makes its deployment much more secure than AzureCP.
 9    Because contrary to AzureCP, running Install-SPSolution does NOT install the features in the farm, which prevents conflicts.
10.LINK
11    https://entracp.yvand.net/docs/usage/installation/
12#>
13
14$product = "EntraCP"
15$packagefullpath = "C:\YvanData\$product.wsp" # Only update the path here
16
17# Add the solution if it's not already present in the farm
18if ($null -eq (Get-SPSolution -Identity "$product.wsp" -ErrorAction SilentlyContinue)) {
19    Write-Host "Adding solution $product.wsp to the farm..."
20    Add-SPSolution -LiteralPath $packagefullpath
21}
22
23$count = 0
24while (($count -lt 20) -and ($null -eq $solution))
25{
26    Write-Host "Waiting for the solution $product.wsp to be available..."
27    Start-Sleep -Seconds 5
28    $solution = Get-SPSolution -Identity "$product.wsp"
29    $count++
30}
31
32if ($null -eq $solution) {
33    Write-Error "Solution $product.wsp could not be found in the farm."
34    throw ("Solution $product.wsp could not be found in the farm.")
35}
36
37Write-Host "Deploying solution $product.wsp globally..."
38Install-SPSolution -Identity "$product.wsp" -GACDeployment
39
40$solution = Get-SPSolution -Identity "$product.wsp"
41$count = 0
42while (($count -lt 20) -and ($false -eq $solution.Deployed))
43{
44    Write-Host "Waiting for the solution $product.wsp to be deployed..."
45    Start-Sleep -Seconds 10
46    $solution = Get-SPSolution -Identity "$product.wsp"
47    $count++
48}
49
50if ($null -ne (Get-SPFeature| Where-Object{$_.SolutionId -eq $solution.SolutionId}) -or
51    $null -ne (Get-SPClaimProvider -Identity "$product" -ErrorAction SilentlyContinue)) {
52  Write-Warning "The claims provider and/or the features are already installed, skip Install-SPFeature"
53} else {
54  Write-Host "Installing the features in the solution $product.wsp..."
55  Install-SPFeature -SolutionId $solution.Id -AllExistingFeatures
56}
57Write-Host "Finished."

Do the following on the server running the central administration:

  1. Add the solution to the farm:

    Add-SPSolution -LiteralPath "C:\YvanData\dev\EntraCP.wsp"

  2. Navigate to the central administration > System Settings > Manage farm solutions > click on “entracp.wsp” > Deploy solution.

  3. Monitor the deployment of the solution and wait for it to be fully deployed.

  4. Install the features present in the solution:

    Install-SPFeature -SolutionId "dd03bdd7-0645-475e-a852-f180b8bc8191" -AllExistingFeatures

Set the assembly bindings

In this step, you set the assembly bindings in the machine.config file using the content in file assembly-bindings.config, to ensure EntraCP can load its dependencies.

Why are those bindings needed?EntraCP uses NuGet packages Microsoft.Graph and Azure.Identity, which both require assembly bindings to work with .NET Framework 4.8 ( more info).
Why setting them in the machine.config?Since SharePoint runs in many processes (w3wp.exe, owstimer.exe, powershell.exe, etc…), the only config file that can propagate the bindings to all is the machine.config.

Steps order

This step must be completed on all SharePoint servers, after the solution was deployed.

Assembly bindings depend on the EntraCP version

Make sure to use the assembly-bindings.config corresponding to your version of EntraCP, as each release has unique assembly bindings.

  1. Open file %systemroot%\Microsoft.NET\Framework64\v4.0.30319\Config\machine.config in a text editor.
  2. Locate the XML node runtime (search <runtime /> or <runtime>).
  3. Replace it with the content in the file assembly-bindings.config.
  4. Save the file machine.config.

Validate the setup

EntraCP includes special page TroubleshootEntraCP.aspx, that helps to validate the install/update was completed successfully, and the prerequisites are met.
It is standalone (it does NOT use your EntraCP configuration) and can be found in the central administration > Security.
More info about this page.

Enable the claims provider

To be enabled, EntraCP must be associated with the SPTrustedLoginProvider created when the federation was configured.
Execute this script on the server running the central administration:

$trust = Get-SPTrustedIdentityTokenIssuer "YOUR_SPTRUST_NAME"
$trust.ClaimProviderName = "EntraCP"
$trust.Update()
Last updated on March 6, 2026
Edit this page on GitHub
Prev
Introduction
Next
Configuration