Title here
Summary here
Introduction
EntraCP (formerly AzureCP) is a claims provider that runs in your SharePoint Server farm, to connect it to your Microsoft Entra ID tenant.
It is useful in federated authentication (either with WS-Federation or OpenID Connect), to improve the user experience and fill some gaps in this scenario.
EntraCP or AzureCP?
EntraCP
This is the new claims provider to use on all the supported versions of SharePoint Server.
Go to documentation.
AzureCP
This is the legacy, deprecated claims provider, to use only with SharePoint 2013.
Go to documentation.
Should I migrate from AzureCP to EntraCP?
Yes, you should:
- AzureCP is no longer maintained and uses outdated, deprecated 3rd party libraries.
- Administrative operations (install / update / delete) are much easier and safer in EntraCP, thanks to using the SharePoint solution type
Application(instead ofWeb Front Endin AzureCP). - EntraCP uses modern and up-to-date packages Microsoft.Graph and Azure.Identity.
- EntraCP stores the proxy configuration directly, and it uses it in all SharePoint processes, in all the servers of the farm.
Migrate from AzureCP to EntraCP
There is no migration so to speak, because they are 2 completely different SharePoint solutions.
There are 2 possible strategies discussed here, but be mindful that a claims provider is a critical component in a SharePoint farm, and any approach should be tested in a non-production environment first.
Uninstall AzureCP, then install EntraCP
This strategy can be used if you are confident about all the steps involved.
Install EntraCP side by side with AzureCP
It is perfectly possible to have both claims providers installed on the same farm.
Once both are installed, to switch from one to another, simply update the property ClaimProviderName from cmdlet Get-SPTrustedIdentityTokenIssuer.
At some point, you may decide to uninstall AzureCP, and this is where you need to be careful:
Some assemblies are used by both. Although it should not happen, it was reported a few times that uninstalling AzureCP removed assemblies also used by EntraCP.
If this happens, simply retract and redeploy EntraCP.wsp.
Unlike AzureCP, this operation is safe with EntraCP, and faster than finding out which assemblies got removed, and adding them back manually on each server.