[FEATURE] Connect-PnPOnline should connect to Admin Console if there is a credential entry for a regular site

[YuriySamorodov]

Is your feature request related to a problem? Please describe. I was surprised to see Credentials parameter fails to recognize credential entry https://tenant.sharepoint.com when connecting to https://tenant-admin.sharepont.com and vice versa.

Describe the solution you'd like Although https://tenant-admin.sharepont.com and https://tenant.sharepoint.com technically are separate entities, it would be great to make stored PnP credential entry created for https://tenatnt.sharepoint.com be used for https//tenant-admin.sharepoint.com connections.

Describe alternatives you've considered Obviously we can create multiple credential manager entries, however one entry is better than a couple or a few I guess.

[veronicageek]

@YuriySamorodov - I don't quite understand what you're asking here? I can use Connect-PnPOnline against the admin url (-admin.sharepoint.com) and use the same credentials from the Credential Manager for example for the root site (contoso.sharepoint.com).

You have 2 different entries in your Credential Manager (one for each site) with the same username/password.

[YuriySamorodov]

@veronicageek , sorry for the confusion. My idea is to be able utilize just one credential entry for contoso.sharepoint.com, contoso-admin.sharepoint.com and possibly contoso-my.sharepoint.com From programming perspective that requires adding just a single regex to the equation. Hope this time I have made myself clear.

[veronicageek]

Thanks @YuriySamorodov. I haven't heard or seen that adding 3 entries in the Credentials Manager is a problem, but I'll leave @erwinvanhunen or @gautamdsheth decide 🙂

[YuriySamorodov]

Thank you @veronicageek! In fact, this is what I have tried first once I got my hands on Add-PnPStoredCredential cmdlet. Should not be considered as a priority anyway. Just my 2 cents.

[ToddKlindt]

I have had the same thought as @YuriySamorodov , that finding a way to leverage one credential per tenant would be great. A credential stored at -admin is likely an elevated account, so I would hate for Connect-PnPOnline to fall back to that if it didn't find a credential for tenant or tenant-my. Maybe Connect-PnPOnline could look for tenant if no credential is found for a connection to -admin or -my, kind of like how deeper links like /sites/HR do. Or maybe add a switch like -UseTenantCredentials that looks for an entry for https://tenant.sharepoint.com. I currently create two credentials for each tenant I connect to. It's not a huge deal, but it would be nice if I could cut that work in half.

[YuriySamorodov]

Thanks for supporting, @ToddKlindt. To extend my request: the most convenient credential implementation I have seen to date is Connect-ExchangeOnline, where I could fire up PowerShell as a specific user and then run Connect-ExchangeOnline -UserName (whoami /upn) No credentials exposed at all therefore it is pretty safe to hand it off to someone else or keep it in the local knowledgebase.

[gautamdsheth]

The question is do we really need this now ? The current behaviour is such that PnP PowerShell will automatically switch connections between cmdlets .

for example, you connected to /sites/HR and the used Get-PNplist . After that , you used Get-PnPTenantSite .

If you have adequate permissions, you don’t need to connect explicitly to admin site , the cmd works . So, switching between web, site and tenant level cmdlets doesn’t require relogin . Happy to hear your thoughts on this @ToddKlindt @YuriySamorodov @veronicageek