Configure SharePoint credentials for your Workspace

This guide explains how a workspace administrator can configure custom OAuth 2.0 credentials for Microsoft SharePoint, allowing your organization to use its own Azure AD application credentials instead of the platform's default credentials.

Written By Stanislas

Last updated 18 days ago

Benefits:

Full control over your organization's OAuth credentials
Better compliance and data security
Support for tenant-specific authentication (optional)
Easy to configure and modify
Isolated configuration per workspace

What You'll Learn

By the end of this guide, you will have:

Created an Azure AD application in your tenant
Configured OAuth 2.0 credentials
Set up the appropriate SharePoint API permissions
Optionally configured tenant-specific authentication
Saved these credentials in your workspace
Connected SharePoint document libraries to your applications

Step 1: Access Azure Portal and Prepare

1.1 Access Azure Portal

Go to Azure Portal
Sign in with your organization's Azure administrator account
Verify you have access to Azure Active Directory (now called Microsoft Entra ID)

1.2 Verify or Create Azure AD Tenant

In the Azure Portal, search for "Azure Active Directory" or "Microsoft Entra ID"
Click on it to access your tenant
Note your Tenant ID (you'll need this later):
- Go to Overview
- Look for "Tenant ID" field
- Copy and save this value (format: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx)

? Step 2: Create an App Registration

2.1 Create new app registration

In Azure Portal, go to Azure Active Directory or App registrations
Click "+ New registration" at the top
Fill in the details:

	FieldValue
Name	`[Organization Name] - SharePoint Sync` or `MyCompany SharePoint OAuth`
Supported account types	Select "Accounts in this organizational directory only"
Redirect URI	Leave empty for now (optional, we'll configure it below)

Click "Register"

2.2 Obtain Application (Client) ID

After registration, you'll see the app overview page:

Copy the "Application (client) ID" value
Save this securely ? this is your Client ID

2.3 Add Redirect URI (Optional but Recommended)

In the left sidebar of your app, go to Authentication
Under "Redirect URIs", click "Add a redirect URI"
Click "Add URI"

Enter the callback URL:

https://graphql.swiftask.ai/app/integrations/connect

Click "Save"

Important: Use exactly the URL shown above. This is the standard callback endpoint for SharePoint OAuth authentication.

Step 3: Configure API Permissions

3.1 Add permissions

In your app, go to API permissions (in the left sidebar)
Click "+ Add a permission"

3.2 Select Microsoft Graph API

Select "Microsoft Graph" from the list
Choose "Application permissions" (not "Delegated permissions")

3.3 Add required permissions

Search for and select the following permissions (in Application type):

		PermissionScopePurpose
Sites.Read.All	`Sites.Read.All`	Read all SharePoint sites and their metadata
Files.Read.All	`Files.Read.All`	Read all files in SharePoint/OneDrive
Group.Read.All	`Group.Read.All`	Read all Microsoft 365 groups
Team.ReadBasic.All	`Team.ReadBasic.All`	Read basic information about all Teams
User.Read	`User.Read`	Read user profile information
offline_access	`offline_access`	Maintain access to data you have given it access to
openid	`openid`	Sign in and read user profile

For each permission:

Search for it in the search box
Check the checkbox
Click "Add permissions"

Note: Some scopes like offline_access and openid may be granted automatically or may appear as "delegated" permissions. The important application permissions are the five listed above.

3.4 Grant admin consent

Important: These are application permissions that require admin consent.

After adding all permissions, click "Grant admin consent for [Tenant Name]"
Click "Yes" to confirm
Wait for the status to change to "Granted" (green checkmark)

? Step 4: Create Client Secret

4.1 Create new client secret

In your app, go to "Certificates & secrets" (in the left sidebar)
Click the "Client secrets" tab
Click "+ New client secret"

4.2 Configure the secret

In the dialog:
- Description: Enter SharePoint Sync - Production or similar
- Expires: Select "24 months" (or your preferred expiration)
Click "Add"

4.3 Copy the secret value

IMPORTANT:

Copy the "Value" column (NOT the Secret ID)
This is your Client Secret
The secret will only be visible once ? if you close this page without copying, you'll need to create a new one
Store it securely and don't share it with anyone

Step 5: Gather Your Credentials

Before proceeding to workspace configuration, ensure you have:

		CredentialWhere to FindFormat
Tenant ID	Azure AD ? Overview	`xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx`
Client ID	Your app ? Overview ? "Application (client) ID"	`xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx`
Client Secret	Your app ? Certificates & secrets ? Value	Long string, starts with characters like `~8Q...`

Keep these three values secure and accessible for the next step.

Step 6: Configuration in Your Workspace

6.1 Access Workspace Administration

Log in to your application
From the main menu or settings, go to Workspace Settings
Look for "OAuth Authentication" or "External Integrations" tab
Verify you have admin permissions (required)

6.2 Find SharePoint Configuration

You'll see a list of available external applications
Find "SharePoint" in the list
Click the "Configure" button next to it
A configuration dialog will open

6.3 Enter Credentials

In the form that appears, you'll see the following fields:

		FieldValueRequired
Client ID	Paste the Application (client) ID from Azure	Yes
Client Secret	Paste the Client Secret from Azure	Yes
Tenant ID (Directory ID)	Paste the Tenant ID from Azure AD ? This is optional but recommended for security	? Optional

About the Tenant ID field:

Recommended: Always fill in your Tenant ID for better security and compliance
Optional: Leave empty to use Microsoft's common endpoint (supports all tenants)
Security: Using your specific Tenant ID restricts authentication to your organization only

6.4 Verify the values

Before saving, ensure:

? All values are copied without extra spaces
? Client Secret is the "Value" field (not the Secret ID)
? Tenant ID is in the correct format if provided

6.5 Save Configuration

Click "Save Credentials"
A confirmation message will appear: "OAuth credentials configured successfully"
SharePoint will now show a "Configured" or "?" indicator

Security:

Sensitive data (Client Secret and Tenant ID) are automatically encrypted in the database
No one else in the workspace can see the Secret
Credentials are workspace-isolated

Step 7: Verification and Testing

7.1 Verify configuration

Return to Workspace Settings ? "OAuth Authentication"
SharePoint should show a "? Configured" status or "Configured" indicator

7.2 Test the SharePoint connection in Knowledge Base

This is the main user-facing test:

Go to your Knowledge Base (or data sources section)
Look for an "Import" button or option
Click "Import from SharePoint" or similar option

7.3 Connection Information Display

When you click "Add Account", you'll see:

Account selection (if multiple accounts connected)
Add Another Account button - To connect additional SharePoint accounts
Manage Workspace OAuth link - Goes to workspace settings

7.4 Browse and verify access

The SharePoint explorer should display:

Root site from your tenant
Followed sites you've bookmarked
Sites from groups you're a member of
Sites from Teams you participate in
Shared content accessible to you
Recent items you've accessed
Subsites at the first level
Expand a site and verify you can see document libraries
Look for document libraries you expect to see (e.g., "Shared Documents", "Project Files", etc.)

7.5 Import files into Knowledge Base

Once verified:

You can browse and select files from SharePoint
Your organization uses its own OAuth credentials
The connection is isolated to your workspace
All team members with workspace access can use it

Key Testing Scenarios

Scenario 1: First-Time Setup

Configure workspace OAuth (save Client ID, Secret, Tenant ID)
Go to Knowledge Base ? Import from SharePoint
See OAuth recommendation alert
Click "Configure" to verify it links to settings
Click "Add Account" and authenticate

Scenario 2: OAuth Not Configured

Try importing from SharePoint without OAuth config
Should see recommendation alert suggesting to configure
Should still be able to use default credentials
OAuth alert should prompt for better security

Scenario 3: Multi-Tenant Environment

If Tenant ID is set ? only your organization can authenticate
If Tenant ID is empty ? any Azure AD user can authenticate (less secure)
Verify with users from different tenants

Scenario 4: Permission Issues

Test with a user who has limited SharePoint access
Verify explorer only shows sites/libraries they can access
Test with a user without SharePoint access
Should see error or empty site list

Updating or Replacing Credentials

To update credentials:

Go to Workspace Settings ? "OAuth Authentication"
Find the SharePoint row
Click "Edit" or "Configure" again
Enter the new values:
- New Client ID (if changed)
- New Client Secret (if regenerated)
- New Tenant ID (if changed)
Click "Save Credentials"

When to update:

If you regenerate the Client Secret in Azure
If you want to add or change the Tenant ID
If you change the app registration
If credentials are compromised

To remove configuration:

Click the "Delete" button next to SharePoint
Confirm the deletion
The platform will revert to default credentials (if available)

This guide is intended for workspace administrators. If you need help, contact your system administrator or refer to the troubleshooting section.