SharePoint Connector

Connect SharePoint Online and on-premises installations to Aisera to ingest pages and files as Knowledge Base Articles.

Overview

The SharePoint connector retrieves pages and files from SharePoint Online and on-premises installations as Knowledge Base Articles.

Prepare

The authentication method for this connector depends on your intended use case. Before following the section for your environment, collect your SharePoint endpoint.

Endpoint

You will need the root URI for your SharePoint tenant. This takes the following format:

<your_tenant>.sharepoint.com

Do not include the protocol (http or https).

Generate a certificate

If you are using Basic authentication, generate a certificate and private key pair before completing the Basic section below. OAuth authentication does not require a certificate.

Generate a self-signed certificate using OpenSSL:

# Generate private key (PKCS#8 format)
openssl genpkey -algorithm RSA -out private-key.pem -pkeyopt rsa_keygen_bits:2048

# Generate certificate signing request
openssl req -new -key private-key.pem -out csr.pem \
    -subj "/CN=SharePoint-App-Auth/O=YourOrg/C=US"

# Generate self-signed certificate (valid 2 years)
openssl x509 -req -days 730 -in csr.pem \
    -signkey private-key.pem -out certificate.pem

# Generate CER file for Azure AD upload
openssl x509 -in certificate.pem -outform DER -out certificate.cer

The private key must be in PKCS#8 format — the file must begin with -----BEGIN PRIVATE KEY-----. If it begins with -----BEGIN RSA PRIVATE KEY-----, convert it before proceeding:

openssl pkcs8 -topk8 -nocrypt -in pkcs1-key.pem -out private-key.pem

Keep private-key.pem secure. Do not commit it to version control or share it via email or chat. The private key is not password-protected in this configuration.

OAuth

SharePoint Online supports OAuth 2.0 with the Microsoft Graph API. Use this option if you are connecting to SharePoint Online and do not need to ingest User Profile data.

Authentication is managed through an Azure AD application registered in Microsoft Entra ID.

Register an Azure AD application

Register a new application in Microsoft Entra ID. See Microsoft's guide to Registering an application in Microsoft Entra ID. When registering your application, set the Redirect URI to:

https://<your_tenant>.login.aisera.<top_level_domain>/?id=aisera.oauth.oauthCommand

After registration, note your Client ID and Tenant ID from the application's Overview page.

Add Microsoft Graph API permissions

In API permissions, select Add a permission > Microsoft Graph and choose Delegated permissions. Add the following permissions and grant admin consent for each:

Sites.Read.All
Files.Read.All
Directory.Read.All
Group.Read.All

Create a Client Secret

Create a Client Secret for your application. See Microsoft's guide to Add and manage application credentials in Microsoft Entra ID.

The client secret value appears only once and is not retrievable after you navigate away from the page. Copy it before leaving.

Retrieve your Access Token URL and Authorization URL

Your Access Token URL takes the following format:

https://login.microsoftonline.com/<azure_tenant_id>/oauth2/v2.0/token

Your Authorization URL takes the following format:

https://login.microsoftonline.com/<azure_tenant_id>/oauth2/v2.0/authorize?scope=offline_access%20Sites.Read.All%20Files.Read.All%20Directory.Read.All

See Microsoft's OAuth 2.0 Endpoints documentation for more information.

After completing this section you should have:

Client ID
Client Secret
Access Token URL
Authorization URL

Basic

Basic authentication uses a certificate and private key pair to authenticate with Microsoft Entra ID. Use this option if you are connecting to an on-premises SharePoint installation, or if you need to ingest User Profile data from SharePoint Online.

Complete the Generate a certificate section above before continuing.

Register an Azure AD application

Register a new application in Microsoft Entra ID. See Microsoft's guide to Registering an application in Microsoft Entra ID. After registration, note your Client ID and Tenant ID from the application's Overview page.

Add API permissions

In API permissions, select Add a permission and add the following Application permissions. Grant admin consent for each.

Microsoft Graph:

Sites.Read.All
Files.Read.All
Directory.Read.All
Group.Read.All

If you are ingesting User Profile Data, also add the following Mircrosoft Graph permissions:

User.Read.All
GroupMember.Read.All
Member.Read.Hidden

SharePoint:

Sites.Read.All
Sites.ReadWrite.All
Sites.FullControl.All

Upload the certificate to your Azure AD application

In the Azure Portal, navigate to Microsoft Entra ID > App registrations and select your application.
Go to Certificates & secrets > Certificates.
Click Upload certificate and select the certificate.cer file generated above.
Note the thumbprint displayed after upload.

After completing this section you should have:

Tenant ID
Client ID
The full contents of certificate.pem
The full contents of private-key.pem

Integration Setup

To create the SharePoint integration:

In the Aisera Admin UI, navigate to Settings > Integrations.
Click + New Integration.
Select SharePoint and click Next.
Enter the configuration details, then select Next.
Field
Description
Name
The name used to identify this integration
Endpoint
The root URI for your SharePoint tenant. Do not include the protocol (http or https). For example: yourtenant.sharepoint.com
Description
A description of the integration and its purpose
Select the authentication type that matches your installation.
Use case
Auth type
SharePoint Online, knowledge base content only
OAuth
SharePoint Online, User Profile ingestion
Basic
On-premises installation
Basic
Enter the credentials collected during Prepare and select OK to save the integration.

When you select OAuth and click OK, you are redirected to Microsoft to authorize the Aisera platform. Complete the authorization to save the integration.

Data source setup

To create the SharePoint data source:

In the Aisera Admin UI, navigate to Settings > Data Sources.
Click + New Data Source.
Select SharePoint and click Next.
Enter the configuration details, then click Next.
Field
Description
Name
The name used to identify this data source
Integration
The integration created in the previous section
Function
Defines how the data source behaves and what data is ingested
Schedule
How often the data source requests new data
Description
A description of the data source and its purpose
The remaining fields are additional configurations. See additional configurations for details.
Click Next until the window closes to save the data source.

Additional Configurations

List name

The name of the SharePoint list from which to retrieve page items.

Site

The name of the specific SharePoint site to crawl.

Libraries

A list of library names to crawl, separated by carriage returns. If left empty, all libraries are crawled.

Folders

A list of relative folder paths to crawl recursively. Only the specified folders in your library are crawled. If left empty, the entire library is crawled.

Do not include the library name in the relative path.

User Render

When selected, HTML content is rendered through the Node Renderer before ingestion.

Managed path

In SharePoint, a managed path is the designated location in a web application for site collections. The default managed path is sites — for example, https://company.com/sites/. Specify a value here only if your managed path differs from the default.

Using the File Data Source with SharePoint

The File Data Data Source now supports SharePoint integrations, enabling ingestion of CSV and JSON files directly from SharePoint Document Libraries.

To configure a File Data Data Source for SharePoint ingestion:

Navigate to Settings > Data Sources.
Select + New Data Source.
Select the File Data Data Source, then select Next.
Under Files select Cloud Files.
Select your SharePoint Integration in the Integration dropdown menu.

Three new optional fields are available:

Sites: Specify one or more SharePoint sites to ingest from. If left empty, files are ingested from the default root site.
Libraries: Specify one or more libraries to ingest from. If left empty, files are ingested from all libraries.
Folders: Specify one or more folders to ingest from, including all subfolders. If left empty, the entire file system of the selected libraries or sites is searched.

Each field accepts a newline-separated list of values. More specific inputs result in faster processing.

Field mapping must be configured to properly process CSV and JSON files.

Environment-specific setup

The following processes apply only in specific environments or use cases. Each involves configuration steps outside the Aisera platform in addition to changes within it. Complete the relevant section only if it applies to your deployment.

On-Prem installations

In the Data Source Configurations enable On Prem if your SharePoint installation is on-premises. Leave unchecked for SharePoint Online instances.

Limiting access to specific SharePoint sites

Complete this process if you need to restrict the connector to specific SharePoint sites rather than your entire environment. This requires configuring the Sites.Selected Microsoft Graph permission on your Azure AD application and making changes in both Azure AD and the Aisera Admin UI.

You can apply the Sites.Selected permission in two ways:

Use a PowerShell script to assign the necessary permissions. This must be performed by an authorized Azure administrator.
Use a second Azure application (the Admin App) to set permissions on the first (the Connector App).

Two application method

In this configuration, the Connector App is the application connected to Aisera, and the Admin App is used to manage permissions for the Connector App.

Register the Connector App in Microsoft Entra ID following the process in Prepare. Grant this application the Sites.Selected permission and grant admin consent. Note the Client ID.
Register the Admin App in Microsoft Entra ID. Grant this application the Sites.FullControl.All permission and grant admin consent. Note the Tenant ID, Client ID, and Client Secret.

Generate an access token for the Admin App.

   POST https://login.microsoftonline.com/<sharepoint_tenant_id>/oauth2/v2.0/token

   Content-Type: x-www-form-urlencoded

   grant_type=client_credentials
   scope=https://graph.microsoft.com/.default
   client_id=<admin_app_client_id>
   client_secret=<admin_app_client_secret>

Copy the Access Token from the response.
Retrieve the Site ID for each SharePoint site you want to assign permissions to.

To retrieve a list of available Site IDs, make a GET request to https://graph.microsoft.com/v1.0/sites with the header Authorization: Bearer <access_token>. The Site ID appears in the id field of each result.

Grant the Connector App access to the site.

   POST https://graph.microsoft.com/v1.0/sites/<site_id>/permissions

   Content-Type: application/json
   Authorization: Bearer <access_token>

   {
     "roles": ["read"],
     "grantedToIdentities": [
       {
         "application": {
           "id": "<connector_app_client_id>",
           "displayName": "<connector_app_name>"
         }
       }
     ]
   }

Repeat this request for each site you want the connector to access.

In the Aisera Admin UI, navigate to Settings > Data Sources and open your SharePoint data source.
In the Configuration tab, enter the site names or IDs of the SharePoint sites to include as data sources.

PreviousJira Service Desk Connector NextAccess Controls with the SharePoint Connector

Last updated 17 days ago

Was this helpful?