Before you begin

• •Verify permissions
• •Verify authentication
• •Create a connection in Administrator

Verify permissions

Permissions for metadata extraction

• •Can connect to the Microsoft SharePoint Online account to access the Microsoft SharePoint Online application.
• •Configures the Microsoft SharePoint Online connector.
• •Grants read permission for Site and its contents, such as Subsite and Document Library.

Permissions to run data classification

Permissions to run glossary association

Verify authentication

Access Control Service

Generate the Client ID and Client Secret

1Log in to the Microsoft Sharepoint Online account.
2Enter the following site or subsite URL:
Site: https://<sitename.com>/_layouts/15/appregnew.aspx
Subsite: https://<sitename.com>/<subsitedomain>/_layouts/15/appregnew.aspx
The App Information page appears.
3Click Generate next to the Client Id field.
The value of the client ID is displayed in the Client Id field. The following image shows the App Information page where you can generate the values of the client ID and client secret:
4Click Generate next to the Client Secret field.
The value of the client secret is displayed in the Client Secret field.
5Enter an appropriate title for the App in the Title field.
6Enter an app domain name in the App Domain field.
For example, www.google.com
7Enter a URL in the Redirect URL field.
For example, https://localhost/. You must enter the same redirect URL in the connection property.
8Click Create.
The page redirects to the Microsoft Sharepoint Online page and the following message appears:
The app identifier has been successfully created.
The values of the client Id, client secret, title, and redirect URL are displayed.

Generate the Bearer Realm

1Open the Google PostMan application.
2Enter the following site or subsite URL in the Google PostMan application:
Site: https://<sitename.com>/_layouts/15/appregnew.aspx
Subsite: https://<sitename.com>/<subsitedomain>/_layouts/15/appregnew.aspx
The following image shows the BearerToken page where you can generate the value of the bearer realm:

3Select the GET method.
4On the Headers tab, enter Authorization in the Key field and Bearer in the Value field.
5Click Send.
6Select the Headers tab in the Response header.
The bearer realm value appears in the WWW-Authenticate section. For example:
Bearer realm="77baf95d-f3e0-42b-aa08-9b798b8c177b"

Generate the Authorization Code

1Enter the following site or subsite URL in the Google chrome browser:
Site: https://<site.sharepoint.com>/_layouts/15/OAuthAuthorize.aspx?client_id=<client_GUID>&scope=<app_permissions_list>&response_type=code&redirect_uri=<redirect_uri>
For example, https://icloudconnectivitydev.sharepoint.com/_layouts/15/oauthauthorize.aspx?client_id=ecea5b1b-80e4-4f3e-a269-48b85c1797a8& scope=AllSites.Manage&response_type=code&redirect_uri=https%3A%2F%2Flocalhost%2F
Subsite: https://<site.sharepoint.com>/<subsitedomain>/_layouts/15/OAuthAuthorize.aspx?client_id=<client_GUID>&scope=<app_permissions_list>&response_type=code&redirect_uri=<redirect_uri>
For example, //informaticaone.sharepoint.com/sites/TEST/_layouts/15/oauthauthorize.aspx?client_id=ecea5b1b-80e4-4f3e-a269-48b85c1797a8& scope=AllSites.Manage&response_type=code&redirect_uri=https%3A%2F%2Flocalhost%2F
2Click Trust it to grant the application read access to the current site after the page redirects to the redirect URL page that you specify in the connection property.
The redirect URL page includes the authorization code as a query string in the following format:
https://<redirect_url>/?code=<authcode>
The following image shows the authorization code as a query string in the URI:

Note: The authorization code generated is valid only for five minutes.

Generate the Refresh Token

1Enter the following URL in the Google PostMan application:https://accounts.accesscontrol.windows.net/<bearer_realm>/tokens/OAuth/2
The following image shows the Normal tab in the Google PostMan application where you can configure the properties to generate the refresh token:

2Select the POST method.
3On the Header tab, enter Content-Type in the Key Name field and application/x-www-form-urlencoded in the Value field.
4On the Body tab, enter the xml request in the following format:
grant_type=authorization_code &client_id=<client_id>@<bearer_realm> &client_secret=<client_secret> &code=<auth_code> &redirect_uri=<redirect_url> &resource=< audience principal ID >/<site_host>@<bearer_realm>
5Click Send.
The refresh token is generated in the Response tab. The following image shows the Response tab where the refresh token is generated:

Microsoft Entra ID

Register the Azure application with Azure Active Directory

1Log in to portal.azure.com using your Microsoft SharePoint Online credentials.
2Go to App Registrations in the Azure Services section.
3Click New Registration.
4Specify a display name for your application and supported account type, enter the redirect URl and then click Register.
Ensure that you select either the Single tenant or Multitenant account type. You can't use the personal Microsoft account type.
A client ID is generated. Ensure that you copy the client ID and keep it handy to use when you generate an authorization code and configure a Microsoft SharePoint connection.
5Click Add a Certificate or Secret.
6Click New client secret, and then add the description and the expiry time.
A client secret value is generated. Ensure that you copy the secret value and keep it handy to use when you generate an authorization code and configure a Microsoft SharePoint connection.
7Now, click API permissions in the left pane.
8Click Add a permission.
9Click SharePoint, and then click Delegated permission on the Request API permissions page.
10Select the permissions that the client application must have on behalf of the signed-in user.
The following list outlines the permissions and the levels of access each permission provides:
• - AllSites.FullControl. Full Control access.
• - AllSites.Manage. Read and write access.
• - AllSites.Read. Read access.
• - AllSites.Write. Write access.
Consider selecting the AllSites.Manage permission to ensure appropriate access to Microsoft SharePoint Online.
11Click Add Permissions.

Generate the authorization code

1Open the PostMan application.
2In Postman, enter one of the following URLs based on your account type:
• - For a single tenant account, enter the following URL: https://login.microsoftonline.com/<Single_Tenant_Id_value>/oauth2/v2.0/authorize
• - For a multi-tenant account, enter the following URL: https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize
Replace <Single_Tenant_Id_value> with the tenant ID found in the overview section of your registered application if you are working with a single tenant account. For multi-tenant accounts, use the organizations endpoint.
3Select the GET method.
4On the Params tab, enter the name and value.
To authenticate and verify access permissions, enter the following query parameters:
client_id=<client_id> &response_type=code &redirect_uri=<redirect_URI> &scope=<sharepoint_url>/<delegated permission> offline_access &client_secret=<client_secret>
The scope query contains delegated permissions for your Azure application. If you selected AllSites.Manage as the delegated permission when you registered the Azure application with Azure Active Directory, specify the permission in the scope query parameter as shown in the following example:
client_id=<client_id> &response_type=code &redirect_uri=<redirect_URI> &scope=<sharepoint_url>/AllSites.Manage offline_access &client_secret=<client_secret>
5Copy the URL and paste it in the browser.
6Enter the SharePoint Online log in credentials.
7Verify and click Accept on the consent screen.
The redirect URL page includes the authorization code as a query string in the following format:
https://<redirect_url>/?code=<authcode>
Ensure that you copy the authorization code and keep it handy to use when you generate a refresh token.

Generate the refresh token

1In the PostMan application, enter one of the following URLs based on your account type:
• - For a single tenant account, enter the following URL: https://login.microsoftonline.com/<Single_Tenant_Id_value>/oauth2/v2.0/token
• - For a multi-tenant account, enter the following URL: https://login.microsoftonline.com/organizations/oauth2/v2.0/token
Replace <Single_Tenant_Id_value> with the tenant ID found in the overview section of your registered application if you are working with a single tenant account. For multi-tenant accounts, use the organizations endpoint.
2Select the POST method.
3On the Header tab, enter Content-Type in the Key Name field and application/x-www-form-urlencoded in the Value field.
4On the Body tab, enter the XML request in the following format:
grant_type=authorization_code &client_id=<client_id>&client_secret=<client_secret> &code=<auth_code> &redirect_uri=<redirect_url>
You need to enter the client ID and client secret that you generated when you registered the Azure application with Azure Active Directory.
5Click Send.
The refresh token is generated on the Response tab.
Ensure that you copy the refresh token and keep it handy to use when you configure a Microsoft SharePoint Online connection.

Create a connection

1In Administrator, select Connections.
2Click New Connection.
3Enter the following connection details:

Property	Description
Connection Name	Name of the connection. Each connection name must be unique within the organization. Connection names can contain alphanumeric characters, spaces, and the following special characters: _ . + -, Maximum length is 255 characters.
Description	Description of the connection. Maximum length is 4000 characters.
Type	Sharepoint Online
Runtime Environment	The name of the runtime environment where you want to run tasks.

4Select the authentication type to connect to Microsoft SharePoint Online and enter the required properties. You can use the following authentication types:
• - Access Control Service
• - Microsoft Entra ID
5Click Test Connection.

Access Control Service Authentication

Microsoft Entra ID Authentication