Documentation
Start typing to search…
  1. Knowledge Management
  2. Integrations

Sharepoint

Overview

Leena AI integrates with Microsoft SharePoint using the modern Microsoft Graph API, providing a single, secure, and unified connection method. This allows you to sync documents from your entire SharePoint tenant or just specific sites directly into your Leena AI Knowledge Management (KM) system.

This guide will walk you through the two main steps:

  1. Creating an Application in Microsoft Azure AD to grant Leena AI the necessary permissions.
  2. Configuring the connection in the Leena AI dashboard using the credentials from Azure.

Step 1: Configure Permissions in Azure Active Directory

Follow the following steps to register an application using the Azure Active Directory admin center:

A. Create a New App Registration

  1. Open a browser and navigate to the Azure Active Directory admin center and login using a Global administrator account.

  2. In the left menu, go to Azure Active Directory > App registrations.

  3. Click + New registration.

  4. Name: Give your application a clear name (e.g., "Leena AI SharePoint Connector").

  5. Supported account types: Select "Accounts in this organizational directory only".

  6. Redirect URI: Leave this blank.

  7. Click Register.

  8. On the application's Overview page, copy the value of the Application (client) ID and Directory (tenant) ID and save them; you will need these values in the next step.

B. Configure API Permissions

  1. In your new app registration, select API permissions from the left menu.

  2. Click + Add a permission, then select Microsoft Graph.

  3. Select Application permissions (not Delegate).

  4. Now, choose the permission level based on your needs. This is the most important step:

    • For Tenant-Level Access (Sync all sites): Search for and select Sites.Read.All. This allows Leena AI to read all site collections in your SharePoint tenant.
    • For Site-Level Access (Sync only specific sites): Search for and select Sites.Selected. This permission allows you to grant Leena AI read access to an explicit list of sites, adhering to the principle of least privilege.

  5. (Required for Permission Syncing) In addition to the choice above, you must also add the following permissions to ensure document access rights are synced correctly:

    • Group.Read.All

    • User.Read.All

    Note: User.Read.All is recommended over User.ReadBasic.All for better user mapping.

  6. After adding the permissions, click the Add permissions button at the bottom.

  7. Finally, you must grant consent for these permissions. Click the Grant admin consent for [Your Tenant Name] button and accept the prompt. The status for all permissions should update to show a green checkmark.

Important Note on Sites.Selected: Microsoft's configuration for Sites.Selected permission requires additional steps using API calls or PowerShell to grant the application access to each specific site. This is a Microsoft requirement for this high-security permission type. For detailed instructions, please refer to the official Microsoft documentation: Develop applications that use Sites.Selected permissions.

Reference APIs (for Sites.Selected configuration)

a. API to fetch the auth token This token will be used to grant read permissions to the "Leena AI" application. This token has to be generated using another application which has Sites.FullControl.All permission.

curl --location --request GET 'https://login.microsoftonline.com/{{tenant id}}/oauth2/v2.0/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id={{clientid}}' \
--data-urlencode 'client_secret={{clientsecret}}' \
--data-urlencode 'scope=https://graph.microsoft.com/.default' \
--data-urlencode 'grant_type=client_credentials'

b. API to grant the site-level permissions to "Leena AI" application

curl --location 'https://graph.microsoft.com/v1.0/sites/{{site id}}/permissions' \
--header 'Authorization: Bearer {{token}}' \
--header 'Content-Type: application/json' \
--data '{
	"roles": [
		"read"
	],
	"grantedToIdentities": [{
		"application": {
			"id": "{{leena ai application id}}",
			"displayName": "Leena AI"
		}
	}]
}'

c. API to fetch site ids

curl --location 'https://graph.microsoft.com/v1.0/sites/' \
--header 'authorization: Bearer {{token}}'

C. Create a Client Secret

  1. In your app registration, select Certificates & secrets from the left menu.
  2. Click + New client secret.
  3. Enter a description (e.g., "Leena AI KM Secret") and choose an expiration period.
  4. Click Add.
  5. Immediately copy the client secret Value. This is your only chance to see it. Save it securely with your Client ID and Tenant ID.

D. Granting access to sync SharePoint permissions

  1. Navigate to the appinv.aspx page for your SharePoint tenant by visiting the following URL: https://<your-tenant>.sharepoint.com/_layouts/15/appinv.aspx

    • Example: https://chatteronio-admin.sharepoint.com/_layouts/15/appinv.aspx

  2. On the page, enter your Client Id into the App Id field and click Lookup. The remaining fields will automatically populate.
  3. In the Permission Request XML box, paste one of the following XML snippets based on the level of access you require for the synchronisation process:

For Full Control:

<AppPermissionRequests AllowAppOnlyPolicy="true">
	<AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl" />
</AppPermissionRequests>

For Read-Only Control:

<AppPermissionRequests AllowAppOnlyPolicy="true">
	<AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="Read" />
</AppPermissionRequests>

Step 2: Integrating with Leena AI’s KM Dashboard

The “Integration” option under KM settings will enable you to integrate KM with third-party apps so that we can pull documents from there and display them in Leena AI's KM.

For SharePoint Integration via Graph APIs, users need to provide the below details:

  1. Navigate to the KM Settings > Integrations page in your Leena AI dashboard.
  2. Select the SharePoint connector.
  3. You will see a single, unified configuration screen. Enter the credentials you saved from Azure AD:
    • Tenant ID: The Directory (tenant) ID you copied.
    • Client ID: The Application (client) ID you copied.
    • Client Secret: The client secret value you generated and saved.
  4. (For Site-Level Access Only) If you used the Sites.Selected permission, you must provide the list of SharePoint Site URLs you wish to sync.
  5. Click the Connect button. The system will verify if your credentials and permissions are correct.
  6. Once the connection is established, you can proceed to select the sites and libraries you wish to sync by clicking the "Sync Sites" button. By default, Leena AI will sync the "Shared Documents" library from each site unless otherwise configured.

Metadata filtering of content: After Connecting to SharePoint sites, you could select 'Configure sites' and then provide metadata based on which you would want to filter content within SharePoint sites. For configuring sites, you will have to first select libraries and then configure the libraries based on the available options.

For Existing Customers: Migrating to the New Connection Method

Action Required Before April 2026

Microsoft is retiring the legacy SharePoint Add-in model (which used REST APIs) by April 2026. Our previous SharePoint connector used this model in combination with the Graph API. To ensure your integration continues to function without interruption, you must migrate to the new, single Graph API connection method.

How to Migrate:

  1. Create a New App Registration: Follow the instructions in Step 1 of this guide to create a new Azure AD App Registration with only the required Microsoft Graph API permissions. Do not follow any old guides that mention REST connections.
  2. Update Credentials in Leena AI: Navigate to the SharePoint connector settings in the Leena AI dashboard. Replace your old credentials (which may include a REST Client ID and Target URL) with the new Tenant ID, Client ID, and Client Secret from the app registration you just created.
  3. Connect and Use: Connect with the new credentials and you are good to go!

Your SharePoint sync will fail after the April 2026 deadline if you do not update your connection. We strongly recommend planning this migration as soon as possible.

SharePoint Graph API Integration: FAQs

General

Q: Can I sync only specific SharePoint sites, or do I have to sync everything? A: You have both options. You can configure the integration to sync your entire SharePoint tenant by using the Sites.Read.All permission, or you can sync only specific, individual sites by using the Sites.Selected permission.

Q: What technology does this integration use? A: This integration uses the modern Microsoft Graph API, which provides a single, secure, and unified connection method.

Configuration & Permissions

Q: What three main credentials do I need from Azure AD to set up the connection? A: You will need the following three values from your Azure App Registration:

  1. Directory (tenant) ID
  2. Application (client) ID
  3. Client Secret

Q: What's the difference between the Sites.Read.All and Sites.Selected permissions? A:

  • Sites.Read.All grants Leena AI permission to read all site collections across your entire tenant.
  • Sites.Selected is a more restrictive permission that allows Leena AI to read only the specific sites you explicitly grant it access to.

Q: Why do I need to add Group.Read.All and User.Read.All permissions? A: These permissions are required to ensure that document access rights are synced correctly from SharePoint to Leena AI. This allows for accurate user mapping and maintains your existing document security.

Q: I used the Sites.Selected permission, but my sites aren't syncing. What did I miss? A: The Sites.Selected permission requires an additional step. Due to Microsoft's security rules, you must use API calls (as referenced in the documentation) or PowerShell to manually grant your new application read access to each specific site you want to sync.

Q: What is the purpose of configuring the appinv.aspx page? A: This step is required to grant your application the necessary permissions (either "Read-Only" or "Full Control") at the SharePoint level to sync document access rights and permissions.

Migration

Q: I am an existing customer. Do I need to do anything with my current integration? A: Yes. Microsoft is retiring the old SharePoint Add-in (REST API) model by April 2026. You must migrate to this new, single Graph API connection method before that date to ensure your sync continues to work.

Q: What will happen if I don't migrate by the April 2026 deadline? A: Your SharePoint sync will fail.

Q: How do I migrate to the new connection method? A: You must:

  1. Create a new App Registration in Azure AD, following Step 1 of the guide to set up the correct Graph API permissions.
  2. Go to the SharePoint connector settings in your Leena AI dashboard.
  3. Replace your old credentials with the new Tenant ID, Client ID, and Client Secret from the new app you just created.

Updated about 13 hours ago