Skip to main content

O365-10

  • Updated

Issue

  • We are missing Sharepoint REST API permissions for the app.

     

Resolution

Since the graph API does not support many of our sharepoint use cases (e.g. site page permissions), we need to use the Sharepoint REST API. This will need to be done for every Azure app.

Certificate-Based Setup (recommended)

Prerequisites

  • Provisioning REST API permissions directly through Azure portal requires your application to be authenticated through the certificate-based method.
    • If you are currently using a client secret, contact support to enable the new certificate-based method for setup.
    • This requires creating a certificate and uploading it to Azure. Then, you must upload the certificate and associated private key to Glean through Sharepoint connector setup.

Remediation

  • For your application in Azure, on the left side of the applications pane, navigate to Manage > API Permissions
  • Click Add a permission and select Sharepoint. Choose Application permissions and add Sites.FullControl.All.

Client Secret-Based Setup (deprecated)

  • Navigate to <sharepoint-domain>-admin.sharepoint.com/_layouts/15/appinv.aspx
    • where if you access Sharepoint at glean.sharepoint.com, the sharepoint-domain would be "glean."
  • Look up the app using the Client ID for the app you created for Glean. You can fill the App Domain and Redirect URL to glean.com and https://glean.com respectively.
  • For Permission Request XML, paste the following: 
    <AppPermissionRequests AllowAppOnlyPolicy="true"> <AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl" /> <AppPermissionRequest Scope="http://sharepoint/content/sitecollection" Right="FullControl" /> <AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web" Right="FullControl" /></AppPermissionRequests>
    • Common errors:
      • Accidentally modifying the Permission Request XML
      • Not completing this step for every app you created for Glean
  • Click Save in Glean to save the app credentials. You’re all set for the initial application setup.

Additionally if the tenant was recently created (starting from 2020 onwards):

To resolve this, you must disable custom app authentication for your Sharepoint tenant (reference).

  1. Connect-PnPOnline -Url https://<sharepointdomain>-admin.sharepoint.com

  2. Run

    Set-PnPTenant -DisableCustomAppAuthentication $false

If you are still having difficulty please reach out to us: https://support.glean.com.

Was this article helpful?
1 out of 1 found this helpful
Return to top