Skip to main content

Microsoft SharePoint

Load data from Microsoft SharePoint

Authentication Setup

To connect to SharePoint, you'll need to set up authentication using Microsoft Entra ID (formerly Azure AD):

  1. Create an App Registration in Microsoft Entra ID (Microsoft Documentation)

  2. Configure Microsoft Graph API Permissions for your app. You can choose between two permission approaches:

Option 1: Tenant-wide Access (Traditional)

  • Sites.ReadAll (Application Permission) - Required to read items in all site collections
  • Files.ReadAll (Application Permission) - Required to read all files that app has access to
  • BrowserSiteLists.Read.All (Application Permission) - Required to read all SharePoint lists
  • Sites.Selected (Application Permission) - Allows access only to specific SharePoint sites
  • Files.ReadAll (Application Permission) - Required to read all files that app has access to
  • BrowserSiteLists.Read.All (Application Permission) - Required to read all SharePoint lists
  1. Grant admin consent for each permission in the Azure Portal

  2. If using Sites.Selected permission, you must explicitly grant access to specific sites:

    a. Find your site ID using PowerShell or Graph API:

    # Using PowerShell with PnP module
    Connect-PnPOnline -Url "https://yourtenant.sharepoint.com/sites/yoursite" -Interactive
    Get-PnPSite | Select-Object Id

    Or via Graph API:

    GET https://graph.microsoft.com/v1.0/sites/yourtenant.sharepoint.com:/sites/yoursite

    b. Grant permission to the specific site using PowerShell:

    # Grant permission to specific site
    Grant-PnPAzureADAppSitePermission -AppId "your-app-id" -DisplayName "YourAppName" -Site "https://yourtenant.sharepoint.com/sites/yoursite" -Permissions Read

    Or using Microsoft Graph API:

    POST https://graph.microsoft.com/v1.0/sites/{site-id}/permissions
    {
    "roles": ["read"],
    "grantedToIdentities": [{
    "application": {
    "id": "your-app-id"
    }
    }]
    }
  3. Note down the following values which will be needed for configuration:

    • Client ID (Application ID)
    • Client Secret (generate in Certificates & Secrets)
    • Tenant ID (Directory ID)
    • Site ID (if using Sites.Selected permission)

For more details on Microsoft Graph APIs and permissions, see the Microsoft Graph documentation.

Configure via UI

sharepoint

Configure via API / Client

from llama_cloud.types import CloudSharepointDataSource

# Option 1: Using site_name (for Sites.ReadAll permission)
ds = {
'name': '<your-name>',
'source_type': 'MICROSOFT_SHAREPOINT',
'component': CloudSharepointDataSource(
site_name='<site_name>',
folder_path='<folder_path>', # optional
client_id='<client_id>',
client_secret='<client_secret>',
tenant_id='<tenant_id>',
)
}

# Option 2: Using site_id (recommended for Sites.Selected permission)
ds = {
'name': '<your-name>',
'source_type': 'MICROSOFT_SHAREPOINT',
'component': CloudSharepointDataSource(
site_id='<site_id>', # Use site ID when using Sites.Selected permission
folder_path='<folder_path>', # optional
client_id='<client_id>',
client_secret='<client_secret>',
tenant_id='<tenant_id>',
)
}

data_source = client.data_sources.create_data_source(request=ds)