Skip to main content

Required permissions for setup

  • The user setting up this data source must be the Global Admin.

Register a new app

  1. Sign into the Azure portal. Select Microsoft Entra ID, then Manage > App registrations > New registration.
  2. On the Register an application page, register an app with the following:
FieldValue
NameGlean
Supported account typesAccounts in this organizational directory only (Single tenant)
Redirect URI(Leave this field blank)
  1. Click Register.
Register an app

Configure permissions

  1. On the left side navigation on the overview page, click on Manage > API Permissions.
  2. Click Add a permission and select Microsoft Graph. Choose Application permissions and add the following:
  • User.Read.All
  • GroupMember.Read.All
  • Files.ReadWrite.All (for subscriptions over drives)
  • Reports.Read.All
  • Sites.FullControl.All
  • Member.Read.Hidden
  1. Click Add a permission and select Sharepoint. Choose Application permissions and add the following:
  • Sites.FullControl.All
Configure permissions
  1. Ensure you are signed into Azure as a Global, Application or Cloud Application Administrator.
  2. Use the search box to navigate to Enterprise applications. Select the Glean app you just created from the list of applications.
  3. Click on Permissions under Security. Review the permissions shown, and then click Grant admin consent.
Grant admin consent By this step, you should have the following permissions provisioned on the API Permissions page Sharepoint API permissions

Install openssl

Openssl is installed by default on OS X terminals. If you are using Windows, follow these instructions to download openssl for use with PowerShell.
  1. Download the relevant openssl installation manager for your version of Windows. Openssl offers a list of third-party binary distributions, with Shining Light Productions as an option.
  2. During the installation process, select the option to copy the OpenSSL binaries into the /bin directory.
  3. Open a new PowerShell instance. In PowerShell, you can run the following command to make use of openssl binaries.
$env:Path += ";C:\\Program Files\\OpenSSL-Win64\\bin"

Generate Certificate and Private Key

  1. Run the following command line by line. Microsoft SDK requires the certificate to be verified with a private key in PKCS#8 syntax.
openssl genrsa -out tempprivatekey.key 2048 openssl pkcs8 -topk8 -inform PEM -outform PEM -in tempprivatekey.key -out privatekey.key -nocrypt openssl req -new -key privatekey.key -out request.csr openssl x509 -req -days 365 -in request.csr -signkey privatekey.key -out certificate.crt
  1. Verify that both certificate.crtandprivatekey.key` exist. Open each file, and ensure the files conform to the following formats:
  • The certificate file should start with BEGIN CERTIFICATE and end with END CERTIFICATE
  • The private key should begin with BEGIN PRIVATE KEY and end with END PRIVATE KEY. It should not include RSA in the headers, nor be encrypted.
  1. Upload the certificate.crt in Glean under Client Certificate.
  2. Upload the privateKey.key in Glean under Private Key.

Upload Certificate to Azure

  1. Navigate back to Microsoft Entra ID > Manage > App registrations and click on the app you created earlier. Then click on Manage > Certificates & secrets in the left sidebar.
  2. Click the Certificates Section and Upload certificate.
  3. Upload the certificate.crt file that you just generated. After uploading, the application should now list the new certificate.
Upload certificate

Fill out keys

  1. Scroll to the top of the left sidebar and click Overview.
  2. Copy the following content from the center Essentials panel and enter it in Glean:
  • Application (client) ID
  • Directory (tenant) ID
  1. Enter your Sharepoint domain in Glean. Your Sharepoint domain should end with “sharepoint.com”
  2. (Strongly Recommended) To increase the full crawl indexing speeds, Glean recommends between 1 and 10 additional applications with the same permission settings as the initial app created. Repeat the setup steps from “Register a new app” until this step, saving the client ID and uploading the certificate to Azure in the process. Paste the client ID into the Glean web app.
Upload keys
  1. Click Save. If the credentials save, you’re all set!
I