Skip to main content

Required permissions for setup

  • The user setting up this data source must be the Global Admin.

Register a new app

  1. Sign into the Azure portal. Select Microsoft Entra ID, then Manage > App registrations > New registration.
  2. On the Register an application page, register an app with the following:
FieldValue
NameGlean
Supported account typesAccounts in this organizational directory only (Single tenant)
Redirect URI(Leave this field blank)
  1. Click Register.
Register an app

Configure permissions

  1. On the left side navigation on the overview page, click on Manage > API Permissions.
  2. Click Add a permission and select Microsoft Graph. Choose Application permissions and add the following:
  • User.Read.All
  • GroupMember.Read.All
  • Files.Read.All
  • Files.ReadWrite.All (for webhooks)
  • Reports.Read.All
  • Sites.FullControl.All
  • Members.Read.Hidden
Configure permissions
  1. Ensure you are signed into Azure as a Global, Application or Cloud Application Administrator.
  2. Use the search box to navigate to Enterprise applications. Select the Glean app you just created from the list of applications.
  3. Click on Permissions under Security. Review the permissions shown, and then click Grant admin consent.
Grant admin consent

Generate secret

  1. Navigate back to Microsoft Entra ID > Manage > App registrations and click on the app you created earlier. Then click on Manage > Certificates & secrets in the left sidebar.
  2. Click on New client secret. Enter a description and select 24 months for expiry time, then click Add.
  3. Under Client secrets, copy the Value (not the Secret ID) you generated and enter it in Glean as the Client secret. The Value will only be shown once.
Generate secret

Fill out keys

  1. Scroll to the top of the left sidebar and click Overview.
  2. Copy the following content from the center Essentials panel and enter it in Glean:
  • Application (client) ID
  • Directory (tenant) ID
  1. Enter your Sharepoint domain in Glean. Your Sharepoint domain should end with “sharepoint.com”
  2. (Strongly Recommended) To increase the full crawl indexing speeds, Glean recommends between 1 and 10 additional applications with the same permission settings as the initial app created. Repeat the setup steps from “Register a new app” until this step, saving the client ID and client secret in the process. Paste the client ID and client secret into the Glean web app.
Upload keys
  1. Ensure you go through the next step to set up Sharepoint REST API permissions, or clicking Save will not succeed.

Sharepoint REST permissions

Since the graph API does not support many of our sharepoint use cases (e.g. site page permissions), we need to use the Sharepoint REST API. This will need to be done for every app from the previous step.
  1. Navigate to <your-sharepoint-domain>-admin.sharepoint.com/_layouts/15/appinv.aspx where if you access Sharepoint at glean.sharepoint.com, the sharepoint-domain would be “glean.”
  2. Look up the app using the Client ID from the last step. You can fill the App Domain and Redirect URL to glean.com and https://glean.com respectively.
  3. For Permission Request XML, paste the following:
  1. Repeat for each additional app created from the previous steps.
  2. Click Save in Glean to save the app credentials. You’re all set for the initial application setup.
I