Microsoft SharePoint
Glean connects to Microsoft SharePoint for indexed and real-time search, scoped to each user's permissions. All content access operates under the shared Microsoft 365 parent connector app registration. Client secrets are not supported for SharePoint or OneDrive. Microsoft retired Azure ACS on April 2, 2026, so certificate authentication is the only supported method.
SharePoint is a child connector of the Microsoft 365 parent connector, which provides shared authentication and identity crawling. Set up Microsoft 365 first; SharePoint then inherits its credentials (client ID, tenant ID, and certificate) and needs only SharePoint-specific configuration.
Connection methods
Glean connects to SharePoint in two ways. The indexed connector is the foundation and is always part of the setup; real-time search is an additional layer. Most organizations index for broad coverage and add real-time search for content that must always be current.
Which method should you use?
For most organizations the answer is both, running side by side. Use this rule of thumb:
- Choose the indexed connector as your foundation, for comprehensive, ranked, org-wide search across all SharePoint content, plus AI ranking and usage analytics. This is what the rest of this page sets up.
- Add real-time search on top when some content changes constantly and must never be stale, when users need to reach unindexed content such as a SharePoint sharing link, or when you'd rather not store certain content in Glean's index at all.
The table compares how each method behaves, so you can decide where each one fits:
| What you get | Indexed connector | Real-time search |
|---|---|---|
| Coverage | Org-wide: everything crawled is searchable by anyone with permission | Per-user: only content the querying user can access |
| Freshness | Near real-time (webhook-driven updates) | Always live (fetched at query time) |
| AI ranking (activity signals) | ✓ Full ranking | ✗ Not available |
| Fetch unindexed content by URL (for example, sharing links) | ✗ (only documents already in the index) | ✓ (fetched live, even if never indexed) |
| Agents read and summarize documents | ✓ | ✓ |
| Content stored in Glean's index | Yes (crawled and indexed) | No (nothing stored) |
| Separate app registration | No (inherits Microsoft 365) | No (inherits Microsoft 365) |
| Best for | Broad, ranked, everyday search | Volatile or sensitive content kept current and unindexed |
Set up SharePoint
SharePoint connects to Glean in two ways, and most organizations use both together:
- Set up the indexing connector: The foundation: crawls SharePoint sites, pages, lists, and document libraries into Glean's index for permission-aware, ranked, org-wide search. This topic covers the required permissions, what gets indexed, scope, and the setup steps.
- Real-time search: An additional layer that fetches content live from SharePoint at query time — for content that must always be current, or that you'd rather not store in Glean's index.
Permissions and security
Glean reads all user access permissions from SharePoint and enforces them at query time, so users only see results they have access to. For details, see permission enforcement and the activity signals used for ranking. All authentication uses certificate-based application permissions with admin consent; no delegated user privileges are used for indexing.