Error Codes
O365-10
O365-10 Error Code
Issue
- We are missing Sharepoint REST API permissions for the app.
Resolution
Since the graph API does not support many of our sharepoint use cases (e.g. site page permissions), we need to use the Sharepoint REST API. This will need to be done for every Azure app.
Certificate-based Setup (Recommended)
Prerequisites
- Provisioning REST API permissions directly through Azure portal requires your application to be authenticated through the certificate-based method.
- If you are currently using a client secret, contact support to enable the new certificate-based method for setup. This is not required, but recommended for the best setup experience.
- This requires creating a certificate and uploading it to Azure. Then, you must upload the certificate and associated private key to Glean through Sharepoint connector setup.
Remediation Steps
- Open a PowerShell session. Note these steps may also require you to install Sharepoint PowerShell.
For client secret-based setup (deprecated)
You should expect the output to include
For certificate self-serve setup (recommended)
- For your application in Azure, on the left side of the applications pane, navigate to Manage > API Permissions.
- Click Add a permission and select Sharepoint. Choose Application permissions and add
Sites.FullControl.All
These steps require being either a tenant administrator, or a site administrator of the associated site collection.
For client Secret-based Setup (Deprecated)
- Navigate to
<sharepoint-domain>-admin.sharepoint.com/_layouts/15/appinv.aspx
(where if you access Sharepoint atglean.sharepoint.com
, the sharepoint-domain would beglean
). - Look up the app using the Client ID for the app you created for Glean. You can fill the App Domain and Redirect URL to
glean.com
andhttps://glean.com
respectively. - For Permission Request XML, paste the following:
- Click Save in Glean to save the app credentials.
Additionally, for client secret setups, if the tenant was recently created (starting from 2020 onwards), you must disable custom app authentication for your Sharepoint tenant (reference).
Remediation Steps
In PowerShell, run the following commands:
For additional assistance, please contact Glean Support at https://support.glean.com