Skip to main content

Required permissions for setup

  • The user setting up this data source must be the Global Admin.

Register a new app

  1. Sign into the Azure portal.
  2. Select Microsoft Entra ID > Manage > App registrations > New registration.
  3. On the Register an application page, register an app with the following:
FieldValue
NameGlean
Supported account typesAccounts in this organizational directory only (Single tenant)
Redirect URI(Leave this field blank)
  1. Click Register.

Configure permissions

  1. On the overview page, click on Manage > API Permissions.
  2. Click Add a permission.
  3. Select Microsoft Graph.
  4. Choose Application permissions and add the following:
  • User.Read.All
  • GroupMember.Read.All
  • Files.ReadWrite.All (for subscriptions over drives)
  • Reports.Read.All
  • Sites.FullControl.All
  • Member.Read.Hidden
  1. Click Add a permission and select Sharepoint.
  2. Choose Application permissions and add the following:
  • Sites.FullControl.All
  1. Ensure you are signed into Azure as a Global, Application or Cloud Application administrator.
  2. Use the search box to navigate to Enterprise applications.
  3. Select the Glean app you created from the list of applications.
  4. Click on Permissions under Security. Review the permissions shown, and click Grant admin consent.
You must have the following permissions provisioned on the API Permissions page:

Install openssl

Openssl is installed by default on OS X terminals. If you are using Windows, follow these instructions to download openssl to use with PowerShell.
  1. Download the relevant openssl installation manager for your version of Windows. Openssl offers a list of third-party binary distributions, with Shining Light Productions as an option.
  2. During the installation process, select the option to copy the OpenSSL binaries into the /bin directory.
  3. Open a new PowerShell instance. In PowerShell, you can run the following command to make use of openssl binaries.
$env:Path += ";C:\\Program Files\\OpenSSL-Win64\\bin"

Generate Certificate and Private Key

  1. Run the following commands line by line. Microsoft SDK requires the certificate to be verified with a private key in PKCS#8 syntax.
openssl genrsa -out tempprivatekey.key 2048 openssl pkcs8 -topk8 -inform PEM -outform PEM -in tempprivatekey.key -out privatekey.key -nocrypt openssl req -new -key privatekey.key -out request.csr openssl x509 -req -days 365 -in request.csr -signkey privatekey.key -out certificate.crt
  1. Verify that both `certificate.crt` and `privatekey.key` exist. Open each file, and ensure the files conform to the following formats:
  • The certificate file must start with BEGIN CERTIFICATE and end with END CERTIFICATE
  • The private key should begin with BEGIN PRIVATE KEY and end with END PRIVATE KEY. It must not include RSA in the headers, nor be encrypted.
  1. Upload the `certificate.crt` in Glean under Client Certificate.
  2. Upload the `privateKey.key` in Glean under Private Key.

Upload Certificate to Azure

  1. Navigate back to Microsoft Entra ID > Manage > App registrations and click on the app you created earlier.
  2. Click Manage > Certificates & secrets.
  3. Click the Certificates Section and Upload certificate.
  4. Upload the `certificate.crt` file that you generated. After uploading, the application must now list the new certificate.

Fill out keys

  1. Scroll to the top of the left sidebar and click Overview.
  2. Copy the following content from the center Essentials panel and enter it in Glean:
  • Application (client) ID
  • Directory (tenant) ID
  1. Enter your Sharepoint domain in Glean. Your Sharepoint domain must end with sharepoint.com.
  2. Glean recommends to increase the full crawl indexing speeds. It is recommended to have between 1 and 10 additional applications with the same permission settings as the initial app created.
  3. Repeat the setup steps from Register a new app until this step, saving the client ID and uploading the certificate to Azure in the process. Paste the client ID into the Glean web app.
  1. Click Save.