Skip to main content

Setup (Native)

Prerequisite

Set up the Microsoft 365 parent connector before configuring SharePoint. SharePoint inherits the client ID, tenant ID, and credentials from the Microsoft 365 suite and only requires SharePoint-specific configuration below.

Required permissions for setup

  • The user setting up this connector must be the Global Admin.

Add SharePoint-specific permissions to the parent app

Using the app created during Microsoft 365 setup, add the following permissions. For why Glean needs each scope and what breaks without it (useful when briefing your security team), see Required permissions in the overview.

  1. Sign into the Azure portal.
  2. Navigate to Microsoft Entra ID > Manage > App registrations and select the app created for the Microsoft 365 suite.
  3. Click Manage > API Permissions > Add a permission.
  4. Select Microsoft Graph. Choose Application permissions and add the following:
  • User.Read.All
  • GroupMember.Read.All
  • Files.ReadWrite.All (for subscriptions over drives)
  • Reports.Read.All
  • Sites.FullControl.All
  • Member.Read.Hidden
  1. Click Add a permission and select SharePoint.
  2. Choose Application permissions and add the following:
  • Sites.FullControl.All

  1. Ensure you are signed into Azure as a Global, Application, or Cloud Application Administrator.

  2. Use the search box to navigate to Enterprise applications.

  3. Select the Glean app from the list of applications.

  4. Click on Permissions under Security. Review the permissions shown, and click Grant admin consent.

You must have the following permissions provisioned on the API Permissions page:

Configure SharePoint in Glean

  1. In the Glean Admin Console, select the SharePoint child connector under the Microsoft 365 suite. The client ID and tenant ID are inherited from the parent.

  2. Enter your SharePoint domain in Glean. Your SharePoint domain must end with sharepoint.com.

  3. Glean recommends 1–10 additional applications with the same permission settings to increase full crawl indexing speed. Repeat the permission setup for each additional app and enter its client ID in Glean.

  1. Click Save in Glean to save the configuration.

SharePoint REST API permissions

Glean uses the SharePoint REST API for some SharePoint-specific scenarios that are not covered by Microsoft Graph, such as site page permissions.

Use the certificate-based authentication flow in Microsoft 365 setup and complete the SharePoint-specific application permissions described in Add SharePoint-specific permissions to the parent app.

If you are migrating an older SharePoint setup that used client-secret authentication, see Switch from secret to certificate authentication.

Was this page helpful?
Last updated on
© 2026, Glean Technologies, Inc.