Skip to main content

Setup (Native)

Prerequisite

Set up the Microsoft 365 parent connector before configuring SharePoint. SharePoint inherits the client ID, tenant ID, and credentials from the Microsoft 365 suite and only requires SharePoint-specific configuration below.

Required permissions for setup

  • The user setting up this data source must be the Global Admin.

Add SharePoint-specific permissions to the parent app

Using the app created during Microsoft 365 setup, add the following permissions.

  1. Sign into the Azure portal.
  2. Navigate to Microsoft Entra ID > Manage > App registrations and select the app created for the Microsoft 365 suite.
  3. Click Manage > API Permissions > Add a permission.
  4. Select Microsoft Graph. Choose Application permissions and add the following:
  • User.Read.All
  • GroupMember.Read.All
  • Files.Read.All
  • Files.ReadWrite.All (for subscriptions over drives)
  • Reports.Read.All
  • Sites.FullControl.All
  • Member.Read.Hidden
  1. Click Add a permission and select SharePoint.
  2. Choose Application permissions and add the following:
  • Sites.FullControl.All

  1. Ensure you are signed into Azure as a Global, Application, or Cloud Application Administrator.

  2. Use the search box to navigate to Enterprise applications.

  3. Select the Glean app from the list of applications.

  4. Click on Permissions under Security. Review the permissions shown, and click Grant admin consent.

You must have the following permissions provisioned on the API Permissions page:

Configure SharePoint in Glean

  1. In the Glean Admin Console, select the SharePoint child connector under the Microsoft 365 suite. The client ID and tenant ID are inherited from the parent.

  2. Enter your SharePoint domain in Glean. Your SharePoint domain must end with sharepoint.com.

  3. Glean recommends 1–10 additional applications with the same permission settings to increase full crawl indexing speed. Repeat the permission setup for each additional app and enter its client ID in Glean.

  1. Ensure you complete the SharePoint REST API permissions below before clicking Save, or the save will not succeed.

SharePoint REST API permissions

Since the Graph API does not support many SharePoint use cases (for example, site page permissions), Glean also uses the SharePoint REST API. This must be done for the parent app and every additional app.

  1. Navigate to <your-sharepoint-domain>-admin.sharepoint.com/_layouts/15/appinv.aspx where if you access SharePoint at glean.sharepoint.com, the SharePoint domain would be "glean."

  2. Look up the app using the Client ID. You can fill the App Domain and Redirect URL to glean.com and https://glean.com respectively.

  3. For Permission Request XML, paste the following:

<AppPermissionRequests AllowAppOnlyPolicy="true"><AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl" /><AppPermissionRequest Scope="http://sharepoint/content/sitecollection" Right="FullControl" /><AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web" Right="FullControl" /></AppPermissionRequests>

  1. Repeat for each additional app.

  2. Click Save in Glean to save the configuration.

© 2026, Glean Technologies, Inc.
Last updated on