Skip to content
For Self-Managed AI Platform users running v11.1, see the on-premise platform documentation
Reference documentation > Data reference > Supported data stores > SharePoint

SharePoint

Self-Managed AI Platform installations

The SharePoint connector will be automatically installed and does not need to be manually added.

Supported authentication

  • Azure OAuth (delegated access)
  • Azure service principal (app-only access)

Prerequisites

The following is required before connecting to SharePoint in DataRobot:

  • A SharePoint account authenticated with Azure OAuth or service principal
  • Data stored in SharePoint

Generate credentials

At the end of this section, you will have a fully configured application, including the required fields for your chosen authentication type, and the necessary permissions to access specific SharePoint sites.

OAuth required fields:

  • Client ID
  • Client Secret
  • Scopes

Service principal required fields:

  • Client ID
  • Client Secret
  • Tenant ID

Create an application in Azure

To support Azure OAuth or service principal, you must create and register an application for DataRobot in the Azure portal, and then configure its permissions. Use the appropriate configuration parameters based on your authentication type:

Configuration parameter Description
Supported account types Accounts in any organizational directory and personal Microsoft accounts (multi-tenant).

Accounts in any organizational directory (multi-tenant).
Redirect URI Select Web and enter a redirect URI as follows:
(SaaS) https://<host>.datarobot.com/account/azure/azure_oauth_authz_return
(Self-managed) https://<customer-datarobot-host>/account/azure/azure_oauth_authz_return
Configuration parameter Description
Supported account types Select Accounts in this organization directory only (single-tenant).
Redirect URI N/A

After registration is complete, go to the Overview page and copy the following information:

  • Application ID (Client ID)
  • Directory ID (Tenant ID—service principal only)

Configure the client secret

  1. Navigate to your DataRobot application in the Azure portal app registrations (in Microsoft Entra ID > App registrations).
  2. Select Certificates & secrets > Client secrets > New secret.
  3. Add a description and expiration date, then click Add.

  4. After saving the client secret, the value of the client secret is displayed. This value is only displayed once, so make sure you copy and store it.

    Note

    Each client secret has an expiration date. To avoid OAuth outages, it is recommended that you periodically create a new client secret. Once you've created a new client secret, you must update all associated credentials.

Configure permissions/scope

  1. Navigate to your DataRobot application in the Azure portal app registrations (in Microsoft Entra ID > App registrations).
  2. In the left panel, select Manage > API Permissions > Add a permission.
  3. Select Microsoft Graph > Delegated permissions, then Sites.Selected/Sites.Read.All/Files.Read.All.
  4. Click Add permissions. The permissions are listed under Configured permissions.
  5. To view the scope for a specific permission, click on the permissions and copy the first URL shown in the resulting panel. You can add a list of required scopes—this represents the Scopes. Alternatively, you can use https://graph.microsoft.com/.default to include all permissions that have already been assigned to this app. Note that some permissions may require admin consent.
  1. Navigate to your DataRobot application in the Azure portal app registrations (in Microsoft Entra ID > App registrations).
  2. In the left panel, select Manage > API Permissions > Add a permission.
  3. Select Microsoft Graph > Application permissions, select Sites.Selected/Sites.Read.All/Files.Read.All, and click Add permissions. The permissions are listed under Configured permissions. Note that some permissions may require admin consent.

The required permissions and scopes depend on your specific use case. For more information, see the Microsoft documentation.

Note

Microsoft recently introduced an update affecting the delegated permission Sites.Read.All. For more information, see the Microsoft documentation.

Assign the app permission to specific SharePoint sites

This step is only required when using the Sites.Selected permission.

An Azure admin must grant the DataRobot application access to the specific SharePoint sites using either the Microsoft Graph API or PowerShell. For each site the app needs to access, the admin must call the create permission API and specify the roles as read in the request body to provide read-only access.

To assign permissions, an admin can either use PowerShell or do the following:

  1. Register another application in Microsft Entra ID.
  2. Configure a client secret for the app.
  3. Configure the permission Sites.FullControl.All (Type=Application) for Graph API. Admin consent is required for this permission.
  4. Write a small script (see examples here) to add permission for the SharePoint site. To initialize the graph client, you can use the client credentials provider.

Set up a connection in DataRobot

To connect to SharePoint, create a vector database, and when you select a data source, add SharePoint as the connection.

You can also set up a SharePoint connection from the Account Settings > Data connections page.

Required parameters

While parameters are not required to connect to SharePoint, depending on the authorizations given in the application and the credential type being used, you may need to configure the Site ID parameter under Show additional parameters.

Required field Description
Sharepoint Site ID A unique identifier of a SharePoint site, formatted as {hostname},{site collection GUID},{site (web) GUID}.

The following scenararios require the Site ID parameter:

  • OAuth with Sites.Read.All or Sites.Selected.
  • Service principal with Sites.Selected.

Feature considerations

  • The SharePoint connector only supports unstructured data and is only available during vector database creation.
  • You can only add and view the SharePoint connector as part of the vector database create workflow and from Account settings > Data connections. You cannot view SharePoint connections in other areas where you work with datasets (structured data), for example, the Browse data modal in NextGen or the AI Catalog in DataRobot Classic.

Troubleshooting

Problem Solution Instructions
When attempting to execute an operation in DataRobot, the firewall requests that you clear the IP address each time. Add all allowed IPs for DataRobot. See Allowed source IP addresses. If you've already added the allowed IPs, check the existing IPs for completeness.