# SharePoint

> SharePoint - The following is required before connecting to SharePoint in DataRobot:

This Markdown file sits beside the HTML page at the same path (with a `.md` suffix). It summarizes the topic and lists links for tools and LLM context.

Companion generated at `2026-04-24T16:03:56.652823+00:00` (UTC).

## Primary page

- [SharePoint](https://docs.datarobot.com/en/docs/reference/data-ref/data-sources/dc-sharepoint.html): Full documentation for this topic (HTML).

## Sections on this page

- [Supported authentication](https://docs.datarobot.com/en/docs/reference/data-ref/data-sources/dc-sharepoint.html#supported-authentication): In-page section heading.
- [Prerequisites](https://docs.datarobot.com/en/docs/reference/data-ref/data-sources/dc-sharepoint.html#prerequisites): In-page section heading.
- [Generate credentials](https://docs.datarobot.com/en/docs/reference/data-ref/data-sources/dc-sharepoint.html#generate-credentials): In-page section heading.
- [Create an application in Azure](https://docs.datarobot.com/en/docs/reference/data-ref/data-sources/dc-sharepoint.html#create-an-application-in-azure): In-page section heading.
- [Configure the client secret](https://docs.datarobot.com/en/docs/reference/data-ref/data-sources/dc-sharepoint.html#configure-the-client-secret): In-page section heading.
- [Configure permissions/scope](https://docs.datarobot.com/en/docs/reference/data-ref/data-sources/dc-sharepoint.html#configure-permissions-scope): In-page section heading.
- [Assign the app permission to specific SharePoint sites](https://docs.datarobot.com/en/docs/reference/data-ref/data-sources/dc-sharepoint.html#assign-the-app-permission-to-specific-sharepoint-sites): In-page section heading.
- [Set up a connection in DataRobot](https://docs.datarobot.com/en/docs/reference/data-ref/data-sources/dc-sharepoint.html#set-up-a-connection-in-datarobot): In-page section heading.
- [Required parameters](https://docs.datarobot.com/en/docs/reference/data-ref/data-sources/dc-sharepoint.html#required-parameters): In-page section heading.
- [Feature considerations](https://docs.datarobot.com/en/docs/reference/data-ref/data-sources/dc-sharepoint.html#feature-considerations): In-page section heading.
- [Troubleshooting](https://docs.datarobot.com/en/docs/reference/data-ref/data-sources/dc-sharepoint.html#troubleshooting): In-page section heading.

## Related documentation

- [Reference documentation](https://docs.datarobot.com/en/docs/reference/index.html): Linked from this page.
- [Data reference](https://docs.datarobot.com/en/docs/reference/data-ref/index.html): Linked from this page.
- [Supported data stores](https://docs.datarobot.com/en/docs/reference/data-ref/data-sources/index.html): Linked from this page.
- [select a data source](https://docs.datarobot.com/en/docs/agentic-ai/vector-database/vector-dbs.html#add-a-data-source): Linked from this page.
- [Account Settings > Data connectionspage](https://docs.datarobot.com/en/docs/platform/acct-settings/nxt-data-connect.html): Linked from this page.
- [Allowed source IP addresses](https://docs.datarobot.com/en/docs/reference/data-ref/allowed-ips.html): Linked from this page.

## Documentation content

# SharePoint

> [!NOTE] Self-Managed AI Platform installations
> The SharePoint connector will be automatically installed and does not need to be manually added.

## Supported authentication

- Azure OAuth (delegated access)
- Azure service principal (app-only access)

## Prerequisites

The following is required before connecting to SharePoint in DataRobot:

- A SharePoint account authenticated with Azure OAuth or service principal
- Data stored in SharePoint

## Generate credentials

At the end of this section, you will have a fully configured application, including the required fields for your chosen authentication type, and the necessary permissions to access specific SharePoint sites.

OAuth required fields:

- Client ID
- Client Secret
- Scopes

Service principal required fields:

- Client ID
- Client Secret
- Tenant ID

### Create an application in Azure

To support Azure OAuth or service principal, you must [create and register an application](https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app) for DataRobot in the Azure portal, and then configure its permissions. Use the appropriate configuration parameters based on your authentication type:

**OAuth:**
Configuration parameter
Description
Supported account types
Accounts in any organizational directory and personal Microsoft accounts (multi-tenant).
Accounts in any organizational directory (multi-tenant).
Redirect URI
Select
Web
and enter a redirect URI as follows:
(SaaS)
https://<host>.datarobot.com/account/azure/azure_oauth_authz_return
(Self-managed)
https://<customer-datarobot-host>/account/azure/azure_oauth_authz_return

**Service principal:**
Configuration parameter
Description
Supported account types
Select
Accounts
in this organization directory only (single-tenant).
Redirect URI
N/A


After registration is complete, go to the Overview page and copy the following information:

- Application ID ( Client ID )
- Directory ID ( Tenant ID —service principal only)

### Configure the client secret

1. Navigate to your DataRobot application in the Azure portal app registrations (in Microsoft Entra ID > App registrations).
2. Select Certificates & secrets > Client secrets > New secret .
3. Add a description and expiration date, then click Add .
4. After saving the client secret, the value of the client secret is displayed. This value is only displayed once, so make sure you copy and store it. NoteEach client secret has an expiration date. To avoid OAuth outages, it is recommended that you periodically create a new client secret. Once you've created a new client secret, you must update all associated credentials.

### Configure permissions/scope

**OAuth:**
Navigate to your DataRobot application in the Azure portal app registrations (in Microsoft Entra ID > App registrations).
In the left panel, select
Manage > API Permissions > Add a permission
.
Select
Microsoft Graph > Delegated permissions
, then
Sites.Selected/Sites.Read.All/Files.Read.All
.
Click
Add permissions
. The permissions are listed under
Configured permissions
.
To view the scope for a specific permission, click on the permissions and copy the first URL shown in the resulting panel. You can add a list of required scopes—this represents the
Scopes
. Alternatively, you can use
https://graph.microsoft.com/.default
to include all permissions that have already been assigned to this app. Note that some permissions may require admin consent.

**Service principal:**
Navigate to your DataRobot application in the Azure portal app registrations (in Microsoft Entra ID > App registrations).
In the left panel, select
Manage > API Permissions > Add a permission
.
Select
Microsoft Graph > Application permissions
, select
Sites.Selected/Sites.Read.All/Files.Read.All
, and click
Add permissions
. The permissions are listed under
Configured permissions
. Note that some permissions may require admin consent.


The required permissions and scopes depend on your specific use case. For more information, see the [Microsoft documentation](https://learn.microsoft.com/en-us/graph/permissions-reference).

> [!NOTE] Note
> Microsoft recently introduced an update affecting the delegated permission `Sites.Read.All`. For more information, see the [Microsoft documentation](https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/manage-app-consent-policies?pivots=ms-graph#microsoft-recommended-current-settings).

### Assign the app permission to specific SharePoint sites

This step is only required when using the `Sites.Selected` permission.

An Azure admin must grant the DataRobot application access to the specific SharePoint sites using either the Microsoft Graph API or PowerShell. For each site the app needs to access, the admin must call the [create permission API](https://learn.microsoft.com/en-us/graph/api/site-post-permissions?view=graph-rest-1.0&tabs=http) and specify the roles as `read` in the request body to provide read-only access.

To assign permissions, an admin can either use PowerShell or do the following:

1. Register another application in Microsoft Entra ID.
2. Configure a client secret for the app.
3. Configure the permission Sites.FullControl.All (Type=Application) for Graph API. Admin consent is required for this permission.
4. Write a small script (see examples here ) to add permission for the SharePoint site. To initialize the graph client, you can use the client credentials provider .

## Set up a connection in DataRobot

To connect to SharePoint, create a vector database, and when you [select a data source](https://docs.datarobot.com/en/docs/agentic-ai/vector-database/vector-dbs.html#add-a-data-source), add SharePoint as the connection.

You can also set up a SharePoint connection from the [Account Settings > Data connectionspage](https://docs.datarobot.com/en/docs/platform/acct-settings/nxt-data-connect.html).

### Required parameters

While parameters are not required to connect to SharePoint, depending on the authorizations given in the application and the credential type being used, you may need to configure the `Site ID` parameter under Show additional parameters.

| Required field | Description |
| --- | --- |
| Sharepoint Site ID | A unique identifier of a SharePoint site, formatted as {hostname},{site collection GUID},{site (web) GUID}. |

The following scenararios require the `Site ID` parameter:

- OAuth with Sites.Read.All or Sites.Selected .
- Service principal with Sites.Selected .

## Feature considerations

- The SharePoint connector only supports unstructured data and is only available during vector database creation.
- You can only add and view the SharePoint connector as part of the vector database create workflow and from Account settings > Data connections . You cannot view SharePoint connections in other areas where you work with datasets (structured data), for example, the Browse data modal in NextGen or the AI Catalog in DataRobot Classic.

## Troubleshooting

| Problem | Solution | Instructions |
| --- | --- | --- |
| When attempting to execute an operation in DataRobot, the firewall requests that you clear the IP address each time. | Add all allowed IPs for DataRobot. | See Allowed source IP addresses. If you've already added the allowed IPs, check the existing IPs for completeness. |