# SharePoint Agent
Cover image
Overview
  • Search and retrieve documents and files stored in SharePoint Online through Blockbrain
  • Access, read, and manage content within SharePoint sites and document libraries
  • Extract and summarize file content and metadata for reporting or AI analysis
  • Navigate SharePoint site structures, lists, and libraries
  • Automate document management and workflow processes using SharePoint data
Screenshot 2025-12-04 at 13.51.34.png
Prerequisites
  • Complete the general setup steps from the main AI Agents page
  • Ensure users have active Microsoft 365 accounts with access to SharePoint Online
  • Verify appropriate Microsoft 365 licensing for SharePoint Online and related services
Screenshot 2025-12-04 at 13.51.48.png
### Azure App Registration Configuration #### Required API Permissions Add the following Microsoft Graph permissions to your app registration: | Permission | Type | Description | | ----------------------------- | --------- | --------------------------------------------------- | | `offline_access` | Delegated | Maintain access to data you have given it access to | | `User.Read` | Delegated | Sign in and read user profile | | `Files.Read.All` | Delegated | Read all files that user can access | | `Sites.Read.All` | Delegated | Read items in all site collections | | `User.ReadBasic.All` | Delegated | Search for user information | | `Tasks.Read` | Delegated | Read the signed-in user's tasks and task lists | | `GroupMember.Read.All` | Delegated | Read the members of all groups in an organization | | `Group-Conversation.Read.All` | Delegated | Read conversations in Microsoft 365 groups | > As alternative, you can use the `.default` scope (uses all scopes set in the app). #### Redirect URL * Add as allowed redirect URL to your app registration #### Permission Configuration Steps 1. In your Azure app registration, go to **API permissions** 2. Click **"Add a permission"** > **Microsoft Graph** > **Delegated permissions** 3. Search for and select each required permission 4. Click **"Add permissions"** 5. Click **"Grant admin consent"** (recommended for organization-wide deployment) ### Agent Configuration in Blockbrain
1. **Access Agent Settings**: * Navigate to your Blockbrain admin panel * Go to **Agents** > **SharePoint Agent** * Click **"Configure"** 2. **Enter Azure Credentials**: * **Client ID**: Enter the Application ID from your Azure app registration * **Client Secret**: Paste the client secret you generated * **Tenant**: Enter your Azure tenant ID 3. **Configure OAuth Scopes**: * Add each required scope individually using the **"Add"** button as mentioned [here](#required-api-permissions) * Each scope will appear as a removable tag * Use the **"X"** button to remove incorrect scopes 4. **Additional Configuration** (Optional): * Add custom key-value pairs if needed for specific requirements * Configure any organization-specific settings 5. **Save Configuration**: * Click **"Save"** to apply the settings * Wait for the confirmation message ### Alternative: Admin Consent Configuration For simplified scope management with admin pre-approval: 1. In Azure, grant admin consent for all required permissions 2. In Blockbrain configuration, use `.default` scope instead of individual scopes 3. This eliminates the need for users to consent to individual permissions ### Testing the SharePoint Agent #### Verification Steps 1. **Connection Test**: * Use the built-in connection test in Blockbrain * Verify successful authentication with Microsoft Graph 2. **User Testing**: * Have a test user connect their SharePoint account * Attempt to access a known SharePoint file or site * Verify file retrieval and search functionality 3. **Permission Validation**: * Check that the agent can access appropriate SharePoint sites * Confirm file read permissions are working correctly ### Common SharePoint Integration Use Cases * **Document Search**: Find files across multiple SharePoint sites * **File Retrieval**: Access specific documents for AI analysis * **Site Navigation**: Browse SharePoint site structures and libraries * **Metadata Extraction**: Retrieve file properties and metadata ### Troubleshooting #### Authentication Issues **Problem**: "Access denied" or authentication failures * **Solution**: Verify admin consent is granted for all required permissions * **Check**: Ensure the redirect URL is exactly `https://nango.theblockbrain.ai/oauth/callback` #### Permission Errors **Problem**: "Insufficient privileges" when accessing SharePoint * **Solution**: Confirm the app registration has `Sites.Read.All` and `Files.Read.All` permissions * **Check**: Verify the user has SharePoint access in your organization #### Scope Configuration Issues **Problem**: Scopes not saving correctly * **Solution**: Add each scope individually using the "Add" button * **Check**: Remove any duplicate or incorrect scopes using the "X" button ### Security Considerations * **File Access**: The agent inherits the user's SharePoint permissions * **Site Scope**: Access is limited to sites the authenticated user can access * **Data Privacy**: Files are processed according to Blockbrain's data handling policies * **Audit Trail**: SharePoint access is logged in both Azure AD and SharePoint audit logs ### Next Steps After successful SharePoint Agent configuration: * Train users on SharePoint integration features * Configure [outlook-agent](https://docs.en.theblockbrain.ai/for-admins/agents/outlook-agent "mention") if email integration is needed * Monitor usage and performance through Azure AD reports