> ## Documentation Index
> Fetch the complete documentation index at: https://docs.stackone.com/llms.txt
> Use this file to discover all available pages before exploring further.

# SharePoint OAuth 2.0 connector profile – StackOne setup guide

> Set up the OAuth 2.0 connector profile for SharePoint in StackOne. One-time admin setup required before your users can link SharePoint accounts via Hub.

<Warning>You must have at least Application Developer permissions in your Azure account to register applications in Microsoft Entra ID. An administrator must also grant consent for the required API permissions.</Warning>

<section data-guide-section data-guide-scopes="">
  <h2>Register Your Application in Microsoft Entra ID</h2>

  <p>To connect SharePoint with StackOne, you need to register an application in Microsoft Entra ID to obtain OAuth 2.0 credentials.</p>

  <Steps>
    <Step title="Sign in to Microsoft Entra Admin Center">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>Sign in to the <a href="https://entra.microsoft.com" target="_blank" rel="noopener noreferrer">Microsoft Entra admin center</a> as at least an Application Developer. If you have access to multiple tenants, click the <strong>Settings</strong> (gear) icon in the top-right corner, then select the desired tenant from the list under <strong>Directory + subscription</strong>.</p>
      </div>
    </Step>

    <Step title="Create a New App Registration">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>Navigate to <strong>Entra ID</strong> > <strong>App registrations</strong> and select <strong>New registration</strong>.</p>

        <ul>
          <li>Enter a meaningful <strong>Name</strong> for your app (e.g., StackOne SharePoint Integration).</li>
          <li>Under <strong>Supported account types</strong>, select <strong>Accounts in this organizational directory only</strong> (single tenant) unless multi-tenant access is required.</li>
          <li>Select <strong>Register</strong> to create the app registration.</li>
        </ul>
      </div>
    </Step>

    <Step title="Copy the Application (Client) ID">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>After registration, you'll be directed to the application's <strong>Overview</strong> page. Copy the <strong>Application (client) ID</strong> value and store it securely for use later.</p>
      </div>
    </Step>
  </Steps>
</section>

<section data-guide-section data-guide-scopes="">
  <h2>Configure Redirect URI</h2>

  <p>Set up the OAuth 2.0 callback URL to enable authentication flow between StackOne and SharePoint.</p>

  <Steps>
    <Step title="Navigate to Authentication Settings">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>From your app's Overview page, select <strong>Authentication</strong> from the left menu under <strong>Manage</strong>.</p>
      </div>
    </Step>

    <Step title="Add Platform Configuration">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>Click <strong>Add Redirect URI</strong>, then select <strong>Web</strong>.</p>
      </div>
    </Step>

    <Step title="Set the Redirect URI">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>In the <strong>Redirect URIs</strong> field, enter the StackOne OAuth callback URL ([https://api.stackone.com/connect/oauth2/sharepoint/callback](https://api.stackone.com/connect/oauth2/sharepoint/callback)) and click <strong>Configure</strong>.</p>
      </div>
    </Step>
  </Steps>
</section>

<section data-guide-section data-guide-scopes="">
  <h2>Configure API Permissions</h2>

  <p>Grant your application the necessary Microsoft Graph API permissions to access SharePoint data. API access is controlled by the permissions granted here, not by scopes requested in the OAuth token.</p>

  <Steps>
    <Step title="Open API Permissions">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>From the left menu under <strong>Manage</strong>, select <strong>API permissions</strong>.</p>
      </div>
    </Step>

    <Step title="Add Microsoft Graph Permissions">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>Click <strong>Add a permission</strong>, then select <strong>Microsoft Graph</strong>.</p>

        <ul>
          <li>Select <strong>Delegated permissions</strong> to view the list of permissions.</li>
          <li>For read-only access, add <strong>Sites.Read.All</strong> and <strong>Files.Read.All</strong>.</li>
          <li>For read-write access, add <strong>Sites.ReadWrite.All</strong> and <strong>Files.ReadWrite.All</strong>.</li>
          <li>Click <strong>Add permissions</strong> to save.</li>
        </ul>
      </div>
    </Step>

    <Step title="Grant Admin Consent">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>Click <strong>Grant admin consent for \[tenant name]</strong> and select <strong>Yes</strong> to consent on behalf of all users in your tenant. After granting, verify that <strong>Granted for \[tenant name]</strong> appears under the <strong>Status</strong> column. Without admin consent, API calls will return 403 Forbidden errors regardless of token contents.</p>
      </div>
    </Step>
  </Steps>
</section>

<section data-guide-section data-guide-scopes="">
  <h2>Generate Client Secret</h2>

  <p>Create a client secret that will be used to authenticate your application with SharePoint.</p>

  <Steps>
    <Step title="Navigate to Certificates & Secrets">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>From the left menu under <strong>Manage</strong>, select <strong>Certificates & secrets</strong>.</p>
      </div>
    </Step>

    <Step title="Create a New Client Secret">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>Under the <strong>Client secrets</strong> tab, click <strong>New client secret</strong>.</p>

        <ul>
          <li>Add a <strong>Description</strong> (e.g., StackOne Integration Secret).</li>
          <li>Select an expiration period.</li>
          <li>Click <strong>Add</strong>.</li>
        </ul>
      </div>
    </Step>

    <Step title="Copy the Client Secret Value">
      <div data-guide-step data-guide-scopes="" data-guide-display-scopes-list="">
        <p>Immediately copy the <strong>Value</strong> of the newly created client secret and store it securely for use later. This value will only be shown once and cannot be retrieved again.</p>
      </div>
    </Step>
  </Steps>
</section>

## Creating the StackOne Connector Profile

To create the Connector Profile in StackOne for <strong>SharePoint</strong>:

<Steps>
  <Step title="Navigate to Connector Profiles">
    Login to StackOne and navigate to [Connector Profiles](https://app.stackone.com/connector_profiles)
  </Step>

  <Step title="Create New Connector Profile">
    <ul>
      <li>Click <strong>+ Connector Profile</strong></li>
      <li>Search for and select <strong>SharePoint</strong></li>
      <li>Select <strong>Type</strong> as <strong>OAuth 2.0</strong></li>

      <li>
        Fill out the fields using details retrieved from your provider:

        <ul style={{ marginLeft: '20px' }}>
          <li><strong>Client ID</strong></li>
          <li><strong>Client Secret</strong></li>
          <li><strong>Scopes</strong> (Optional)</li>
        </ul>
      </li>

      <li>(Optional) Select <strong>Actions</strong> to be enabled for this Connector Profile</li>
      <li>Click <strong>Create profile</strong></li>
    </ul>
  </Step>
</Steps>

Congratulations! The new Connector Profile will now show up in your project ready to be used. You can now continue to <a href="/guides/accounts-section#linking-accounts">Link Accounts</a> for <strong>SharePoint</strong>.
