Skip to main content
Ensure that your Microsoft account has the “Global Administrator” and “SharePoint Administrator” roles assigned. You can view and manage user role assignments in your Microsoft Admin center.
This guide configures a single-tenant SharePoint app for use within your organization only. Users outside your organization cannot connect with this app. No Microsoft Partner Center account or publisher verification is required.
If you’ve been directed to StackOne to integrate with SharePoint using a single-tenant app, the following steps will help you configure a successful integration.

Create and Configure a New Application

1

Log in to Microsoft Azure

Log in to your Microsoft Azure portal.
Azure Login Pn
2

Navigate to App Registrations

Go to your Microsoft Entra admin center.In the left navigation bar, click “Applications” > “App registrations”.
Ms Entra App Registrations Pn
3

Register a New Application

Under App Registrations, click the ”+ New registration” button.
Ms Entra New App Registration Btn Pn
4

Configure Application Details

Under Register an application, input the following details:
  • Name
  • Supported account types
    • Select “Accounts in this organizational directory only (Single tenant)
  • Redirect URI
    • Select “Web
    • Enter the URI: https://api.stackone.com/connect/oauth2/sharepoint/callback
Once complete, click “Register” to create the new application.
Ms Entra Register App Sharepoint Single Tenant
5

Obtain the App Client ID and Tenant ID

After registration, you’ll be taken to the application overview page.Copy the following values and store them safely to be used in a later step:
  • Application (client) ID
  • Directory (tenant) ID
Ms Entra App Client Id Sharepoint
6

Obtain the Application Client Secret

Under Client credentials on the right, click “Add a certificate or secret”.
Ms Entra App Click Client Secret Pn
Under Client secrets, click the ”+ New client secret” button.
Ms Entra New App Client Secret Sharepoint Pn
Under Add a client secret, enter a description and select your desired expiration date for this secret.
Please keep in mind that a new secret will need to be generated when this one expires.
Click the “Add” button to proceed.
Ms Entra New Client Secret Details Sharepoint Pn
The new client secret will be displayed. Copy the Value and store it safely to be used in a later step.
Make sure to copy this value now. It will not be displayed again.
Ms Entra Copy Client Secret Value Pn
Under Configured permissions, click the “Add a permission” button.Under Request API permissions, click “Microsoft Graph”.
Ms Entra App Api Permissions Microsoft Gro Pn
The application requires the following Delegated Permissions:
  • Files.Read - Read user files
  • Files.Read.All - Read all files that user can access
  • Files.ReadWrite - Read and upload user files
  • offline_access - Maintain access to data you have given it access to
  • User.Read - Sign in and read user profile
  • User.ReadBasic.All - Read all users’ basic profiles
After selecting all of the listed permissions above, click the “Add permissions” button.
7

Grant Admin Consent for Permissions

All of the added permissions will be listed under Configured permissions. Please ensure that all of the permissions above are listed.Click the “Grant admin consent” button to approve all of the listed permissions.Click the “Yes” button to confirm Admin approval.
Ms Entra Confirm Admin Consent Pn
Tenant-wide user consent settings in Microsoft Entra ID (Identity > Applications > Enterprise apps > Consent and permissions > User consent settings) affect when non-admin users can connect to this single-tenant app without prior admin action. This setting applies Microsoft’s managed consent policy. For a single-tenant, unverified app (like the one in this guide), non-admin users are often not allowed to grant consent on first use. In practice:
  • Option A: An org admin connects via OAuth first and completes the consent screen. After that, non-admin users can connect without seeing the consent prompt.
  • Option B: A non-admin user tries to connect first and is blocked (e.g. “Need admin approval”). An admin then goes to the app’s Configured permissions in the Microsoft Entra admin center (Enterprise applications > your app > Permissions) and clicks Grant admin consent. After that, the non-admin user can connect successfully on a second attempt.
Granting admin consent only takes effect for the Enterprise Application (service principal) that is created when the app is first used in your tenant. If no user had connected yet, that object may not exist, which is why granting consent before any user attempt sometimes doesn’t help until after the first (failed) non-admin attempt.

Allowing non-admins to connect on first attempt

To allow non-admin users to connect on their first attempt without an admin connecting first, change the tenant setting to “Allow user consent for apps from verified publishers, for selected permissions”. That policy explicitly allows user consent for apps registered in your organization (single-tenant apps) as well as verified publishers, but only for permissions your org classifies as low impact. To avoid prompts for the permissions this app uses (e.g. Files.Read, User.Read, offline_access), an admin may need to classify those permissions as low impact under Consent and permissions > Permission classifications. After that, non-admin users can typically complete the consent flow on first connection.
Changing to “Allow user consent for apps from verified publishers, for selected permissions” is a tenant-wide setting and may allow user consent for other apps registered in your tenant. Evaluate this against your organization’s security policy.

Get your SharePoint Base URL

Your SharePoint base URL follows this format:
https://{your-domain}.sharepoint.com
You can find this URL by:
  1. Opening your Microsoft SharePoint site
  2. Copying the base URL from your browser’s address bar

Congratulations, you’re all set! If you face any issues with the steps mentioned above, please contact us by emailing integrations@stackone.com. We’re always here to assist you!

Available data

This integration has the following Documents Resources available from the provider:
  • Drives
  • Files
  • Folders