Skip to main content
Back to Search AI connectors list Configure the SharePoint connector to make content managed in SharePoint searchable through Search AI.
SpecificationDetails
Repository typeCloud
Supported contentAll, Articles (.aspx), Pages, and files in .doc, .docx, .ppt, .pptx, .html, .xhtml, .txt, .pdf formats
RACL supportYes
Content filteringYes
Auto permission resolutionYes
Searching through attachments is not supported.

Prerequisites

  • Access to the Azure Portal with permissions to register applications.
  • A multi-tenant app registered in Azure Active Directory (see below).

Authorization Support

Search AI supports two OAuth 2.0 authentication mechanisms for SharePoint:
  • Authorization Code Grant Type — The app acts on behalf of the user using Delegated Permissions. Requires explicit user consent.
  • Client Credentials Grant Type — The app acts as itself using Application Permissions. No user interaction required.

Register a Multi-Tenant App in SharePoint

App registration establishes trust between Search AI and the Microsoft identity platform.
  1. Log in to the Azure Portal and go to Azure Active Directory. Azure Home
  2. Go to App Registrations under Applications and click New Registration. App Registration
  3. Enter the application name. Set the account type to Accounts in any organization directory (multi-tenant). Set the Redirect URL for your region and click Register.
    • JP Region: https://jp-bots-idp.kore.ai/workflows/callback
    • DE Region: https://de-bots-idp.kore.ai/workflows/callback
    • Production: https://idp.kore.com/workflows/callback
    Account Types
  4. Save the Client ID and Tenant ID from the Overview section. Client Credentials
  5. Go to Certificates and Secrets and generate a client secret. Client Credentials
  6. Enter a description, set the expiration to 24 months, and click Add. Client Credentials
  7. Save the client secret immediately — it cannot be viewed again after leaving the page. Client Credentials
  8. Go to API Permissions and click Add a permission. API Permissions
  9. Add the following permissions under Microsoft Graph: Delegated Permissions (for Authorization Code Grant Type):
    • User.ReadBasic.All
    • Group.Read.All
    • Directory.AccessAsUser.All
    • Files.Read
    • Files.Read.All
    • Sites.Read.All
    • Offline_access
    • GroupMember.Read.All — required only if RACL is enabled
    • Organization.Read.All — required only if RACL is enabled
    Request Permissions Application Permissions (for Client Credentials Grant Type):
    • Sites.Selected
    • GroupMember.Read.All — required only if RACL is enabled
    • Organization.Read.All — required only if RACL is enabled
  10. Click Grant Admin Consent to apply the permissions. Grant Permissions

Configure the SharePoint Connector in Search AI

  1. Go to Content > Connectors and select SharePoint.
  2. On the Authorization page, provide the following details:
FieldDescription
NameUnique name for the connector
Authorization TypeOAuth 2.0
Grant TypeAuthorization Code or Client Credentials
Client IDClient ID from the Azure app registration
Client SecretClient secret from the Azure app registration
Tenant IDDirectory (Tenant) ID from your Azure AD instance
Content TypeAll, Articles, or Files
  1. Click Connect to authenticate.

Content Ingestion

After authentication, select the SharePoint sites to ingest content from.
Configuration steps vary depending on the grant type selected.

Authorization Code Grant Type

  1. Go to the Configuration section.
  2. Under Sync Specific Content, click Select Content.
  3. Choose the SharePoint sites to ingest content from.
  4. Click Save.
Select Sites

Client Credentials Grant Type

  1. Go to the Configuration section.
  2. Under Sync Specific Content, click Configure.
  3. Enter one or more Site IDs. The Azure AD app must have access to all sites listed here.
  4. Select the content type: Articles or Files.
  5. Optionally apply filters to narrow the content ingested.
Select Sites
Only Articles or Files can be selected individually as content types. To ingest both, create a filter with two conditions joined by the OR operator:
  • Condition 1: Content Type = Articles
  • Condition 2: Content Type = Files
Select Sites

Sync Content

Click Sync Now to start ingestion immediately, or configure Schedule Sync in the Configuration page for automatic ingestion.

Advanced Content Filtering

In addition to selecting sites, Search AI allows you to apply custom filtering rules to selectively ingest content. To configure filters, navigate to the Advanced Filter tab and define your rules using the following fields.
  • Site — Select the site on which filtering is to be applied.
  • Content Type — Select the type of content: All, Articles, or Files.
Use the following fields to set up conditions for each filtering rule.
  • Parameter — The attribute of the content on which the filter condition is applied. Select from the dropdown or add a custom parameter using +Add. Ensure custom parameter names match exactly with the field names in SharePoint.
  • Operator — Defines how the condition is evaluated (for example, Equals, Contains, Greater Than).
  • Value — The value the parameter must meet according to the chosen operator.
Filter conditions are optional. If no conditions are defined, all content matching the selected Content Type from the chosen site is ingested.
Supported Parameters for Files When Content Type is set to Files, the following folder-related parameters are available in addition to the standard file parameters.
ParameterDescriptionSupported Operators
Folder PathPath of the folder from the driveIn
Use these parameters to target content within a specific folder or folder path in a SharePoint site. Filter Rule Behavior
  • Multiple rules — Content that satisfies any one of the defined rules is selected for ingestion (logical OR between rules).
  • Multiple conditions within a rule — All conditions in a rule must be satisfied for the content to be selected (logical AND within a rule).
For example, to ingest files from a specific folder by name, set up a filter with Content Type = Files, Parameter = FolderName, Operator = Equals, and Value = <folder name>.

Access Control

Understanding Permissions in SharePoint

SharePoint permissions include site-level permissions and individual file permissions.

Site-Level Permissions

SharePoint uses two membership group types:
  • Office 365 Groups — Grant site access to members.
  • SharePoint Security Groups — Control site access at three default permission levels: Site Visitors, Site Members, and Site Owners.
Office 365 Membership Click Members to view the list of members and their roles. Office 365 Members Go to Settings > Site Permissions to view SharePoint Security Groups. Site Permissions

How Search AI Handles Site Permissions

  • Office 365 Group — A Permission Entity is created in Search AI. All users directly added to this group are automatically added to the Permission Entity. Email groups added here must be resolved manually using the Permission Entity APIs.
  • SharePoint Security Groups — Three Permission Entities are created (one per default permission level). Users in these groups must be added manually to their corresponding Permission Entities using the Permission Entity APIs.
The sourceACL field contains four Permission Entities corresponding to the site permissions.

File-Level Permissions

Site-level permissions apply to all files within that site. File owners can also share files with individual users, internally or externally, or with all domain or organization members. File Permissions Domain Access

How Search AI Handles File Permissions

  • Shared with a specific user — The user is automatically added to the sourceACL field during ingestion.
  • Shared with a user group — The group ID is used to create a Permission Entity that resolves individual users.
  • Shared with a specific domain — The domain name is stored as a Permission Entity in sourceACL. Search AI compares user email domains during answer generation and grants access on a match.