SharePoint (App-Only)

Service-account connection to SharePoint via an Azure app (client credentials).

Fields

Field	Description	Required
Client ID	Application (client) ID of the Azure App Registration.	Yes
Client Secret	The client secret Value (not the Secret ID) from Certificates & secrets.	Yes
Tenant ID	Directory (tenant) ID of your Microsoft 365 organization.	Yes
Default Site ID	Optional. Required when the app uses the Sites.Selected scope. Format: host,siteCollectionId,webId.	No

Register an Azure App

In the Azure Portal, go to Microsoft Entra ID → App registrations → New registration. Choose single-tenant.
Under API permissions, add the Microsoft Graph Application permissions Sites.Read.All and Sites.ReadWrite.All (or Sites.Selected for specific sites), then Grant admin consent.
Under Certificates & secrets, create a client secret and copy its Value immediately.
Copy the Application (client) ID and Directory (tenant) ID from the Overview page.

Sites.Selected — granting specific sites

If the app uses Sites.Selected, an admin app must grant the SharePoint app access to each site, and you must supply the Site ID (format host,siteCollectionId,webId) on the credential or in the node — dynamic site discovery isn't available with this scope.

Testing the Connection

Test Credential mints an app token via client credentials and probes the site (the configured Site ID, or the tenant root). A 403 means the app authenticated but lacks permission to the site — grant Sites.Read.All or use Sites.Selected with a Site ID.

Used By These Integrations

SharePoint

Search and list content, get files, upload files, and create Word documents in SharePoint.

SharePoint Trigger

Trigger workflows when files are created or updated in SharePoint.

Back to Docs Get started free