SharePoint (OAuth)
Delegated OAuth2 connection to SharePoint via Microsoft Graph (per-user).
Fields
| Field | Description | Required |
|---|---|---|
| Microsoft Account | Connected via OAuth2 — click "Connect SharePoint" and sign in. No keys to paste; Falcon Builder stores encrypted access and refresh tokens. Requires Sites.Read.All / Sites.ReadWrite.All. | Yes |
Setup Steps
- Step 1: In Falcon Builder, go to Dashboard → Credentials → Add Credential and pick SharePoint (OAuth).
- Step 2: Click Connect SharePoint and sign in with your Microsoft account.
- Step 3: Approve the requested SharePoint permissions. On work/school tenants an administrator may need to grant consent first.
- Step 4: You're returned to Falcon Builder with the account connected — the credential shows the signed-in email.
Permissions (Microsoft Graph scopes)
Sites.Read.All— discover SharePoint sites and read filesSites.ReadWrite.All— upload files and create documentsUser.Read— identify the connected account (health checks via/me)offline_access— keep the connection alive (refresh tokens)
For least privilege, an administrator can replace Sites.Read.All / Sites.ReadWrite.All with Sites.Selected and grant access to specific sites only. With Sites.Selected, enter the Site ID directly in the node since site discovery is unavailable.
When to use OAuth vs App-Only
Use OAuth when you want access scoped to an individual signed-in user. Use App-Only for centralized, service-account access not tied to a person, and NTLM for legacy on-prem SharePoint.