Skip to main content

Enabling the SharePoint Integration for your Organization

This article explains how administrators can enable and configure the SharePoint integration, including required permissions and setup details.

Overview

Legora's SharePoint integration allows your users to pull in documents directly from SharePoint.

Key features

  • File and folder selection The integration includes a file and folder picker, enabling users to upload documents or entire folders from SharePoint into Legora.

  • Secure Authentication and Connectivity Legora uses SharePoint's native authentication system. No user credentials are passed through Legora. When a user connects, Microsoft issues an access token that Legora uses to fetch and parse documents the user has permission to access.

  • Allowed Sites Admins can restrict which SharePoint sites users can access via Legora. If no sites are specified, all sites are accessible. Once at least one site is added, only those sites are accessible.

Setup

Before you begin

  • You have admin access to the Azure portal.

  • You have your Directory (tenant) ID, Application (client) ID (must be a valid UUID), and SharePoint base URL ready.

Create and configure the Azure AD app registration

  1. Sign in to the Azure portal and go to Azure Active Directory > App registrations > New registration.

  2. Under Authentication:

    • Create a Single-page application platform and set the redirect URI to your region:

      • EU: https://app.eu.legora.com

      • US: https://app.us.legora.com

      • AP: https://app.ap.legora.com

    • Select the Access tokens and ID tokens checkboxes.

  3. Under API permissions, add the permissions below, then select Grant admin consent:

    • Microsoft Graph (delegated): Files.Read.All, Sites.Read.All, User.Read

    • SharePoint (delegated): AllSites.Read, MyFiles.Read

  4. From the Overview tab, copy your Directory (tenant) ID and Application (client) ID.

Configure the integration in Legora

  1. Go to Settings > Organization > Integrations.

  2. In the Available section, click Add next to SharePoint.

  3. Paste the Directory (tenant) ID and Application (client) ID you copied in step 1.

  4. Enter your SharePoint site URL:

    • Use the main tenant URL, e.g. https://tenant.sharepoint.com

    • Don’t use OneDrive (https://tenant-my.sharepoint.com) or the admin center (https://tenant-admin.sharepoint.com).

  5. (Optional) Run the validation wizard to confirm your app registration and permissions are set up correctly — any missing permissions will be highlighted in red.

  6. Click Create. You’ll now see SharePoint listed under Connected.

Configure allowed sites (optional)

  1. Click Configure on the SharePoint integration.

  2. Open the Allowed sites tab.

  3. Add any sites you want to restrict access to. If left empty, all sites are accessible. Added URLs must belong to the same host as your configured SharePoint site URL.

Troubleshooting

Failed to validate tenant ID

Verify the Directory (tenant) ID is correct.

Failed to validate application

Verify the Application (client) ID and that it is correctly configured in Azure AD.

The redirect URI platform was not set to 'Single-page application (SPA)'

In the Azure AD app registration, ensure the redirect URI is configured as SPA, not Web.

The application is missing the required permissions

Grant the missing permissions shown in red in the validation step.

Failed to validate the Application, please see the Microsoft screen for detailed error description.

The OAuth popup was cancelled or returned an error. Check the Microsoft error screen for details.

The URL must belong to {host}

When adding an allowed site, the URL must match the host of the SharePoint site URL configured in the integration.

Custom SharePoint domains (e.g. sites.company.com) Legora allows Microsoft-hosted SharePoint domains (e.g. *.sharepoint.com) by default. If your SharePoint is on a custom domain, it may require an additional firewall allowlist rule on Legora's side — contact Legora support and share the SharePoint base URL/domain to allowlist.

Authentication succeeds but nothing renders in the popup

This is typically caused by the app registration not being set as a Single-page application. Double-check the platform type in the Azure AD app registration.

FAQ

Why does the integration use Azure AD?

SharePoint uses Microsoft Entra ID (Azure AD) for authentication. The app registration and permissions enable users to connect via the Microsoft sign-in flow.

Can admins restrict which sites users can browse?

Yes. Use the Allowed sites tab in the SharePoint integration configuration to restrict access to specific SharePoint sites.

Why is my authentication successful, but nothing renders in the popup?

Example:


This is often caused by a misconfiguration on the client side, ask the customer to double check the app registration, especially, that it is registered as a Single Page Application.

Related Articles
Integration Overview - Entra ID Single Sign-on
Did this answer your question?