SharePoint
SharePoint is a Microsoft collaboration platform used by organizations to manage documents, libraries, and team sites. Ordalie supports two connection modes: organization-level (administered by an IT team) and personal (each user connects their own access).
Connection modes
Organization mode (App credentials)
This is the recommended approach for firms and teams. An administrator registers an Azure AD application and enters the credentials in Ordalie. All organization members then share the same connection without needing individual Microsoft accounts.
Who can configure it: Organization administrators only.
Personal mode (Delegated OAuth)
Each user connects their own Microsoft account via an OAuth popup. This mode is useful when users need access to SharePoint sites their personal account can reach, without requiring admin-level Azure AD configuration.
Who can configure it: Any PRO user, from Settings > Integrations.
Organization mode — Setup guide
Step 1: Register an Azure AD application
- Sign in to the Azure portal with an admin account.
- Navigate to Azure Active Directory > App registrations > New registration.
- Give the application a name (e.g., "Ordalie SharePoint Connector").
- Set Supported account types to "Accounts in this organizational directory only" (single-tenant).
- No redirect URI is needed for the app-only flow.
- Click Register.
Note the Application (client) ID and Directory (tenant) ID displayed on the overview page — you will need both.
Step 2: Configure API permissions
- In your app registration, go to API permissions > Add a permission.
- Select Microsoft Graph > Application permissions.
- Add the following permissions:
Sites.Read.All(orSites.ReadWrite.Allif you need write access)Files.Read.All(orFiles.ReadWrite.Allfor write access)
- Click Grant admin consent for your organization.
If you plan to use search features, also add
Sites.Read.Allat minimum. The Microsoft Search API requires this scope.
Step 3: Choose an authentication method
Ordalie supports two authentication methods for the app-only flow:
Option A: Client secret
- In your app registration, go to Certificates & secrets > New client secret.
- Add a description and choose an expiration period.
- Copy the Value (not the Secret ID) — it will only be displayed once.
Option B: Certificate (PEM)
- Generate a certificate and private key pair:
openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365 -nodes - In your app registration, go to Certificates & secrets > Upload certificate.
- Upload the
cert.pemfile. - Note the Thumbprint displayed after upload.
Step 4: Find your Site ID
The Site ID identifies which SharePoint site Ordalie will connect to. You can find it by:
- Navigate to your SharePoint site in a browser (e.g.,
https://contoso.sharepoint.com/sites/Legal). - Use the Microsoft Graph Explorer or this URL pattern:
https://graph.microsoft.com/v1.0/sites/{hostname}:/sites/{siteName} - The
idfield in the response is your Site ID. It looks like:contoso.sharepoint.com,guid1,guid2.
Alternatively, once credentials are saved in Ordalie, the system can list available sites for you to select.
Step 5: Configure in Ordalie
- Go to Settings > Organization > Integrations.
- Click Add next to SharePoint.
- Fill in the configuration:
- Name: A label for this connection (e.g., "SharePoint Legal")
- Tenant ID: Your Azure AD tenant ID
- Site ID: The SharePoint site ID (from Step 4)
- Client ID: The application (client) ID from Azure AD
- Authentication: Choose "App Secret" or "Certificate (PEM)"
- Client Secret (if secret mode): The secret value from Step 3A
- Certificate PEM / Private Key PEM (if certificate mode): The PEM content from Step 3B
- Search Region: Select your Microsoft 365 data region (FRA, EUR, NAM, or APC). Defaults to FRA.
- Access Level: Read Only or Read & Write
- Click Create Mount.
- Ordalie will validate credentials by testing token acquisition, listing, and search.
Step 6: Select document libraries (optional)
After validation, if the site contains multiple document libraries (drives), Ordalie will prompt you to select which ones to sync. Leave all unchecked to sync everything.
You can change this selection later by editing the mount.
Personal mode — Setup guide
Step 1: Connect your Microsoft account
- Go to Settings > Integrations.
- Find SharePoint (Personal) and click Connect.
- Enter the SharePoint site URL you want to access (e.g.,
https://contoso.sharepoint.com/sites/Legal). - Choose the access level (Read Only or Read & Write).
- Click Connect. A Microsoft OAuth popup will appear.
- Sign in with your Microsoft account and authorize Ordalie.
Step 2: Site and library selection
Once connected, you can edit the mount to:
- Change the site: Select from a list of accessible sites or enter a site ID manually.
- Filter libraries: Choose which document libraries to include in the sync.
Personal SharePoint connections use your individual Microsoft account permissions. You will only see sites and libraries that your account has access to.
Configuration reference
| Field | Required | Organization | Personal | Description |
|---|---|---|---|---|
| Name | Yes | Yes | Auto | Display name for the connection |
| Tenant ID | Yes | Yes | No | Azure AD directory (tenant) ID |
| Site ID | Yes | Yes | Auto | SharePoint site identifier |
| Client ID | Yes | Yes | No | Azure AD application (client) ID |
| Auth Mode | Yes | Yes | No | secret or certificate |
| Client Secret | Conditional | If secret mode | No | Azure AD app secret value |
| Certificate PEM | Conditional | If cert mode | No | X.509 certificate in PEM format |
| Private Key PEM | Conditional | If cert mode | No | RSA private key in PEM format |
| Drive IDs | No | Yes | Yes | Filter to specific libraries |
| Search Region | No | Yes | Yes | Microsoft Search region (FRA, EUR, NAM, APC) |
| Access Level | Yes | Yes | Yes | read or read_write |
Supported operations
| Operation | Available | Notes |
|---|---|---|
| Browse files and folders | Yes | Paginated listing with folder navigation |
| Search | Yes | Full-text via Microsoft Search API |
| Read/download files | Yes | |
| Upload files | Yes | When access is Read & Write |
| Create folders | Yes | When access is Read & Write (non-recursive) |
| Multi-drive browsing | Yes | All drives shown as virtual folders at root |
| Site enumeration | Yes | Personal mode can list all accessible sites |
Frequently asked questions
Q: Can I connect multiple SharePoint sites? A: Yes. Create one mount per site. Each mount can point to a different site with its own credentials (organization mode) or use the same personal account for different sites.
Q: What happens when the client secret expires? A: The connection will stop working. Edit the mount in Ordalie and enter a new secret. Certificate-based auth can be configured with longer validity periods.
Q: Why can't I see some document libraries?
A: In organization mode, the app needs Sites.Read.All permission. In personal mode, you can only see libraries your Microsoft account has access to. Check permissions in the SharePoint admin center.
Q: What is the Search Region setting? A: Microsoft Search routes queries through regional endpoints. Set this to match your Microsoft 365 tenant's data location for optimal performance. Most European organizations use FRA or EUR.