Skip to main content

Set Up the OneDrive/SharePoint Connector

The OneDrive/SharePoint Connector allows you to ingest documents from your Microsoft 365 storage directly into your project. To use the connector, you will authenticate via your Azure account. Decide on OAuth configuration - Airia managed with required scopes for all Microsoft integrations or Bring your own OAuth connector with custom scopes that best fit your integration and security requirements.

Set Up with Airia managed OAuth

This one-time setup registers the Airia Microsoft Connector application in your Azure Active Directory (Microsoft Entra ID), allowing it to access organizational data from OneDrive and SharePoint.
💡 Note:
  • Application Name: Airia Connector – Web
  • Your tenant ID: you can see it in platform settings
  1. Construct Admin Consent URL Use the following format, replacing <CUSTOMER_TENANT_ID> with your specific Microsoft tenant ID: https://login.microsoftonline.com/<CUSTOMER_TENANT_ID>/adminconsent?client_id=4969aaba-cdb0-4777-829d-63a9dde52671
    💡 Example: https://login.microsoftonline.com/your-tenant-id-here/adminconsent?client_id=4969aaba-cdb0-4777-829d-63a9dde52671
  2. Open Consent URL Open the constructed URL in a web browser (preferably in an incognito or private browsing window).
  3. Log In as Azure Admin Log in using an Azure Admin user account that has permissions to grant consent for enterprise applications.
  4. Review and Grant Consent Review the requested permissions displayed on the screen and click Accept or Grant consent to approve them on behalf of your organization.
    💡 Note: After successful consent, the browser will redirect back to the Airia platform.
  5. Confirm Application Registration Log into the Microsoft Entra ID portal and navigate to Enterprise applications. Confirm that Airia Connector – Web is listed in this section.

Set up with your custom managed OAuth

This guide explains how to configure SharePoint with Site Selected access, SharePoint with all sites read access and OneDrive connectors in Azure AD and integrate it with Airia, allowing Airia to access specific SharePoint sites.

Configure Your Azure AD App

1. Register Your Application in Azure AD

  1. Navigate to Azure Portal > Microsoft Entra ID > App registrations.
  2. Click New registration.
  3. Configure the application details:
    • Name: Enter a descriptive name, such as Airia SharePoint Site Selected.
    • Supported account types: Select Accounts in any organizational directory.
    • Redirect URI: Enter Airia Chat.
  4. Click Register.
  5. From the app’s Overview page, save the Application (client) ID. You will need this later.

2. Configure API Permissions

  1. In your registered application’s left menu, navigate to API permissions.
  2. Click Add a permission.
  3. Select Microsoft Graph.
  4. Choose Application permissions.
  5. Add the following permissions: For more limited permissions add the following scopes. Note that Microsoft Admin is required to whitelist the sites for syncing. Only one site can be ingested in a given data source.
    • User.Read
    • Sites.Selected
    • offline.access
    • (Optional for permission-aware RAG) Directory.Read.All
Alternatively, you can list the following scopes without the need for whitelisting sites and the limitation of one site per data source. The app can access only the sites and files that the user who is authenticating has access to (delegated permissions).
  • Sites.Read.All
  • offline.access
  • Files.Read
  • Files.ReadWrite
  • User.Read
Scopes required for OneDrive connector
  • offline.access
  • Files.Read
  • Files.ReadWrite
  • User.Read
  1. Click Add permissions.
  2. Click Grant admin consent for [Your Tenant Name] and confirm.
💡 Note: If permission-aware RAG (where the AI agent respects end-user permissions) is required, Directory.Read.All is necessary. This scope often replaces the need for User.Read.All, Group.Read.All, and GroupMember.Read.All in most read-only scenarios.

3. Obtain Your Client Secret

  1. In your registered application’s left menu, navigate to Certificates & secrets.
  2. Click New client secret.
  3. Provide a Description (e.g., Airia Client Secret) and set an appropriate Expires duration.
  4. Click Add.
  5. Copy the Value of the client secret immediately. It will only be shown once and is required for Airia integration.

Grant Site-Level Permissions Using Graph Explorer (required if you listed sites.selected scope for SharePoint only)

Before granting your app access, you need to obtain the specific SharePoint Site ID.

Prerequisites

  • Access to Graph Explorer.
  • A Global Administrator or SharePoint Administrator account to sign into Graph Explorer.

1. Grant Temporary Admin Permissions for Setup

  1. Open Graph Explorer and sign in with a Global Administrator or SharePoint Administrator account.
  2. In Graph Explorer, navigate to the Permissions tab.
  3. Enable and consent to the Sites.FullControl.All permission.
  4. Click Consent.
⚠️ Warning: This permission is only for your admin session to configure site access. You can revoke it after completing this phase if desired.

2. Get Your SharePoint Site ID

  1. In Graph Explorer, make a GET request to retrieve the site ID.
    • Replace {hostname} with your SharePoint hostname (e.g., yourcompany.sharepoint.com).
    • Replace {site-name} with the name of your SharePoint site.
    GET https://graph.microsoft.com/v1.0/sites/{hostname}:/sites/{site-name}
  2. From the response, copy the entire id field. This is your Site ID. 
    {
  "id": "airiaqe.sharepoint.com,3e6f8b32-6e9b-4b88-8c33-0c44f5c6a789,7b8c3b24-68c1-4a11-b12b-1ad4dcaa8a12",
  "displayName": "SharePointSiteSelectedTestWebsite",
  "name": "SharePointSiteSelectedTestWebsite",
  "webUrl": "https://airiaqe.sharepoint.com/sites/SharePointSiteSelectedTestWebsite"
}

3. Grant Your App Access to the SharePoint Site

  1. In Graph Explorer, make a POST request to grant your registered app read permissions to the specific SharePoint site.
    • Replace {site-id} with the Site ID you obtained in the previous step.
    • Replace {application-id} with the Application (client) ID you saved from Azure AD (Phase 1, Step 1).
    • Replace {application-display-name} with the display name of your registered application (e.g., Airia SharePoint Site Selected).
    POST https://graph.microsoft.com/v1.0/sites/{site-id}/permissions

4. Verify App Access (Optional)

  1. To confirm the permissions were set correctly, make a GET request in Graph Explorer. Replace {site-id} with your SharePoint Site ID. 
    GET https://graph.microsoft.com/v1.0/sites/{site-id}/permissions
  2. The response should include an entry for your application with the read role. 
    {
  "value": [
    {
      "id": "some-guid",
      "roles": ["read"],
      "grantedToIdentities": [
        {
          "application": {
            "id": "56708dc4-880d-4858-86a0-936a052fdc0f",
            "displayName": "Airia SharePoint Site Selected"
          }
        }
      ]
    }
  ]
}

Create Your OAuth Connector in Airia

1. Add a New Microsoft OAuth Connector

  1. In the Airia platform, navigate to Settings > Ecosystem > App Connections.
  2. Select the Microsoft card.
  3. Enter the following details for your new OAuth connector:
    • Name: A descriptive name (e.g., SharePoint Site Selected Connector).
    • Client ID: The Application (client) ID you saved from Azure AD (Phase 1, Step 1).
    • Client Secret: The client secret value you saved from Azure AD (Phase 1, Step 3).
    • Scopes: Add the following scopes (matching those configured in Azure AD):
      • User.Read
      • Sites.Selected
      • offline.access
      • (Optional for permission-aware RAG) Directory.Read.All
  4. Click Create.

Create a SharePoint Data Source

1. Add a New SharePoint Data Source

  1. In the Airia platform, navigate to Available data sources.
  2. Select the SharePoint card.

2. Configure Data Source Details

  1. Provide the following details:
    • Name: A mandatory, descriptive name for your data source (e.g., SharePoint Site Selected Data).
    • Description: (Optional) A brief description.
    • Scope: Select the Airia project for this data source.
    • OAuth connector: From the dropdown, select the Microsoft OAuth connector you created in Phase 3 or Airia managed OAuth.
  2. For Credentials, choose Create new credential (this is the only option if you just created the OAuth connector).
  3. Enter a Name for the new credential.
  4. Confirm the required scopes for the user authenticating that match the scopes for the Oauth configuration.
  5. Click Authenticate. Complete the OAuth flow by logging in with an account that has access to the SharePoint site.

3. Specify SharePoint Site (only for sites.selected) and Ingestion Settings

  1. Enter the Site ID or Site URL of the SharePoint site you wish to sync (obtained in Phase 2, Step 2).
  2. Enable permission check or user specific if access control is required for the files in the data source.
  3. (Optional) Configure the ingestion settings based on your specific use case and data requirements.
  4. Click Next

4. Select Folders and Start Ingestion

Browse and select the content you want to ingest. You can select and deselect individual items. Supported content types for ingestion include:
  • SharePoint sites
  • SharePoint subsites
  • SharePoint document libraries
  • Folders
  • Files
  • Shared content
💡 Tip: Selecting a SharePoint site, library, or folder will sync all supported content within it, including files, subfolders, and their content. Reprocessing the data source will automatically sync newly added content, update modified content, and delete removed items within the selected content. 💡 Note: To edit your content selection, go to the data source and click Edit. You may need to reauthenticate. Then click Next to make your new selections. If you reauthenticate with new user credentials, the content selector will not show previous selections, and you will need to reselect all desired items.

Filter SharePoint Documents by Metadata

Refine which documents are ingested from a folder using SharePoint metadata filters. Add include/exclude rules based on column values — Status, Department, Document Type, or any other column on your library — and only matching documents enter your data source.
💡 Note: Metadata filtering is available for SharePoint folders only. OneDrive folders do not have list-item metadata.

When to Use It

Folder selection scopes ingestion by location. Use metadata filters when location alone is not enough — for example, a single library that mixes active and archived content, or documents tagged for several teams in the same folder. If folder selection covers your use case, prefer it. Filters add overhead on every sync.

1. Open the Filter Panel

In the folder picker, every SharePoint folder shows a funnel icon at the right end of its row. Click the funnel to open the filter panel for that folder. A small badge next to the funnel shows the rule count when filters are active.

2. Add Rules

Each rule has three parts:
PartWhat to enter
FieldThe SharePoint column’s display name, exactly as it appears in SharePoint (e.g. Document Type, Status, Department)
Operatorequals, not equals, contains, or not contains
ValueThe value as it appears in SharePoint (case-insensitive)
Click + Add rule for additional rules. Click the × icon on a row to remove a rule. The contains and not contains operators behave differently depending on whether the column holds one value or many:
  • Multi-valued field (e.g. multi-select Choice or Managed Metadata) — contains matches when at least one of the field’s values matches your filter value; not contains matches when none of them do.
  • Single-valued fieldcontains matches when your filter value is a substring of the field’s value; not contains matches when it is not.

3. Choose a Match Mode

  • All — every rule must match (AND). Use to narrow down.
  • Any — at least one rule must match (OR). Use for permissive matching.

4. Save the Data Source

Filter rules save when you save the data source. The folder is auto-selected when you add its first rule; deselecting the folder clears its rules.
💡 Tip: Re-run the sync after editing filters on an existing data source — Airia does not auto-re-sync when filters change.

Supported Field Types

Field typeEnter as the value
Single line of text, ChoiceThe value as displayed in SharePoint
Managed Metadata (taxonomy)The term label (e.g. Research) — not the GUID
PersonThe person’s display name
Content TypeThe content type name (use field name Content Type)
DateISO 8601 (e.g. 2026-01-15T00:00:00Z); equals / not equals only
NumberThe number as a string
Yes/NoYes or No
HyperlinkThe URL as it appears in SharePoint
Lookup columns are not supported in v1.

Example: Active, Non-Defence Policies Only

Folder: Shared Documents/Policies Match mode: All
FieldOperatorValue
StatusequalsActive
Departmentnot equalsDefence
Document TypeequalsPolicy
This ingests only documents tagged as Active Policies that are not assigned to the Defence department; everything else in the folder is skipped.

Limits and Behavior

  • Filters apply to a single folder only — child folders are not filtered unless you configure them too.
  • If a column you reference doesn’t exist on a document, that rule is skipped for that document and a warning is logged. Ingestion continues.
  • Rules with empty Field or Value are not saved.

Troubleshooting

SymptomLikely cause
Nothing ingestsValue mismatch — check spelling and exact wording against SharePoint
Field appears unknown in logsColumn name typo, or the column was renamed in SharePoint after it was created (Airia matches the current display name; ask your SharePoint admin if needed)
Managed Metadata field not matchingUsed the GUID or a parent term — use the leaf term label
Filter ignored on subfolderFilters don’t inherit; configure each folder explicitly

Permissions Enforcement

Airia filters query results based on the end-user’s access permissions in OneDrive/Sharepoint.

Prerequisites

To enable permission enforcement for your data source:
  • Single Sign-On (SSO) must be enabled for your Airia project.
  • Permission check must be enabled when configuring the specific data source (e.g., when setting up the OneDrive/SharePoint data source).

Next Steps

After your data has been successfully ingested, the OneDrive/SharePoint data source is ready to be used with an Agent.