To allow uman to seamlessly persist your documents in your tenant, a dedicated SharePoint site must be created and granted the appropriate access for uman to connect to. Setting this up is a three-step process, done by an administrator.
Step 1: Grant Admin Consent
Click the following admin consent link: Grant Admin Consent to uman
Log in with your Microsoft Global Administrator or Privileged Role Administrator account.
Review the requested permissions and click Accept.
Upon successful authorization, you will be automatically redirected to the uman homepage.
Step 2: Create the SharePoint Site
Go to your organization's SharePoint admin center or home page.
Click Create site and choose a Team site (this can be a standard team template).
Give a descriptive name (e.g.
Go-To-Market key content)Set the privacy to Public or Private
Note: Information is more easily retrievable by users when set to Public.Copy and save the full URL of this new site (e.g.
https://yourcompany.sharepoint.com/sites/go-to-market-key-content).
Step 3: Authorize App Access
Because the uman SharePoint-app utilizes Microsoft's secure Sites.Selected permission model, granting admin consent in Step 1 does not automatically give uman access to your data. You must explicitly authorize uman to access only this newly created site.
Authorizing access can be done in multiple ways - for example, via the Microsoft Graph API or PowerShell. In this guide, we will use the Microsoft Graph API in combination with curl.
Register Application
First, we need to register a new (temporary) application in Microsoft Entra ID. This app will be used to grant the uman access to the newly created site.
Navigate to App Registrations
Select New Registration, enter a name and click Register
On the Overview page, copy the
Application (client) IDandDirectory (tenant) IDNavigate to API permissions -> Add a permission -> Microsoft Graph -> Application permissions.
Search for and check Sites.FullControl.All. Click Add permissions, and then click Grant admin consent for [Your Company].
The configured permissions should look like the image below:Navigate to Certificates & Secrets, create a new Client Secret, and safely store the secret Value.
Assign Permission to uman
Retrieve access token:
curl -X POST \
"https://login.microsoftonline.com/$TENANT_ID/oauth2/v2.0/token" \
-H "Content-Type: application/x-www-form-urlencoded" \
--data-urlencode "grant_type=client_credentials" \
--data-urlencode "client_id=$CLIENT_ID" \
--data-urlencode "client_secret=$CLIENT_SECRET" \
--data-urlencode "scope=https://graph.microsoft.com/.default"Replace the
$TENANT_ID,$CLIENT_IDand$CLIENT_SECRETwith the values copied in the previous stepsCopy the
access_tokenGet site ID of the newly created site:
curl -X GET \
"https://graph.microsoft.com/v1.0/sites/$TENANT_NAME.sharepoint.com:/sites/$SITE_NAME" \
-H "Authorization: Bearer $ACCESS_TOKEN"Replace
$TENANT_NAME,$SITE_NAMEand$ACCESS_TOKENwith the correct values. For example https://yourcompany.sharepoint.com/sites/go-to-market-key-content:$TENANT_NAME: yourcompany
$SITE_NAME: go-to-market-key-content
$ACCESS_TOKEN: the
access_tokenretrieved in the previous step
Copy the
idGrant uman access to the site.
curl -X POST \
https://graph.microsoft.com/v1.0/sites/$SITE_ID/permissions \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $ACCESS_TOKEN" \
-d '{
"roles": ["fullcontrol"],
"grantedToIdentities": [
{
"application": {
"id": "81e34be5-dfcb-4672-a744-b16f713226dd",
"displayName": "uman SharePoint"
}
}
]
}'Replace
$SITE_IDwith theidfrom the previous step. Also replace$ACCESS_TOKENagain
Connection Successful!
The connection to uman is now successfully set up.
Clean up: Remove the App Registration created in Step 3.
Notify: Let the uman team know that the steps are completed. Provide them with:
The URL of the newly created site (e.g.
https://yourcompany.sharepoint.com/sites/go-to-market-key-content)The
$TENANT_ID.
