Skip to main content

Microsoft SharePoint

Technical documentation regarding the Microsoft SharePoint integration

To allow uman to seamlessly persist your documents in your tenant, a dedicated SharePoint site must be created and granted the appropriate access for uman to connect to. Setting this up is a three-step process, done by an administrator.

Step 1: Grant Admin Consent

  1. Click the following admin consent link: Grant Admin Consent to uman

  2. Log in with your Microsoft Global Administrator or Privileged Role Administrator account.

  3. Review the requested permissions and click Accept.

  4. Upon successful authorization, you will be automatically redirected to the uman homepage.

Step 2: Create the SharePoint Site

  1. Go to your organization's SharePoint admin center or home page.

  2. Click Create site and choose a Team site (this can be a standard team template).

  3. Give a descriptive name (e.g. Go-To-Market key content)

  4. Set the privacy to Public or Private
    Note: Information is more easily retrievable by users when set to Public.

  5. Copy and save the full URL of this new site (e.g. https://yourcompany.sharepoint.com/sites/go-to-market-key-content).

Step 3: Authorize App Access

Because the uman SharePoint-app utilizes Microsoft's secure Sites.Selected permission model, granting admin consent in Step 1 does not automatically give uman access to your data. You must explicitly authorize uman to access only this newly created site.

Authorizing access can be done in multiple ways - for example, via the Microsoft Graph API or PowerShell. In this guide, we will use the Microsoft Graph API in combination with curl.

Register Application

First, we need to register a new (temporary) application in Microsoft Entra ID. This app will be used to grant the uman access to the newly created site.

  1. Navigate to App Registrations

  2. Select New Registration, enter a name and click Register

  3. On the Overview page, copy the Application (client) ID and Directory (tenant) ID

  4. Navigate to API permissions -> Add a permission -> Microsoft Graph -> Application permissions.

  5. Search for and check Sites.FullControl.All. Click Add permissions, and then click Grant admin consent for [Your Company].
    The configured permissions should look like the image below:

  6. Navigate to Certificates & Secrets, create a new Client Secret, and safely store the secret Value.

Assign Permission to uman

  1. Retrieve access token:

    curl -X POST \
    "https://login.microsoftonline.com/$TENANT_ID/oauth2/v2.0/token" \
    -H "Content-Type: application/x-www-form-urlencoded" \
    --data-urlencode "grant_type=client_credentials" \
    --data-urlencode "client_id=$CLIENT_ID" \
    --data-urlencode "client_secret=$CLIENT_SECRET" \
    --data-urlencode "scope=https://graph.microsoft.com/.default"

    Replace the $TENANT_ID, $CLIENT_ID and $CLIENT_SECRET with the values copied in the previous steps

  2. Copy the access_token

  3. Get site ID of the newly created site:

    curl -X GET \
    "https://graph.microsoft.com/v1.0/sites/$TENANT_NAME.sharepoint.com:/sites/$SITE_NAME" \
    -H "Authorization: Bearer $ACCESS_TOKEN"

    Replace $TENANT_NAME, $SITE_NAME and $ACCESS_TOKEN with the correct values. For example https://yourcompany.sharepoint.com/sites/go-to-market-key-content:

    • $TENANT_NAME: yourcompany

    • $SITE_NAME: go-to-market-key-content

    • $ACCESS_TOKEN: the access_token retrieved in the previous step

  4. Copy the id

  5. Grant uman access to the site.

    curl -X POST \
    https://graph.microsoft.com/v1.0/sites/$SITE_ID/permissions \
    -H "Content-Type: application/json" \
    -H "Authorization: Bearer $ACCESS_TOKEN" \
    -d '{
    "roles": ["fullcontrol"],
    "grantedToIdentities": [
    {
    "application": {
    "id": "81e34be5-dfcb-4672-a744-b16f713226dd",
    "displayName": "uman SharePoint"
    }
    }
    ]
    }'

    Replace $SITE_ID with the id from the previous step. Also replace $ACCESS_TOKEN again

Connection Successful!

The connection to uman is now successfully set up.

  1. Clean up: Remove the App Registration created in Step 3.

  2. Notify: Let the uman team know that the steps are completed. Provide them with:

    • The URL of the newly created site (e.g. https://yourcompany.sharepoint.com/sites/go-to-market-key-content )

    • The $TENANT_ID.

Did this answer your question?