SharePoint
Microsoft SharePoint connector for document retrieval, list access, and site administration via the Microsoft Graph API. All document retrieval is ACL-filtered per user identity - users see only documents their Entra group memberships grant access to.
Authentication: OAuth 2.0 via Entra ID service principal
System type: SHAREPOINT
Protocol: Microsoft Graph API v1
API reference: Microsoft Graph - SharePoint
Supported resources
| Resource | FETCH | PUSH | LOOKUP |
|---|---|---|---|
sites | ✓ | ||
drives | ✓ | ||
documents | ✓ | ✓ | ✓ |
lists | ✓ | ✓ | |
site_by_path | ✓ | ||
site_collection | ✓ | ||
document_library | ✓ | ||
library_permission | ✓ | ||
file_to_library | ✓ |
LOOKUP on documents downloads a specific file. PUSH to library_permission binds an Entra security group to a library at a specified role (Read or Contribute).
Integration model
The adapter uses a service principal with application-level Graph API permissions. Document queries flow through Azure AI Search indexes that enforce per-user ACL filtering - the Graph API is the source; retrieval goes through the search layer.
Site provisioning operations (creating site collections, document libraries, and binding permissions) are used in project scaffolding workflows when a new project or opportunity is created.
Connection setup
Required values:
- Tenant ID
- Client ID - Entra app registration
- Client Secret
Security
Access type: Read and provisioning write
Demiton reads documents and lists from SharePoint. Document retrieval is ACL-filtered per user - each user sees only documents the Entra groups they belong to are permitted to access. The service principal’s broad permissions are used only for administrative operations (site and library provisioning); individual user data access is always mediated through group membership.
Provisioning writes (creating folder structures, setting library permissions) occur only through governed project scaffolding workflows.
Permissions required: Service principal with Sites.FullControl.All via Microsoft Graph.
What Demiton does not touch: Demiton does not modify document content, does not change user permissions directly, and does not access documents outside the group memberships of the requesting user.
Next steps
- Connecting a System - step-by-step wizard for setting up the connector
- Dropbox - alternative document store connector
- MCP Server - query SharePoint documents through Claude once connected
- Connect your operation - talk to us about scoping a Connected deployment