Client Secret Authentication

Client secret authentication uses traditional Azure App Registration credentials to connect to SharePoint. This method is suitable for most basic SharePoint integrations. Note: Permission sync is not available with client secret authentication. Use certificate-based authentication if you need permission sync functionality.

Setting up

Step 1: Create Azure App Registration

More detailed instructions can be found following the video below. SharepointAuth
  1. Log in to Azure Portal for your organization.
  2. Navigate to “App registrations” using the search bar.
  3. Click New Registration.
  4. Name it something like “Onyx SharePoint Connector”, leave everything else as default, and click Register.
  5. Under “Essentials” in the overview tab, you will find the Application (client) ID and Directory (tenant) ID. Save those for later.

Step 2: Create Client Secret

  1. Navigate to the “Certificates & secrets” tab in Azure Portal.
  2. Click New client secret.
  3. Fill out the description, set the expiration to 24 months, and click Add.
  4. Copy the secret value in the Value column for later.
Important: Make sure to copy the secret value immediately as it won’t be visible again.

Step 3: Configure API Permissions

  1. Navigate to the “API Permissions” tab in the Azure Portal.
  2. Click Add a permission.
  3. Click Microsoft Graph, then click on Application permissions.
  4. Navigate to the “Sites” permission group.
  5. Select the checkbox for Sites.Read.All.
    • Advanced: If you want to limit the sites this app has access to, select Sites.Selected. However, if you do this, you will need to add the App you are currently registering to each site you want to index.
  6. Click Add permissions.
  7. Finally, click Grant admin consent for <Organization name> (located next to Add a permission) and click Confirm.

Step 4: Configure in Onyx

  1. Navigate to the Onyx Admin Dashboard and select the SharePoint Connector.
  2. Click Create New credential and select the Client Secret tab.
  3. Provide the following information:
    • Application (client) ID from Step 1
    • Directory (tenant) ID from Step 1
    • Client Secret Value from Step 2
  4. Click Create to save your credentials.
For permission sync capabilities, consider using certificate-based authentication.