---

Remote item name: SharePoint
#

Integration Type: Application Permission
Authentication Method: Certificate based

The Microsoft Graph API is a unified REST endpoint for all Microsoft 365 services, treating SharePoint simply as another data source alongside Teams, Outlook, and OneDrive. It allows you to access SharePoint resources like sites, drives, and list items through the single graph.microsoft.com endpoint, using a consolidated permission model.

---

🛑 Proxy Configuration: If your environment uses a Proxy or a strict Firewall, you must authorize outbound traffic to the following Microsoft endpoints.

• login.microsoftonline.com
• graph.microsoft.com

---

Open the Microsoft Entra Admin Center (formerly Azure AD) to manage your app registration: Microsoft Entra Admin Center Link

Navigation: Go to App registrations.


Configure API Permission: Navigate to API Permissions. Click on Add a permission button. Select Microsoft Graph. Then select Application Permission. Search for Files and check the flag Files.ReadWrite.All permission.



🛑 Important: Grant Admin consent for the newly added permission.



Fetch the application credentials from your App Registration to enable the integration:

Client id: See at App Registration -> Overview -> Application (client) ID

See at App Registration -> Certificates & secrets



SharePoint VFS item configuration: Application Permission - Certificate Based:



Select the Application Permission (cert based) radio button, then click Application Permission cert based button.



Enter the Client ID (See at App Registration -> Overview -> Application (client) ID).

Thumbprint: (See at App Registration -> Manage -> Certificates & secrets) Select Certificates.
Private Key: This is your application's unique digital credential, which pairs with the public certificate you uploaded in Azure Portal. It allows the system to securely access SharePoint without a password. We accept the PKCS#8 key text format (often starting with -----BEGIN PRIVATE KEY-----).

Tenant ID (See at App Registration -> Overview -> Directory (tenant) ID), then click OK. This will automatically configure the username and password in the VFS item settings. After that, click the OK button.



Identifying the SharePoint Target: You must define which part of SharePoint the VFS should connect to. You can either link to a full Document Library or a specific subfolder.

Link an Entire Document Library:

In your web browser, open your SharePoint site and navigate to the Document Library. Copy the complete URL from your browser's address bar.



It will look similar to this:

https://your.sharepoint.com/sites/your_site/Shared%20Documents/Forms/AllItems.aspx

Link a Specific Subfolder: If you only want the VFS to access a specific subdirectory, use a Direct Link:


In your web browser, open your SharePoint site and navigate to the Document Library, and find the specific folder you want to link to. Right-click on the folder. Select Copy link from the context menu that appears.
It will look similar to this:

https://your.sharepoint.com/:f:/s/your_site/Evxo0AjlwiZAnajkk56_AC0BDxGQDy7bgNu8F7HHgVMKtQ?e=BgvJps

Return to the VFS settings and paste the URL into the Shared Link input field.

Click the Test button to verify the connection. If successful, click OK and then Save your changes.

---

Back to SharePoint Integration

---