Skip to main content

SharePoint

Nexla's bi-directional connectors can both send data to and receive data from any data system. This means that once a user has created or gained access to a credential for any data system, building any data flow to ingest data from or send data to a location within that data system requires only a few simple steps.

The SharePoint connector is one of Nexla's File-Based System connectors.

1. Credentials

This section provides information about and step-by-step instructions for creating a new SharePoint credential in Nexla.

SharePoint supports 2-legged and 3-legged OAuth 2.0 authentication. SharePoint credentials in Nexla can be configure to use either of these authentication methods. Each method requires some configuration steps to be performed in the Microsoft Entra UI, as described in Section 1.1 (2-legged OAuth 2.0) and Section 1.2 (3-legged OAuth 2.0).

These steps are completed in the Microsoft Entra UI before beginning new credential creation in Nexla.


1.1 2-Legged OAuth 2.0 (Microsoft Entra UI)

Setting up a credential that will connect to SharePoint via 2-legged OAuth 2.0 authentication requires steps completed within the Microsoft Entra Admin Center prior to creating the credential in the Nexla UI.

1. Register a New Microsoft Entra App

Microsoft Admin Center

Connecting to SharePoint via 3-legged OAuth 2.0 requires the creation of a new Microsoft Entra app that will allow Nexla to access SharePoint files.

Steps 1-4 in this section must be completed in the Microsoft Entra Admin Center by a user with administrator permissions.

  1. Log into the Microsoft Entra Admin Center; then, expand the Applications menu, select App Registrations, and click the New registration button at the top of the screen.
Entra1.png
  1. Enter a display name for the app in the Name field, and select an application access option under Supported Account Types.
Entra2.png

2. Generate a Client Secret

  1. Once the app is registered, on the app Overview page, click Add a certificate or secret, and generate a client secret.
Entra4.png
  1. Copy the generated client secret for use in setting up the SharePoint credential in Nexla.

3. Set Up API Permissions

  1. Select the app API Permissions page; then, click Add Permission, and select Microsoft Graph.
Entra5_2.png
  1. Select Application Permissions, and enable the following permissions:

    • Sites.Read.All
    • Sites.ReadWrite.All
    • Sites.Selected
Entra9.png
  1. Click the Add permissions button at the bottom of the permissions list to save the selections and return to the app API Permissions page.

  2. On the app API Permissions page, click Grant Admin Consent.


4. Copy the Needed Information

The following information is needed when setting up a SharePoint credential in Nexla. Copy this information and/or ensure that it is easily accessible for use in completing Section 1.4.

  • Client ID Displayed on the Overview page of the newly created app

    Entra7.png
  • Client Secret Created & copied in Step 2 above

  • Tenant ID Displayed on the Overview page of the newly created app

    Finding the Tenant ID

    Additional ways to find the Microsoft Entra tenant ID associated with your account can be found on this Microsoft help page.

Entra8.png

1.2 3-Legged OAuth 2.0 (Microsoft Entra UI)

Setting up a credential that will connect to SharePoint via 3-legged OAuth 2.0 authentication requires steps completed within the Microsoft Entra Admin Center prior to creating the credential in the Nexla UI.

1. Register a New Microsoft Entra App

Microsoft Admin Center

Connecting to SharePoint via 3-legged OAuth 2.0 requires the creation of a new Microsoft Entra app that will allow Nexla to access SharePoint files.

Steps 1-4 in this section must be completed in the Microsoft Entra Admin Center by a user with administrator permissions.

  1. Log into the Microsoft Entra Admin Center; then, expand the Applications menu, select App Registrations, and click the New registration button at the top of the screen.
Entra1.png
  1. Enter a display name for the app in the Name field, and select an application access option under Supported Account Types.
Entra2.png
  1. Under Redirect URL, select Web, and enter the redirect URL in the corresponding field. Copy the configure redirect URL for use in setting up the SharePoint credential in Nexla.

    Web Redirect URL

    The web redirect URL will be used by Nexla to retrieve the authentication token when connecting to SharePoint via this credential.

Entra3.png

2. Generate a Client Secret

  1. Once the app is registered, on the app Overview page, click Add a certificate or secret, and generate a client secret.
Entra4.png
  1. Copy the generated client secret for use in setting up the SharePoint credential in Nexla.

3. Set Up SharePoint Permissions

  1. Select the app API Permissions page; then, click Add Permission, and select SharePoint.
Entra5.png
  1. Select Delegated Permissions, and enable the following permissions:

    • AllSites.Read
    • AllSites.Write
    • MyFiles.Read
    • MyFiles.Write
    • Sites.Search.All
Entra6.png
  1. Click the Add permissions button at the bottom of the permissions list to save the selections and return to the app API Permissions page.

  2. On the app API Permissions page, click Grant Admin Consent.


4. Copy the Needed Information

The following information is needed when setting up a SharePoint credential in Nexla. Copy this information and/or ensure that it is easily accessible for use in completing Section 1.4.

  • Client ID Displayed on the Overview page of the newly created app

    Entra7.png
  • Client Secret Created & copied in Step 2 above

  • Redirect URL Created & copied in Step 1 above

  • Tenant ID Displayed on the Overview page of the newly created app

    Finding the Tenant ID

    Additional ways to find the Microsoft Entra tenant ID associated with your account can be found on this Microsoft help page.

Entra8.png

1.3 Create a New SharePoint Credential (Nexla UI)

  1. In Nexla, after selecting the new data source/destination type, click AddANewCredential.png in the Authenticate screen. This will open the Add New Credential window.
NewCred.png
  1. Enter a name for the new credential in the Credential Name field.
CredName.png
  1. Optional: Enter a description of the credential in the Credential Description field.

    Resource Descriptions

    Resource descriptions should provide information about the resource purpose, data freshness, etc. that can help the owner and other users efficiently understand and utilize the resource.

CredDesc.png
  1. Select and configure the authentication method that Nexla will use when connecting to SharePoint via this credential by following the instructions in the corresponding subsection below.

2-Legged OAuth 2.0

  1. Select the 2-legged option from the Authentication Type pulldown menu.
AuthType.png
  1. Enter the Microsoft Entra tenant ID in the Tenant ID field.
TenantID.png
  1. Enter the Microsoft Entra client ID in the Client ID field.
ClientID.png
  1. Enter the client secret generated for the Microsoft Entra app in Step 2 above in the Client Secret field.
ClientSec.png
    • To configure Nexla to handle file encryption/decryption when connecting to SharePoint via this credential, continue to Section 1.4.
    • To create the credential without configuring file encryption/decryption, continue to Section 1.5.

3-Legged OAuth 2.0

  1. In the Add New Credential window in the Nexla UI, select the 3-legged option from the Authentication Type pulldown menu.
AuthType2.png
  1. Enter the Microsoft Entra tenant ID in the Tenant ID field.
TenantID2.png
    • To configure Nexla to handle file encryption/decryption when connecting to SharePoint via this credential, continue to Section 1.4.
    • To create the credential without configuring file encryption/decryption, continue to Section 1.5.

1.4 File Encryption/Decription

Nexla can be configured to process encrypted files such that files from a data source created with this credential will be automatically decrypted before ingestion, and files sent to a data destination created with this credential will be encrypted before uploading to the SharePoint storage location.

To enable automatic file encryption/decription:

  1. Click Advanced Settings at the bottom of the Add New Credential window.
AdvSettings.png
  1. Check the box next to Handle File Encryption/Decryption?, which will populate additional information fields.
Encryption.png
  1. Select the file-encryption protocol that should be used to encrypt/decrypt files from the list of supported protocols in the File Encryption Protocol pulldown menu, and follow the instructions in the corresponding subsection below to complete the configuration.
Protocol.png

PGP Encryption

  1. Enter the ID of the user whose public key will be used for file encryption/decryption in the External User ID field.
UserID.png
  1. Enter the public key that will be used for file encryption/decryption in the External User's Public Key field.
PubKey.png
  1. Enter the user ID that was used to generate the PGP private key in the Your User ID for Private Key field.
KeyID.png
  1. Enter the password for the user ID used to generate the PGP private key in the Your Password for Private Key field.
KeyPass.png
  1. Enter the PGP private key that will be used to encrypt/decrypt files in the Your Private Key field.
PrivateKey.png

1.5 Save & Create the SharePoint Credential

  1. Once all of the relevant steps in the above sections have been completed, click Save.png at the bottom of the Add New Credential screen to save the credential and all entered information.
Save2.png
  1. The newly added credential will now appear in a tile on the Authenticate screen during data source/destination creation and can be selected for use with a new data source or destination.

2. Data Source

To ingest data from a SharePoint location, follow the instructions in Section 2 of Common Setup for File-Based Storage Systems.


3. Data Destination

To send data to a SharePoint location, follow the instructions in Section 3 of Common Setup for File-Based Storage Systems.