Client Secret Authentication
Client secret authentication uses traditional Azure App Registration credentials to connect to SharePoint. This method is suitable for most basic SharePoint integrations. Note: Permission sync is not available with client secret authentication. Use certificate-based authentication if you need permission sync functionality.Setting up
Step 1: Create Azure App Registration
More detailed instructions can be found following the video below.1
Open Azure Portal
Log in to Azure Portal for your organization.
2
Open App registrations
Navigate to “App registrations” using the search bar.
3
Create registration
Click New Registration.
4
Name and register app
Name it something like “Gorbit SharePoint Connector”, leave everything else as default, and click Register.
5
Save IDs
Under “Essentials” in the overview tab, you will find the Application (client) ID and Directory (tenant) ID.
Save those for later.
Step 2: Create Client Secret
1
Open Certificates & secrets
Navigate to the “Certificates & secrets” tab in Azure Portal.
2
Create secret
Click New client secret.
3
Set expiration
Fill out the description, set the expiration to 24 months, and click Add.
4
Copy secret value
Copy the secret value in the Value column for later.
Step 3: Configure API Permissions
1
Open API Permissions
Navigate to the “API Permissions” tab in the Azure Portal.
2
Add permission
Click Add a permission.
3
Choose Microsoft Graph
Click Microsoft Graph, then click on Application permissions.
4
Select Sites permissions
Navigate to the “Sites” permission group.
5
Select scope
Select the checkbox for Sites.Read.All.
- Advanced: If you want to limit the sites this app has access to, select Sites.Selected. However, if you do this, you will need to add the App you are currently registering to each site you want to index.
How to grant site-specific access
How to grant site-specific access
If you selected Sites.Selected, you need to grant your app read access to each site you want to index.The steps below use Microsoft Graph Explorer,
but you can also grant site permissions using:Repeat steps 3–5 for each site you want to index.
- PnP PowerShell (
Grant-PnPAzureADAppSitePermissioncmdlet) - Resource Specific Consent guide
1
Sign in
Sign in with a Global Admin or SharePoint Admin account.
2
Consent to permissions
Click your profile icon → Consent to permissions → enable Sites.FullControl.All.
This grants Graph Explorer (not your Gorbit app) permission to manage site access.
3
Get the site ID
Run a GET request, replacing Copy the
{tenant} and YourSiteName:id from the response (format: contoso.sharepoint.com,guid1,guid2).4
Grant Read permission
Change the method to POST:Request body:
5
Verify
Change the method to GET:Confirm
"roles": ["read"] appears for the Gorbit app.6
Add and grant
Click Add permissions. Finally,
click Grant admin consent for <Organization name> (located next to Add a permission)
and click Confirm.
Step 4: Configure in Gorbit
1
Open SharePoint connector
Navigate to the Gorbit Admin Panel and select the SharePoint Connector.
2
Create Client Secret credential
Click Create New credential and select the Client Secret tab.
3
Enter credential details
- Application (client) ID from Step 1
- Directory (tenant) ID from Step 1
- Client Secret Value from Step 2
4
Save credentials
Click Create to save your credentials.