Skip to main content

Client Secret Authentication

Client secret authentication uses traditional Azure App Registration credentials to connect to SharePoint. This method is suitable for most basic SharePoint integrations. Note: Permission sync is not available with client secret authentication. Use certificate-based authentication if you need permission sync functionality.

Setting up

Step 1: Create Azure App Registration

More detailed instructions can be found following the video below.
1

Open Azure Portal

Log in to Azure Portal for your organization.
2

Open App registrations

Navigate to “App registrations” using the search bar.
3

Create registration

Click New Registration.
4

Name and register app

Name it something like “Gorbit SharePoint Connector”, leave everything else as default, and click Register.
5

Save IDs

Under “Essentials” in the overview tab, you will find the Application (client) ID and Directory (tenant) ID. Save those for later.

Step 2: Create Client Secret

1

Open Certificates & secrets

Navigate to the “Certificates & secrets” tab in Azure Portal.
2

Create secret

Click New client secret.
3

Set expiration

Fill out the description, set the expiration to 24 months, and click Add.
4

Copy secret value

Copy the secret value in the Value column for later.
Important: Make sure to copy the secret value immediately as it won’t be visible again.

Step 3: Configure API Permissions

1

Open API Permissions

Navigate to the “API Permissions” tab in the Azure Portal.
2

Add permission

Click Add a permission.
3

Choose Microsoft Graph

Click Microsoft Graph, then click on Application permissions.
4

Select Sites permissions

Navigate to the “Sites” permission group.
5

Select scope

Select the checkbox for Sites.Read.All.
  • Advanced: If you want to limit the sites this app has access to, select Sites.Selected. However, if you do this, you will need to add the App you are currently registering to each site you want to index.
If you selected Sites.Selected, you need to grant your app read access to each site you want to index.The steps below use Microsoft Graph Explorer, but you can also grant site permissions using:To use Graph Explorer, complete these steps:
1

Sign in

Sign in with a Global Admin or SharePoint Admin account.
2

Consent to permissions

Click your profile icon → Consent to permissions → enable Sites.FullControl.All. This grants Graph Explorer (not your Gorbit app) permission to manage site access.
3

Get the site ID

Run a GET request, replacing {tenant} and YourSiteName:
GET https://graph.microsoft.com/v1.0/sites/{tenant}.sharepoint.com:/sites/YourSiteName?$select=id
Copy the id from the response (format: contoso.sharepoint.com,guid1,guid2).
4

Grant Read permission

Change the method to POST:
POST https://graph.microsoft.com/v1.0/sites/{site-id}/permissions
Request body:
{
  "roles": ["read"],
  "grantedToIdentitiesV2": [{
    "application": {
      "id": "<Gorbit App Client ID>",
      "displayName": "Gorbit SharePoint Connector"
    }
  }]
}
5

Verify

Change the method to GET:
GET https://graph.microsoft.com/v1.0/sites/{site-id}/permissions
Confirm "roles": ["read"] appears for the Gorbit app.
Repeat steps 3–5 for each site you want to index.
6

Add and grant

Click Add permissions. Finally, click Grant admin consent for <Organization name> (located next to Add a permission) and click Confirm.

Step 4: Configure in Gorbit

1

Open SharePoint connector

Navigate to the Gorbit Admin Panel and select the SharePoint Connector.
2

Create Client Secret credential

Click Create New credential and select the Client Secret tab.
3

Enter credential details

  • Application (client) ID from Step 1
  • Directory (tenant) ID from Step 1
  • Client Secret Value from Step 2
4

Save credentials

Click Create to save your credentials.
For permission sync capabilities, consider using certificate-based authentication.