Skip to main content
This guide covers the Service Account (client credentials) setup for SharePoint integration. This method allows Wolfia to access SharePoint data without user interaction and is the recommended approach for production environments.

Overview

The SharePoint integration allows Wolfia to sync documents and files from your SharePoint Online environment. Using client credentials authentication, Wolfia can access your SharePoint site collections to provide rich context when responding to security questionnaires and RFPs.

What we sync

  • Documents – Files stored in SharePoint document libraries (read-only)
  • Site content – Pages and content from SharePoint sites (read-only)

Prerequisites

Before setting up the integration, you’ll need:
  • Azure account with admin access to Azure Active Directory
  • SharePoint Online subscription in your Microsoft 365 tenant
  • Ability to grant admin consent for application permissions

Setup instructions

Step 1: Register a new application

First, we’ll create an Azure AD app registration for the Wolfia integration.
  1. Sign in to the Azure Portal
  2. Navigate to Azure Active DirectoryApp registrations
  3. Click + New registration
  4. Fill in the registration form:
    • Name: Wolfia-SharePoint-Integration (or your preferred name)
    • Supported account types: Select Accounts in this organizational directory only (Single tenant)
    • Redirect URI: Leave blank (not needed for client credentials)
  5. Click Register

Step 2: Note your application IDs

After registration, you’ll land on the app’s Overview page. Copy these values — you’ll need them later:
FieldDescription
Application (client) IDYour Client ID
Directory (tenant) IDYour Tenant ID
Keep these values handy. You’ll need to provide them to Wolfia to complete the integration setup.

Step 3: Create a client secret

  1. In your app registration, go to Certificates & secrets in the left sidebar
  2. Click + New client secret
  3. Fill in:
    • Description: Wolfia Integration Secret
    • Expires: Choose an appropriate expiration (24 months recommended)
  4. Click Add
  5. Copy the Value immediately — it will only be shown once
The client secret value is only displayed once when created. If you lose it, you’ll need to create a new secret.
FieldWhat to copy
ValueThis is your Client Secret

Step 4: Configure API permissions

  1. Go to API permissions in the left sidebar
  2. Click + Add a permission
  3. Select Microsoft Graph
  4. Select Application permissions (not Delegated permissions)
  5. Search and select these permissions:
    • Sites.Read.All – Read items in all site collections
    • Files.Read.All – Read all files in all site collections
  6. Click Add permissions
Your permissions should look like:
APIPermissionType
Microsoft GraphSites.Read.AllApplication
Microsoft GraphFiles.Read.AllApplication
Application permissions require admin consent to activate:
  1. Still on the API permissions page
  2. Click Grant admin consent for [Your Organization]
  3. Click Yes to confirm
  4. Verify all permissions show a green checkmark under “Status”
If you don’t see the “Grant admin consent” button, you may need to contact your Azure AD administrator to grant consent on your behalf.

Step 6: Provide credentials to Wolfia

You now have three values needed for the integration:
CredentialWhere to find
Tenant IDApp registration → Overview → Directory (tenant) ID
Client IDApp registration → Overview → Application (client) ID
Client SecretThe value you copied in Step 3
Provide these credentials in the Wolfia integration settings to complete the SharePoint connection.

What happens after setup

Once connected, Wolfia will:
  1. Begin syncing documents from your SharePoint site collections
  2. Index content to provide context for questionnaire responses
  3. Automatically sync new and updated documents on a regular schedule

Security considerations

  • The integration uses read-only permissions — Wolfia cannot modify or delete your SharePoint content
  • All data transmission is encrypted using HTTPS
  • Client credentials are stored securely and never exposed

Troubleshooting

Common issues

“Insufficient privileges” error
  • Ensure admin consent was granted (Step 5)
  • Verify the green checkmarks appear next to all permissions in API permissions
“Invalid client secret” error
  • Client secrets can only be viewed once when created
  • If lost, create a new secret in Certificates & secrets and update the integration
“AADSTS700016: Application not found” error
  • Verify you’re using the correct Tenant ID
  • Ensure the app registration exists in your Azure AD directory
“Access denied” or no data syncing
  • Verify the app has Sites.Read.All and Files.Read.All permissions
  • Ensure permissions are of type “Application” not “Delegated”
  • Confirm admin consent was granted

Support

If you encounter any issues during setup, please contact Wolfia support or consult your Azure AD administrator for assistance with permission configuration.