Skip to main content
All CollectionsIntegrations
SharePoint - Centralized Integration Guide

SharePoint - Centralized Integration Guide

A
Written by Alexander
Updated over a week ago

Introduction

Sana Agents is a cutting-edge AI agent designed to streamline information retrieval and knowledge management within an organization. Leveraging advanced AI and machine learning techniques, Sana Agents can answer queries, summarize documents, and provide insights based on the data it has access to. With the SharePoint integration, Sana Agents can seamlessly access and utilize data stored in SharePoint, enhancing its ability to provide accurate, context-specific responses. This centralized integration reflects the same access permissions found in Microsoft SharePoint within Sana Agents. Note: Site items are not supported by this integration.

Integration Capabilities

  • Query Information from the Integrated System: Users can search and query SharePoint data directly within Sana Agents, leveraging its advanced AI capabilities. The integration respects SharePoint's file and folder access permissions, ensuring data access remains consistent and secure.

  • Push Actions to the System: The integration is designed for data retrieval and discussion within Sana Agents and does not support pushing actions back to SharePoint.

Type of Integration

  • Centralized Integration: Mirrors SharePoint permissions on a user basis, ensuring that only authorized users can access specific data. The integration does not support site items.

Availability

The integration is available in the Team and Enterprise tiers, ensuring flexibility and scalability for various organizational needs.

Scope and Permission

The integration requests the following scopes and permissions:

Graph API

  • email: Read users' primary email addresses.

  • Files.Read.All: Read all files the signed-in user can access.

  • openid: Sign in with work or school accounts and access basic user profile information.

  • Sites.Read.All: Read documents and list items in all site collections on behalf of the signed-in user.

  • User.Read.All: Sign in to the app and read the profile of signed-in users, including basic company information.

  • Group.Read.All: understand which groups the user is a member of and if they belong to the owners group for a SharePoint site

REST API

  • AllSites.FullControl: We use this API to access additional group information that is not available through the Graph API. This allows us to better mirror the access control of SharePoint in Sana Agents.

Managing Access

The integration has access to all the sites and files that the user has access to. If you want to manage this in Microsoft Azure, we suggest this approach that ensures the principle of least-privilege:

  1. In the Azure Portal, create a user with 'Guest' role (this will ensure that it will not be part of any site unless specified).

  2. In Sharepoint, add the user with the role 'Member' to the sites that it needs access to.

  3. Add the SharePoint integration to Sana Agents with the created user.

With this approach, Sana Agents still has the required permissions to call the needed Microsoft Graph API and REST API endpoints without excessive access to the organization’s SharePoint data.

Integration Set-up

  1. Sign in to your Sana Agents account.

  2. Navigate to the Integrations section of the platform.

  3. Click on Microsoft SharePoint and select Connect centralized.

  4. Follow the prompts to authorize Sana Agents to access your SharePoint data.

    • If you are a SharePoint administrator, select “Consent on behalf of your organization” to allow any user within your organization to connect the integration.

    • If you are a user, contact your Microsoft administrator to request access.

  5. For a shared / centralized SharePoint integration, additional steps are required:

    • Navigate to the 'Shared Integrations' section and select your SharePoint integration to adjust settings.

    • Open a separate browser tab to navigate to your SharePoint and copy the URL of the site or folder you want to import to Sana.

      Valid URL formats:

      • Root site
        * https://<company-domain>.sharepoint.com
        * https://<company-domain>.sharepoint.com/SitePages/Home.aspx
        * https://<company-domain>.sharepoint.com/sites/<site-name>
        *https://<company-domain>.sharepoint.com/sites/<site-name>/SitePages/CollabHome.aspx

      • Document library
        *https://<company-domain>.sharepoint.com/<document-library-name>/Forms/AllItems.aspx
        *https://<company-domain>.sharepoint.com/sites/<site-name>/<document-library-name>

      • Folder within document library
        -https://<company-domain>.sharepoint.com/<document-library-name>/Forms/AllItems.aspx?...&id=%2F<document-library-name>%2F<path-to-folder>&...
        *https://<company-domain>.sharepoint.com/sites/<site-name>/<document-library-name>?...&id=%2Fsites%2F<site-name>%2F<document-library-name>%2F<path-to-folder>&...

      • Microsoft Office file within document library
        *https://<company-domain>.sharepoint.com/:w:/r/_layouts/15/Doc.aspx?sourcedoc=%7B<file-id>%7D&file=<file-name>&...
        *https://<company-domain>.sharepoint.com/:w:/r/sites/<site-name>/_layouts/15/Doc.aspx?sourcedoc=%7B<dile-id>%7D&file=<file-name>&...

      • Non Microsoft Office file within document library
        *https://<company-domain>.sharepoint.com/<document-library-name>/<path-to-file>/<file-name>
        *https://<company-domain>.sharepoint.com/sites/<site-name>/<document-library-name>/<path-to-file>/<file-name>

      • Site Page
        *https://<company-domain>.sharepoint.com/SitePages/<site-page-name>.aspx
        *https://<company-domain>.sharepoint.com/sites/<site-name>/SitePages/<site-page-name>.aspx

      • All Site Pages within a site
        *https://<companydomain>.sharepoint.com/SitePages/Forms/ByAuthor.aspx
        *https://<company-domain>.sharepoint.com/sites/<site-name>/SitePages/Forms/ByAuthor.aspx

      • List
        *https://<company-domain>.sharepoint.com/Lists/<list-name>/AllItems.aspx
        *https://<company-domain>.sharepoint.com/sites/<site-name>/Lists/<list-name>/AllItems.aspx

      • OneDrive URLs (only available if OneDrive is activated in Microsoft account)
        *MyFiles: https://<company-domain>-my.sharepoint.com/my
        *Folder: https://<company-domain>-my.sharepoint.com/my?id=<path-to-folder>
        *Microsoft Office file: https://<company-domain>-my.sharepoint.com/:x:/r/personal/.../_layouts/15/Doc.aspx?sourcedoc=%7B<file-id>%7D&file=<file-name>&...
        *Non Microsoft Office file: https://<company-domain>-my.sharepoint.com/personal/.../Documents/<file-name>

    • Return to the Sana Agents settings modal and paste the URL under 'sites'. Click “Validate URL” and confirm that the site is valid.

    • After that, you will get a notification if the site URL is correct or incorrect

  6. Enter your SharePoint domain and click "Connect REST API."

  7. Configure additional settings as needed and click save.

Known Limitations

When a file or folder link from SharePoint is used, the owner of integration must have access to all parent folders in the hierarchy leading to the target location. If the integration owner has permission for a specific file or subfolder but lacks access to its parent folders, Sana Agents will fail to validate the used SharePoint link.

Data Handling & Privacy

Sana Agents is fully committed to data security and privacy. All data accessed by Sana Agents is encrypted both in transit and at rest. Sana does not train any underlying language models on your data, ensuring the privacy of your information. Furthermore, Sana Agents respects the underlying permissions of SharePoint with the individual integration, ensuring that users can only access data they are authorized to view. Sana Agents is ISO 27001 certified, GDPR compliant, and adheres to the highest standards of data security.

For further information about Sana Agents or the SharePoint integration, please contact [email protected] via email.

Did this answer your question?