The Microsoft SharePoint connector for Gemini Enterprise provides access to your Microsoft SharePoint Online data, allowing you to interact with your documents, lists, and sites.
Supported Microsoft SharePoint versions
The Microsoft SharePoint connector supports the latest cloud version of Microsoft SharePoint Online.
Supported actions
When the Microsoft SharePoint Connector is enabled, you can use natural language commands in Gemini Enterprise to perform the following actions in your Microsoft SharePoint Online instance.
| Action | Description |
|---|---|
| Create folder | Creates a new folder in a specified path. |
| Add list | Creates a new structured data list (e.g., tasks, contacts) on the SharePoint site. |
Required permissions
To enable Gemini Enterprise to perform search and data ingestion using the Microsoft SharePoint data store, you need the following permissions:
Microsoft Graph API permissions
The table below outlines the permissions required for each connection mode.
Note: The following table outlines the permissions required for each connection mode. If you enable Actions for either the Federated search or Data ingestion connection mode, also select the permissions listed in the Actions row.
| Connection mode | Scope | Purpose |
|---|---|---|
| Federated search | N/A | No Graph API permissions are required. |
| Data ingestion | GroupMember.Read.All |
(Federated credentials & OAuth 2.0 refresh token) Allows the connector to read memberships and basic group properties for all groups without a signed-in user. |
User.Read |
(Federated credentials & OAuth 2.0 refresh token) Allows the connector to read the profile of signed-in users. It also allows the connector to read basic company information of signed-in users. | |
User.Read.All |
(OAuth 2.0 refresh token only) Allows the connector to read user profiles. | |
Sites.FullControl.All (Option 1)Sites.Selected (Option 2) |
(Federated credentials & OAuth 2.0 refresh token) Option 1 allows the connector to have full control of all site collections. Option 2 allows the connector to access a subset of site collections. The specific site collections and the permissions granted can be configured in SharePoint Online. | |
User.Read.All (Option 1)User.ReadBasic.All (Option 2) |
(Federated credentials only) Option 1 allows the connector to read user profiles. Option 2 allows the connector to read a basic set of profile properties of other users in the organization. | |
| Actions | Sites.ReadWrite.All |
(Federated search & Data ingestion) Allows the connector to edit or delete documents and list items in all site collections on behalf of the signed-in user. |
Files.ReadWrite |
Allows the connector to read, create, update and delete the signed-in user's files. | |
Files.ReadWrite.All |
Allows the connector to read, create, update and delete all files the signed-in user can access. | |
Sites.Manage.All |
Allows the connector to create or delete document libraries and lists in all site collections on behalf of the user. |
Microsoft SharePoint API permissions
The table below outlines the permissions required for each connection mode.
| Connection mode | Scope | Purpose |
|---|---|---|
| Federated search | Sites.Search.All (Delegated) |
Allows the connector to run search queries and to read basic site info on behalf of the current signed-in user. Search results are based on the user's permissions instead of the app's permissions. |
AllSites.Read (Option 1, Delegated) |
Allows the connector to read documents and list items in all site collections on behalf of the signed-in user. | |
Sites.Selected (Option 2, Delegated) |
Allows the connector to access a subset of site collections with a signed-in user. The specific site collections and the permissions granted can be configured in SharePoint Online. | |
| Data ingestion (Federated credentials) | Sites.FullControl.All (Option 1, Application) |
Allows the connector to have full control of all site collections. |
Sites.Selected (Option 2, Application) |
Allows the connector to access a subset of site collections with a signed-in user. The specific site collections and the permissions granted can be configured in SharePoint Online. | |
| Data ingestion (OAuth 2.0 refresh token) | AllSites.FullControl (Option 1, Delegated) |
Allows the connector to have full control of all site collections on behalf of the signed-in user. |
Sites.Selected (Option 2, Delegated) |
Allows the connector to access a subset of site collections with a signed-in user. The specific site collections and the permissions granted can be configured in SharePoint Online. | |
| Actions | AllSites.Write (Delegated) |
Allows the connector to create, read, update, and delete documents and list items in all site collections on behalf of the signed-in user. |
For information on how to add the permissions for Microsoft SharePoint, see Configure Microsoft SharePoint and set the necessary permissions.
Limitations
This section outlines known issues and limitations that may affect your use of the Microsoft SharePoint connector.
Enforcing a VPC Service Controls perimeter on existing Microsoft SharePoint data stores is not supported. To enforce VPC Service Controls, you must delete and recreate the data stores. For more information on VPC Service Controls and how to use actions after enabling VPC Service Controls, see Secure your app with VPC Service Controls.
The Microsoft SharePoint data store is supported only in Global, US, and EU locations.
When creating a new application or adding a data store to an existing application, we recommend that you add a data store with actions belonging to a single connector type. For example, don't associate two Microsoft SharePoint data stores with actions enabled to the same application.
The following are the limitations for the Microsoft SharePoint federated connector:
- Search limitations: Search results may vary and are not always comprehensive for all file types. Content in archived or encrypted folders may not be accessible for search. Federated search does not support searching within attachments.
- Delegated access: Access to shared sites or libraries may require specific permissions not covered by standard user authorization.
What's next
- To create and configure a connector with Microsoft SharePoint, see Set up a Microsoft SharePoint data store.