• Documentation

Connect SharePoint to Rovo

This connector is only supported in Rovo Search. We're actively working on supporting this connector in Rovo Chat and Agents.

 

Before you begin

  • You need SharePoint global admin permissions to connect SharePoint to Rovo.

  • Only Microsoft Excel, PowerPoint, and Word documents are available to Rovo.

Connecting to SharePoint

To get to the setup screen for SharePoint in Atlassian Admin:

  1. Go to admin.atlassian.com. Select your organization if you have more than one.

  2. Select Settings > Rovo.

  3. Under the Sites tab, next to the site you want to connect, select More actions ( ••• ) and select Add connector.

  4. Select Microsoft SharePoint and press Next.

Azure portal

1. Log in to your Azure portal and navigate to Microsoft Entra ID.

Screenshot of the Manage Microsoft Entra ID option in Azure admin

2. In the side navigation, under Manage, select App registrations > New registration.

Screenshot of App registrations screen in Azure portal with New registration highlighted

3. On the Register an application page in the Azure portal, name the connection to Rovo (for example, “Atlassian Rovo”), select Accounts in this organizational directory only, and then select Register.

Screenshot of Azure Portal form for Register an Application, setting up a Rovo app

4. In the side navigation, under Manage, select API permissions, select Add a permission on the API permissions page, then Microsoft Graph.

Screenshot of API permissions screen in Azure Admin with Microsoft Graph highlighted

5. Select Application permissions and select expand all.

Screenshot of Request API permissions screen with Application Permissions selected

6. Copy these permissions one by one, and paste them into the search line. Click the checkbox. Repeat for all permissions.

1 2 3 4 5 6 7 8 User.Read.All Group.Read.All GroupMember.Read.All Directory.Read.All Files.Read.All Reports.Read.All Sites.Read.All AuditLogsQuery-SharePoint.Read.All

7. Select Add permissions

Screenshot of Request API permissions screen, highlightinng the Add permissions button

8. Select Grant admin consent for <workspaceName>

Screenshot of API permissions screen, with Grant admin consent for <workspacename> highlighted

9. Once this is done, back on the Manage > API permissions screen, in the Status column of the table, you should see green ticks and Granted for <workspace> (except the permission User.Read, which doesn't require Admin consent).

Screenshot of list of permissions in Azure, with Granted showing against each permission type

10. Navigate to Manage > Certificates & secrets, and select Create app secret and fill in the form.

Screenshot of Azure portal, on the Add a client secret screen

11. Once you’ve created a secret, copy the Value field. You’ll need this soon.

Screenshot of the value field in a new client secret in Azure portal

12. Go to Overview and copy the following details back into the Atlassian Administration screen:

  • Your application ID

  • The directory ID

Screenshot of the overview of an app, highlighting the Directory ID and the Application (client) ID fields

13. Copy the SharePoint domain name from your login. For example, copy the <domain> section of aaaa.bbbb@<domain>.onmicrosoft.com. 

Screenshot of Atlassian Admin setup screen for SharePoint, where you enter the application details

14. Enter the Client secret value you copied earlier as Client secret.

Microsoft 365 admin center

1. Go to the Microsoft 365 admin center at https://admin.microsoft.com/.

2. In the navigation, select SharePoint admin center.

Screenshot of the Micrsoft 365 admin centre, highlighting the navigation to SharePoint

3. You will need to grant permissions to the newly created principal. Since we're granting tenant scoped permissions, this granting can only be done via the appinv.aspx page on the tenant administration site. You can reach this site via opening this URL in your browser:

<your-sharepoint-domain>-admin.sharepoint.com/_layouts/15/appinv.aspx

There is no other way to navigate to this page. For more information, see the Azure documentation on granting permissions.

4. Using the application ID that you copied in the Azure portal earlier, paste the value in the App ID field and select Lookup.

5. Next, we need to setup SharePoint permissions. Fill in the App Domain and Redirect URL with whatever you would like (these will not be used).

  • Fill in the App Domain with www.localhost.com

  • Redirect URL with https://www.localhost.com/

  • Paste the following into the App's Permission request XML:

1 <AppPermissionRequests AllowAppOnlyPolicy="true"> <AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl" /> <AppPermissionRequest Scope="http://sharepoint/content/sitecollection" Right="FullControl" /> <AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web" Right="FullControl" /></AppPermissionRequests>
Screenshot of the form where you add the SharePoint permissions XML

6. Select Create, and on the next screen read the permissions and select Trust it.

Back in Atlassian Administration

Finally, back in Atlassian Administration:

  1. Review the disclaimer.

  2. Select Save.

Newer SharePoint tenants

If your SharePoint tenant was recently created (post-2019), you also need to enable apps to use ACS app-only access tokens. You must run on your local Windows machine. If you only have a Mac, follow these steps to install PowerShell on MacOS.

Open up Microsoft Powershell:

1. Install PnP Powershell Module by running:
Install-Module PnP.PowerShell -Scope CurrentUser

2. Next, run:
Register-PnPEntraIDApp -ApplicationName "PnP PowerShell" -Tenant <your-sharepoint-domain>.onmicrosoft.com -Interactive

  • It will open a browser window for you to log in.

  • Once logged in, the command will successfully complete.

3. In new window, navigate to the newly created PnP Powershell Application in Microsoft Entra > Applications > App Registrations, and select PnP Powershell from the application list.

Screenshot of the App registration screen

4. Under Manage > Authentication, under the Mobile Desktop and Application Redirect URIs heading, add http://localhost:55592

Screenshot of Authentication screen for PnP Powershell, adding Redirect URIs

5. Navigate to Overview and copy the Application (client) ID. You’ll need this for the next step.

Screenshot of the PnP PowerShell overview screen

6. In PowerShell, using your SharePoint domain and the Application (client) ID you just copied, run
Connect-PnPOnline -Url https://<your-sharepoint-domain>-admin.sharepoint.com -ClientId <Application (client) ID> -Interactive

  • It will open a browser window for you to log in.

  • Once you’ve logged in, the command will successfully complete.

7. Run Set-PnPTenant -DisableCustomAppAuthentication $false in PowerShell.

See Microsoft's documentation on ACS app-only access tokens

Next steps

After you’ve finished Connecting SharePoint:

  1. Documents will start to show in Search incrementally over the next few hours.

  2. Your team members will see SharePoint show up as a filter option in Search. If they haven’t connected to SharePoint from their Atlassian account, they may be asked to connect before they can see results. This is required so Rovo can make sure your teammates only see results they usually have access to.

  3. Depending on the number of documents in SharePoint, it may take some time for all your SharePoint content to be indexed and appear in Search.

Still need help?

The Atlassian Community is here for you.