Skip to main content

Configure OAuth U2M for Microsoft SharePoint ingestion

Preview

The Microsoft SharePoint connector is in Beta.

This page describes how to configure OAuth user-to-machine (U2M) authentication for Microsoft SharePoint ingestion into Databricks.

Which authentication methods are supported?

The SharePoint connector supports the following OAuth methods:

  • U2M authentication (recommended)
  • Manual token refresh authentication

Databricks recommends using U2M because it doesn't require computing the refresh token yourself. This is handled for you automatically. It also simplifies the process of granting the Entra ID client access to your SharePoint files and is more secure.

Step 1: Get the SharePoint site ID

  1. Visit the desired SharePoint site in your browser.
  2. Append /\_api/site/id to the URL.
  3. Type Enter.

Step 2: Get SharePoint drive names (optional)

If you want to ingest all of the drives and documents in your SharePoint site, skip this step. However, if you only want to ingest a subset of the drives, you need to collect their names.

The drive names are listed in the left-hand menu. There is a default drive called Documents in each site. Your organization might have additional drives. For example, the drives in the following screenshot include doclib1, subsite1doclib1, and more.

View SharePoint drives

Some drives might be be hidden from the list. The drive creator can configure this in the drive settings. In this case, hidden drives might be visible in the Site contents section.

View hidden SharePoint drives

Step 3: Create a Microsoft Entra ID client

This step creates a client that can access the SharePoint files.

  1. In the Microsoft Azure portal (https://portal.azure.com), click Microsoft Entra ID. You might have to search for “Microsoft Entra ID”.

    Azure portal: Entra ID card

  2. In the left-hand menu, under the Manage section, click App Registrations.

  3. Click New registration.

    New registration button for Entra ID app

  4. In the Register an application form, specify the following:

    • Whether you want other tenants to access this application.
    • The redirect URL in the following format: <databricks-instance-url>/login/oauth/sharepoint.html

    Register an application form

    You're redirected to the app details page.

    OAuth application details page

  5. Make a note of the following values:

    • Application (client) ID
    • Directory (tenant) ID

  6. Click Client credentials : Add a certificate or secret.

  7. Click + New client secret.

    + New client secret button

  8. Add a description.

  9. Click Add.

    The updated list of client secrets displays.

  10. Copy the client secret value and store it securely. After you leave the page, you can't access the client secret.

Next steps

  1. Create a connection to store the authentication details that you've obtained.
  2. Create an ingestion pipeline.
Last updated on