Overview of SharePoint ingestion setup
Learn about the supported authentication methods for SharePoint ingestion into Databricks.
The SharePoint connector is in Beta. Workspace admins can control access to this feature from the Previews page. See Manage Databricks previews.
Which authentication methods are supported?
The SharePoint connector supports the following authentication methods:
Which authentication method should I choose?
In most scenarios, Databricks recommends machine-to-machine (M2M) OAuth. M2M scopes connector permissions to a specific site. However, if you want to scope permissions to whatever the authenticating user can access, choose user-to-machine (U2M) OAuth instead. Both methods offer automated token refresh and heightened security.
Manual token refresh authentication is considered a legacy method and is not recommended.
U2M compared to M2M
The following table compares U2M and M2M for authentication to SharePoint:
Feature | OAuth U2M | OAuth M2M |
|---|---|---|
Authentication type | Delegated access (user-based) | App-only access (service principal) |
User interaction required | Yes - User must sign in | No - Fully automated |
Best for | User-specific access scenarios | Automated production pipelines |
Token refresh | Handled automatically by Databricks | Handled automatically by Databricks |
SharePoint permissions | Delegated permissions | Application permissions |
Access scope | Limited to user's permissions | Defined by app registration |