Microsoft SharePoint
Ingests SharePoint sites, document libraries, files, folders, and site pages via Microsoft Graph. Supports a per-tenant site allowlist so the connector only touches the spaces you care about.
variant=info text="Cloud storage" variant=success text="OAuth" variant=success text="Maps ACLs"
What gets ingested
| Element | Mapped to |
|---|---|
| SharePoint site | _Site |
| Document library | _Folder (one per library) |
| Site page | _SitePage |
| Files in libraries | _FileEntry + _Blob |
| Folder hierarchy | _Folder linked by _HasChild |
Authentication
- Type: OAuth against Microsoft Graph (per-user, tenant-scoped).
- The admin configures tenant ID + client credentials; users connect with their AAD account.
Access control mapping
| Source | Carried into the graph? |
|---|---|
| Per-user site access | Yes — site memberships drive per-user access groups. |
| Library/folder/file ACL | Yes — propagated via Microsoft Graph permissions calls and mapped to access groups. |
| Site collection visitor / member / owner | Yes — each role becomes a distinct access group on the site node. |
Sync cadence
- Default cron: every 59 minutes (heavier APIs warrant a slower cadence).
- Incremental sync: Microsoft Graph delta links per drive in each site. Sites themselves are cached for 120 hours (the site enumeration is the slowest part).
flowchart LR
User([User]) -->|OAuth| Tenant[(AAD tenant)]
Tenant --> Connector
Connector -->|sites?search=...| Sites[Site catalog]
Sites -->|allow-list| Selected[Selected sites]
Selected -->|delta| Libraries[(Document libraries)]
Libraries --> Graph[(Workspace graph)]
Connector -.cache 120h.-> SiteCache[(Sites cache)]
Notable
- Concurrent per-user locks prevent two workers from sync-ing the same site simultaneously.
- A global rate-limit guard is shared across all SharePoint connector runs in the workspace.
- A connector-version stamp lets the workspace upgrade schemas across releases without re-ingesting everything.