Connecting to Microsoft SharePoint

Edit online

Microsoft SharePoint is a powerful collaboration and document management platform that enables teams to store, organize, share, and access information securely from any device. Integrating SharePoint with IBM watsonx Orchestrate enables you to automate document workflows, synchronize content, and streamline enterprise collaboration.

To integrate Microsoft SharePoint with IBM watsonx Orchestrate, you need to establish a secure connection that enables both systems to communicate seamlessly. For general guidance on managing integrations, refer to Connecting apps for prebuilt agents.

Note:

The Single sign-on (SSO) toggle is enabled only for supported OAuth 2.0 authentication types and applications. If the application does not support an SSO-enabled authentication type, the toggle remains disabled. For supported configurations, see Configuring single sign-on for applications.

Steps to connect

Use the following steps to connect Microsoft SharePoint to watsonx Orchestrate:

Go to Manage > Connections and search for the corresponding Microsoft SharePoint Connection ID.
Click edit next to the matching connection ID.
Select the authentication method your organization uses (OAuth 2.0 or Multi Auth or Key Value Pair).
Enter the Microsoft SharePoint specific fields. See Connecting apps for prebuilt agents page for general connection workflow.
Complete the Draft and Live setup steps.
Save and test the connection to confirm successful connection.

Authentication methods

Microsoft SharePoint supports the following authentication types in watsonx Orchestrate:

OAuth2 Authorization Code: Recommended for production connections
Multi Auth: Supports both OAuth2 Authorization Code and OAuth2 Client Credential
Key Value Pair: Supported for API key–based and legacy scenarios

Note:

For agents created after September 2025, OAuth 2.0 is the only supported authentication for Microsoft SharePoint.

Connection ID

Use the following Connection IDs when locating your Microsoft SharePoint connection in the Connections settings page. To understand how to search for a Connection ID and open a connection for editing, see Connecting apps for prebuilt agents.


Authentication type	Connection ID
OAuth2 Authorization Code	`microsoft_oauth2_auth_code_ibm_184bdbd3`
Multi Auth (OAuth2 Authorization Code and OAuth2 Client Credential)	`microsoft_ibm_184bdbd3`
Key Value Pair	`microsoft_key_value_ibm_184bdbd3` (deprecated)

OAuth 2.0 connection details

If your organization uses OAuth‑based authentication, set Authentication type to OAuth2 Authorization Code and enter the following fields:


Field	Description
`Server URL`	Base URL of the Microsoft server. For example, `https://graph.microsoft.com`
`Token URL`	Endpoint to exchange the authorization code for an access token. For example, `https://login.microsoftonline.com/Tenant_ID/oauth2/v2.0/token`
`Scope`	Specify offline_access. Defines the level of access being requested. You can include other scope items, separated by spaces. For example, `https://graph.microsoft.com/.default`
`Authorization URL`	URL where users are redirected to log in and authorize access. For example, `https://login.microsoftonline.com/Tenant_ID/oauth2/v2.0/authorize`
`Client ID`	Unique ID for your application (available in Microsoft UI)
`Client Secret`	A secret key used to authenticate your app with Microsoft

To obtain these values, refer to the Microsoft API documentation.

Multi Auth connection details

Set the Authentication type to OAuth2 Authorization Code or OAuth2 Client Credential and enter the following fields:

OAuth2 Authorization Code


Field	Description
`server_url`	Base URL of the Microsoft Graphs API. For example, `https://graph.microsoft.com`
`token_url`	Endpoint to exchange the authorization code for an access token. Replace TENANT_ID with your Directory (Tenant) ID. For example, `https://login.microsoftonline.com/Tenant_ID/oauth2/v2.0/token`
`scope`	Specify offline_access and other scopes as needed, separated by spaces. The scope defines the level of access requested. For example, `https://graph.microsoft.com/`
`authorization_url`	URL where users are redirected to log in and authorize access. Replace TENANT_ID with your Directory (Tenant) ID. For example, `https://login.microsoftonline.com/Tenant_ID/oauth2/v2.0/authorize`
`client_id`	A unique identifier for your application (available in the Microsoft portal)
`client_secret`	The secret key that is used to authenticate your app with Microsoft
`Token request field`	It is used to include additional parameters that the authorization server needs when exchanging a code or credentials for an access token. They are required for custom implementations where the server expects extra details, such as a verification code or resource ID.
`Auth request field`	It is used to provide extra information during the login step at the OAuth authorization endpoint. They help the server identify the correct tenant or identity provider and are essential for setups that require custom parameters like `idp` or `tenant_id`

OAuth2 Client Credential


Field	Description
`Server URL`	This refers to the base URL of the server that hosts the protected resources
`Send Credentials Via`	Specify how the credentials are sent (header or body)
`Token URL`	Specify the token URL value relative to the server URL. The Token URL is typically provided by the authorization server during the registration of the application
`Client ID`	A unique identifier for the client application. Get the client ID from your account user interface
`Client Secret`	A secret key that is known only to the client and the authorization server
`Grant Type`	The grant type is always "client_credentials". This indicates the authorization server that the client is requesting an access token by using the Client Credential flow
`Scope`	Scope is a way to limit the access. It defines the specific permissions or resources to which access is allowed. For example, read/write profile
`Token request field`	It is used to include additional parameters that the authorization server needs when exchanging a code or credentials for an access token. They are required for custom implementations where the server expects extra details, such as a verification code or resource ID

Key Value Pair connection details

If your organization uses OAuth‑based authentication, set Authentication type to Key Value Pair and add each of the following fields using Add new field:


Key	Description
`client_id`	The client ID of your registered Microsoft application
`client_secret`	The client secret associated with your Microsoft app
`username`	The SharePoint account username (typically the email address)
`password`	The password for the SharePoint account or app-specific password
`authority`	The authority URL for authentication, for example, `https://login.microsoftonline.com`
`base_url`	The base URL for Microsoft, for example, `https://login.microsoftonline.com`

To get these values, see the Microsoft API documentation.

What to do next

Now that your app connection is live, you can start using it in watsonx Orchestrate.

Run an agent in Orchestrate Chat to complete tasks using natural language. See Using Orchestrate Chat for more details.
Use relevant agents and tools to perform app-specific actions. See Prebuilt agents and Prebuilt tools for more details.