Alloovium

Integrations

SharePoint

Sync documents from your SharePoint sites and document libraries into Alloovium. New, updated, and deleted files are picked up automatically.

Overview

The SharePoint integration connects an Alloovium project to one or more SharePoint document libraries. Once connected, Alloovium ingests files from the selected library and keeps them in sync — new files are added, changed files are re-processed, and files already up to date are skipped to save time.

You can connect SharePoint using your own Microsoft account (OAuth) or with a dedicated Azure app registration set up by your IT team. The app registration path is recommended for company-wide or automated deployments.

Connecting SharePoint

Go to Integrations → SharePoint in your Alloovium project. Click Add connection. You will be prompted to give the connection a name and choose an authentication method.

Screenshot: SharePoint — Add connection dialog showing the Connection Name field and two auth tabs

Option A: Sign in with Microsoft

The simplest way to connect. Alloovium redirects you to Microsoft to sign in with your work account. No Azure configuration required — permissions are granted as yourself.

  1. 1

    Click "Connect Microsoft"

    In the Add connection dialog, select the "Sign in with Microsoft" tab and click the button. A Microsoft login window will open.

  2. 2

    Sign in and grant consent

    Log in with your Microsoft 365 work account. Review the requested permissions and click Accept.

  3. 3

    Name the connection

    Back in Alloovium, enter a name for this connection (e.g. "Acme SharePoint") and save.

When to use OAuth

OAuth is ideal for individual users connecting their own SharePoint access. If you need to sync files that require service account permissions, use an app registration instead.

Option B: App registration (recommended for teams)

For company-wide or unattended sync, create an Azure AD app registration and provide the credentials to Alloovium. Your IT administrator will need to complete the Azure steps.

Step 1 — Create an app registration in Azure

  1. 1

    Open Azure Active Directory

    In the Azure portal, go to Azure Active Directory → App registrations → New registration.

  2. 2

    Name and register the app

    Give the app a name (e.g. "Alloovium SharePoint"), leave the redirect URI blank for now, and click Register.

  3. 3

    Note the Tenant ID and Client ID

    On the app overview page, copy the Directory (tenant) ID and the Application (client) ID — you will paste these into Alloovium.

  4. 4

    Grant SharePoint API permissions

    Under API permissions → Add a permission → SharePoint → Application permissions, add Sites.Read.All (or Sites.FullControl.All if write access is needed). Grant admin consent.

Screenshot: Azure portal — App registration overview showing Tenant ID and Client ID fields

Step 2 — Create a credential (choose one)

Client secret

  1. 1

    Add a client secret

    In your app registration, go to Certificates & secrets → New client secret. Set an expiry and click Add.

  2. 2

    Copy the secret value immediately

    Azure only shows the secret value once. Copy it now — you will not be able to retrieve it again.

Certificate (more secure)

  1. 1

    Generate or obtain a certificate

    Create a self-signed certificate or use one from your organisation's PKI. You need the .pfx (or .pem) private key and the certificate thumbprint.

  2. 2

    Upload the certificate to Azure

    In your app registration, go to Certificates & secrets → Certificates → Upload certificate. Upload the public certificate (.cer or .pem).

  3. 3

    Note the thumbprint

    After upload, copy the certificate thumbprint shown in the list.

Step 3 — Enter credentials in Alloovium

In the Add connection dialog, enter the Connection Name, Azure Tenant ID, and Client ID. Then choose your credential type:

  • Client Secretpaste the secret value from Azure.
  • Certificatepaste the certificate thumbprint and private key (PEM format).

Screenshot: Alloovium — Add connection dialog with Tenant ID, Client ID, and Client Secret fields filled in

Step 4 — Set site permissions

Choose how much of your SharePoint tenant Alloovium can access:

  • Full tenant accessthe app can read any site in your tenant. Convenient but requires broad admin consent.
  • Selected site onlyrestrict access to a single SharePoint site by entering its URL. Recommended for security-conscious deployments. https://contoso.sharepoint.com/sites/construction.

Least-privilege recommendation

Use selected site access with a client secret that has a short expiry. Rotate the secret before it expires to avoid sync interruptions.

Selecting a library

After the connection is saved, the SharePoint browser appears. Navigate to the site and document library you want to sync, then click Sync this library.

  1. 1

    Browse to your site

    The browser lists all SharePoint sites your connection can access. Click a site to expand it.

  2. 2

    Choose a document library

    Select the document library (e.g. "Documents", "Drawings"). You can drill into sub-folders and sync just a folder rather than the whole library.

  3. 3

    Start the sync

    Click "Sync". Alloovium queues the files for ingestion. A progress indicator shows how many files have been processed.

Screenshot: Alloovium — SharePoint browser showing site list, a selected document library, and the Sync button

How sync works

Alloovium uses eTag-based change detection to avoid re-processing files that have not changed. When you trigger a sync (or re-sync), Alloovium:

  1. Fetches the file list from SharePoint for the selected library or folder.
  2. Compares eTags — files whose SharePoint eTag matches the eTag recorded at last sync are skipped entirely, so a library that is 90% synced will only process the remaining 10%.
  3. Queues changed or new files for download and ingestion. Files are processed in batches to avoid overwhelming the pipeline.
  4. Updates the record — on success, the new eTag is stored so the next sync can skip this file again.

Re-syncing a partially synced library

If a previous sync was interrupted, simply click Sync again. Alloovium will skip all files that were already successfully processed and only ingest what remains.

File deletions

Alloovium does not currently delete documents from your project when they are removed from SharePoint. Deleted files remain in Alloovium until manually removed.

Troubleshooting

Sync stuck at 0 files

If the progress counter stays at 0, check that your app registration has the correct API permissions and that admin consent has been granted. For client secret auth, verify the secret has not expired.

'Insufficient privileges' error

Ensure the app registration has Sites.Read.All (application permission, not delegated) and that an Azure Global Administrator has granted admin consent. Delegated permissions alone are not sufficient for unattended sync.

Certificate authentication failing

Verify the thumbprint matches the certificate uploaded to Azure exactly (no spaces or colons). The private key must be in PEM format (starts with -----BEGIN RSA PRIVATE KEY-----).