Loading

Files Connect: SharePoint Online Integration - Azure permissions

Julkaisupäivä: Oct 23, 2025
Kuvaus

Issue

Users are unable to view files in Salesforce when accessing SharePoint Online folders through Files Connect integration. The SharePoint document folders appear in Salesforce, but when users click on them, they see a blank page or receive error messages such as "Can't access external source. External data source is unavailable because of an error." The integration may work in sandbox environments but fail in production.

Symptoms

  1. SharePoint document folders are visible in Salesforce Files Connect interface

  2. Clicking on folders displays a blank page with no files listed

  3. Error message appears: "Can't access external source. External data source is unavailable because of an error"

  4. Integration may work correctly in sandbox environments but fail in production

  5. Authentication appears successful, but file listing operations fail

  6. Browser-specific behavior may occur (different results in different browsers)

  7. Logs show "Unable to find a list view" errors for ContentHubItem objects

  8. HTTP 401 Unauthorized or 404 Not Found errors in system logs

Cause

The issue is typically caused by insufficient or incorrectly configured API permissions in the Azure Active Directory application registration used for SharePoint Online integration. When Salesforce attempts to access SharePoint files, the authentication may succeed, but the application lacks the necessary Microsoft Graph API permissions to enumerate and retrieve file listings.

 

The SharePoint Online Files Connect integration requires specific Microsoft Graph API permissions to function properly. These permissions must be granted with appropriate consent levels (delegated or application permissions) and must include both read access to SharePoint sites and the ability to access user files.

 

Additionally, Microsoft has deprecated certain SharePoint app registration methods, which may affect existing integrations. Organizations using older authentication methods may need to migrate to newer OAuth 2.0 flows with proper Microsoft Graph API permissions.

 

Ratkaisu

Solution

Step 1: Configure Azure Active Directory Application Permissions

  1. Navigate to the Azure Portal (portal.azure.com)

  2. Go to Azure Active Directory → App registrations

  3. Select your SharePoint integration application

  4. Click on "API permissions" in the left navigation

Step 2: Add Required Microsoft Graph Permissions

Add the following Application permissions:

 

  • Sites.FullControl.All: Have full control of all site collections

  • Sites.Manage.All: Read and write items and lists in all site collections

  • Sites.Read.All: Read items in all site collections

  • Sites.ReadWrite.All: Read and write items in all site collections

  • Sites.Selected: Access selected site collections

  • MyFiles.Read: Read user files

  • MyFiles.Write: Read and write user files

  • User.Read: Sign in and read user profile

  • User.Read.All: Read all user profiles

  • User.ReadWrite.All

 

Add the following Delegated permissions:

 

  • Sites.Search.All: Search items in all site collections

  • MyFiles.Read: Read user files

  • MyFiles.Write: Read and write user files

  • User.Read: Sign in and read user profile

 

In some cases additional Delegated permissions may be required:

 

  • AllSites.FullControl

  • AllSites.Manage

  • AllSites. Read

  • AllSites.Write

  • User.ReadAll

  • User.ReadWrite.All

Step 3: Grant Admin Consent

  1. After adding all required permissions, click "Grant admin consent for [Your Organization]"

  2. Confirm the consent when prompted

  3. Verify that all permissions show "Granted for [Your Organization]" status

Step 4: Update Salesforce Files Connect Configuration

  1. In Salesforce Setup, navigate to External Data Sources

  2. Locate your SharePoint Online external data source

  3. Click "Validate and Sync" to refresh the connection

  4. If authentication fails, re-authenticate using the updated Azure application

Step 5: Verify Authentication Method

  1. Ensure you are using OAuth 2.0 authentication method (not deprecated SharePoint app registration)

  2. If using older authentication methods, migrate to the supported OAuth 2.0 flow

  3. Update any custom authentication configurations to use Microsoft Graph API endpoints

Step 6: Test the Integration

  1. Navigate to Files in Salesforce

  2. Access your SharePoint Online external data source

  3. Click on document folders to verify files are now visible

  4. Test file access across different browsers and user profiles

Additional Troubleshooting

  • Clear browser cache and retry if issues persist

  • Verify network connectivity between Salesforce and SharePoint Online

  • Check SharePoint site permissions to ensure the service account has appropriate access

  • Review audit logs in both Salesforce and Azure AD for authentication failures

  • Test with different user accounts to isolate permission-specific issues

 

Important Notes:

 

  • Admin consent is required for application-level permissions

  • Changes may take several minutes to propagate

  • Some permissions require specific SharePoint Online license levels

  • Government cloud environments may have additional security requirements

  • Regular permission audits are recommended to maintain security compliance

Knowledge-artikkelin numero

005227032

 
Ladataan
Salesforce Help | Article