Skip to main content

šŸ”“ Granting Rivia Access to a SharePoint Site

This step-by-step guide will help you configure Microsoft Azure and SharePoint to grant Rivia secure read-only access to a specific site.

Tiago Kieliger avatar
Written by Tiago Kieliger
Updated over 4 months ago

This step-by-step guide will help you configure Microsoft Azure and SharePoint to grant Rivia secure read-only access to a specific site. Weā€™ll register an app in Azure, grant it permission to access your SharePoint site, and collect the credentials needed by Rivia to connect.

Duration

The steps below should take 15-30min to complete. If any question arise, please contact Tiago at [email protected] or +41 76 442 68 91

Placeholder Reference ā€“ Replace Before Use

Throughout this guide, replace the following placeholders with your own values:

Placeholders

Placeholder

What it represents

Example

{tenant-name}

Your SharePoint domain prefix

yourcompany ā†’ used in yourcompany.sharepoint.com

{site-name}

The name of the SharePoint site to share with Rivia

sitename

{site-id}

The SharePoint site ID (youā€™ll retrieve it later)

ec92c8fb-72f0-427a-bf79-312139f5d069

{application-id}

Application (client) ID from Azure registration (youā€™ll generate this later)

b9f8cxyz-1234-4a56-98f1-abcde1234567

{client-secret}

Value of the client secret (youā€™ll generate this later)

{tenant-id}

Azure Directory (tenant) ID (youā€™ll generate this later)

Step 1 ā€“ Register the App in Azure

In this step, well create an application identity in your Azure AD tenant. This app will later be granted scoped
permissions to your SharePoint site.

  1. Go to https://portal.azure.com

  2. In the search bar, type ā€œApp registrationsā€

  3. Click ā€œ+ New registrationā€

  4. Fill out the form:

    • Name: RiviaSharePointAccess

    • Supported account types:
      ā†’ Select Accounts in this organizational directory only (Single tenant)

    • Redirect URI: Leave blank

  5. Click ā€œRegisterā€

  6. Once registered, copy and save:

šŸ“Œ Application (client) ID ā†’ use as: {application-id}
šŸ“Œ Directory (tenant) ID ā†’ use as: {tenant-id}

Step 2 ā€“ Generate a Client Secret

Now well create a secret key that Rivia will use with the app to authenticate.

  1. In your newly created app, go to Certificates & secrets

  2. Under Client secrets, click ā€œ+ New client secretā€

  3. Fill in:

    • Description: Rivia Client Secret

    • Expires: 24 months

  4. Click ā€œAddā€

  5. Copy and save:

šŸ“Œ Secret Value ā†’ use as: {client-secret}
šŸ“Œ Secret ID (optional, not used by Rivia)

āš ļø Important: You wonā€™t be able to view the secret value again once you leave the page. If you leave the page before copying the secret, simply delete it and create a new one.

Step 3 ā€“ Add Microsoft Graph API Permissions

We'll now allow the app to access selected SharePoint sites using Microsoft Graph.

  1. Go to the appā€™s API Permissions page

  2. Click ā€œ+ Add a permissionā€

  3. Select Microsoft Graph ā†’ then Application permissions

  4. Search for and add this permission:

    • āœ… Sites.Selected

  5. Click ā€œGrant admin consentā€ and confirm

This permission limits access to only the specific SharePoint site you will authorize next.

Step 4 ā€“ Get the SharePoint Site ID

We now retrieve the internal ID of the SharePoint site you want to give access to.

1.Go to: https://developer.microsoft.com/en-us/graph/graph-explorer

2.Login using your admin account

Screenshot 2025-04-15 at 16.44.20.png

3. Use the following GET request, replacing placeholders:

GET https://graph.microsoft.com/v1.0/sites/{tenant-name}.sharepoint.com:/sites/{site-name}?$select=id

4. Click ā€œRun Queryā€ - From the JSON response id field, extract the site-id. The response has the form:

{    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#sites(id)/$entity",    "id": "{tenant-name}.sharepoint.com,{site-id},{web-id}"}šŸ“Œ Site ID ā†’ use as: {site-id}

āœ… Step 5 ā€“ Grant the App Access to the SharePoint Site

Now we explicitly grant your registered app read access to the SharePoint site.

1.In Graph Explorer, switch to the POST method

2.Use this URL (replace {site-id}):

https://graph.microsoft.com/v1.0/sites/{site-id}/permissions

3.Use the following request body, replacing {application-id}:

{  "roles": [ "read" ],  "grantedToIdentities": [    {      "application": {        "id": "3c57e30d-a18e-4650-8c1d-768800633ad7",        "displayName": "RiviaSharePointAccess"      }    }  ]}

4.Grant Graph Explorer permission to run this query:

  • Click the ā€œModify Permissionsā€ tab

  • Click ā€œOpen Permission Panelā€

  • Search for Sites.FullControl.All

  • Click ā€œConsentā€

5.Click ā€œRun Queryā€
āœ… If successful, no error should appear. Response code should be Created - 201

Cleanup Step (Optional)

To revoke the Sites.FullControl.All permission granted to Graph Explorer weā€™ll simply delete the Graph Explorer application. If you were using Graph Explorer for your company, this step is not necessary.

  • In Azure, locate and delete the Graph Explorer app.

    • Go to Enterprise Applications

    • Click on Graph Explorer

    • Go to Manage ā†’ Properties

    • Click delete and confirm

If you wish not to delete Graph Explorer, itā€™s also possible to only revoke the Sites.FullControl.All permission.

šŸ“© Send Us These Details

Please send the following values to your Rivia contact:

Results

Name

Placeholder

Example

Application (client) ID

{application-id}

b9f8cxyz-1234-4a56-98f1-abcde1234567

Directory (tenant) ID

{tenant-id}

a1bc23d4-5678-90ef-ab12-3456789def01

Client Secret (Value)

{client-secret}

(from step 2 ā€“ secret value)

SharePoint Site URL

/{tenant-name}.sharepoint.com:/sites/{site-name}

Once we receive these, we will be able to securely access the specified SharePoint folder.

Did this answer your question?