>
    Onboard a Microsoft SharePoint App Using OAuth 2.0
    Focus
    Download PDF
    Focus
    1. Home
    2. SaaS Security
    3. Onboard SaaS Apps Supported by SSPM
    4. Onboard a Microsoft SharePoint App to SSPM
    5. Onboard a Microsoft SharePoint App Using OAuth 2.0
    Download PDF
    SaaS Security

    Onboard a Microsoft SharePoint App Using OAuth 2.0

    Table of Contents

    Onboard a Microsoft SharePoint App Using OAuth 2.0

    Connect a Microsoft SharePoint instance to SSPM to detect posture risks.
    For SSPM to detect posture risks in your Microsoft SharePoint instance, you onboard your Microsoft SharePoint instance to SSPM. Through the onboarding process, SSPM connects to a Microsoft API to run configuration scans for misconfigured settings and scans for third-party plugins.
    Microsoft SharePoint and Microsoft OneDrive share the same core technology within the Microsoft 365 ecosystem. Because of this deep integration, onboarding Microsoft SharePoint effectively also onboards Microsoft OneDrive. SSPM scans both Microsoft SharePoint and Microsoft OneDrive.
    To onboard your Microsoft SharePoint instance, you complete the following actions:
    1. Identify the account for granting SSPM access.
      During the onboarding process, SSPM redirects you to log in to Microsoft SharePoint. After you log in, Microsoft SharePoint will prompt you to grant SSPM the access it needs.
      SSPM will use this account to establish a connection to your Microsoft SharePoint instance. After SSPM establishes the connection, it will perform an initial scan of your Microsoft SharePoint instance, and will then run scans at regular intervals. The account that you use to establish the initial connection with SSPM must remain available. For this reason, we recommend that you use a dedicated service account to grant SSPM access. If you delete the service account, or change the account's password, the scans will fail and you will need to onboard.
      When you onboard Microsoft SharePoint, the onboarding screen lists the API scopes that SSPM requires for each type of scan that it can run. Navigate to the onboarding screen (as described below) for Microsoft SharePoint and verify that the account you're using has the necessary permissions. After establishing a connection, SSPM will notify you if it's unable to run certain scans because the account did not have the permission to grant access to certain scopes.
    2. Log out of all Microsoft SharePoint accounts.
      Logging out of all Microsoft SharePoint accounts helps ensure that you log in under the correct account during the onboarding process. Some browsers can automatically log you in by using saved credentials. To ensure that the browser does not automatically log you in to the wrong account, you can turn off any automatic log-in option or clear your saved credentials.
      Alternatively, you can prevent the browser from using saved credentials by opening SSPM in an incognito window.
    3. Connect SSPM to your Microsoft SharePoint instance.
      In SSPM, complete the following steps to enable SSPM to connect to your Microsoft SharePoint instance.
      1. Log in to Strata Cloud Manager.
      2. Select ManageConfigurationSaaS SecurityPosture SecurityApplicationsAdd Application and click the Microsoft SharePoint tile.
      3. On the Posture Security tab, Add New instance.
      4. Examine the required scope permissions and Connect with Microsoft Sharepoint.
        SSPM redirects you to the Microsoft login page.
      5. Log in to your Microsoft SharePoint account.
        Microsoft SharePoint displays a consent form that details the access permissions that SSPM requires.
      6. Review the consent form and allow access.

    © 2025 Palo Alto Networks, Inc. All rights reserved.