Elastic SharePoint connector referenceedit

The Elastic SharePoint connector is a connector for Microsoft SharePoint.

Availability and prerequisitesedit

This connector is available as a connector client from the Python connectors framework. This connector client is compatible with Elastic versions 8.7.0+. To use this connector, satisfy all connector client requirements.

This connector is in technical preview and is subject to change. Technical preview features are subject to change and are not covered by the support SLA of generally available (GA) features. Elastic plans to promote this feature to GA in a future release.


To use this connector as a connector client, see Connector clients and frameworks.

For additional operations, see Usage.

OAuth appedit

Create SharePoint OAuth appedit

Prior to configuring the connector, you must create an OAuth App in the SharePoint Online platform. Your connector will authenticate to SharePoint as the registered OAuth application/client. You’ll collect values (client ID, tenant ID, and`client secret`) during this process that you’ll need for the configuration step in Kibana.

To get started, first log in to SharePoint Online and access your administrative dashboard. Ensure you are logged in as the Azure Portal service account.

Follow these steps:

  • Sign in to https://portal.azure.com/ and click on Azure Active Directory.
  • Locate App Registrations and Click New Registration.
  • Give your app a name - like "Enterprise Search".
  • Leave the Redirect URIs blank for now.
  • Register the application.
  • Find and keep the Application (client) ID and Directory (tenant) ID handy.
  • Locate the Client Secret by navigating to Client credentials: Certificates & Secrets.
  • Pick a name for your client secret. Select an expiration date. (At this expiration date, you will need to generate a new secret and update your connector configuration.)
  • Save the Client Secret value before leaving this screen.
  • Set up the permissions the OAuth App will request from the Azure Portal service account.

    • Navigate to API Permissions and click Add Permission.
    • Add delegated permissions until the list resembles the following:

  • Grant admin consent, using the Grant Admin Consent link from the permissions screen.
  • Save the tenant name (i.e. Domain name) of Azure platform.
SharePoint permissionsedit

Refer to the following documentation for setting SharePoint permissions.

  • To set DisableCustomAppAuthentication to false, connect to SharePoint using PowerShell and run set-spotenant -DisableCustomAppAuthentication $false
  • To assign full permissions to the tenant in SharePoint Online, go to the tenant URL in your browser. The URL follows this pattern: https://<office_365_admin_tenant_URL>/_layouts/15/appinv.aspx. This loads the SharePoint admin center page.

    • In the App ID box, enter the application ID that you recorded earlier, and then click Lookup. The application name will appear in the Title box.
    • In the App Domain box, type <tenant_name>.onmicrosoft.com
    • In the App’s Permission Request XML box, type the following XML string:

      <AppPermissionRequests AllowAppOnlyPolicy="true">
      <AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl" />
      <AppPermissionRequest Scope="http://sharepoint/social/tenant" Right="Read" />


Both SharePoint Online and SharePoint Server are supported.

For SharePoint Server, the following versions are compatible with Elastic connector frameworks:

  • SharePoint 2013
  • SharePoint 2016
  • SharePoint 2019


When using the build a connector workflow, initially these fields will use the default configuration set in the connector source code. These are set in the get_default_configuration function definition.

These configurable fields will be rendered with their respective labels in the Kibana UI. Once connected, you’ll be able to update these values in Kibana.

The following configuration fields are required to set up the connector:

Determines the SharePoint platform type. SHAREPOINT_ONLINE if SharePoint cloud and SHAREPOINT_SERVER if SharePoint Server.
The username of the account for SharePoint Server. Note: username is not needed for SharePoint Online.
The password of the account to be used for the SharePoint Server. Note: password is not needed for SharePoint Online.
The client id to authenticate with SharePoint Online.
The secret value to authenticate with SharePoint Online.
The tenant name to authenticate with SharePoint Online.
The tenant id to authenticate with SharePoint Online.

The server host url where the SharePoint is hosted. Examples:

  • https://<tenant_name>.sharepoint.com

The site collections to fetch sites from SharePoint(allow comma separated collections also). Examples:

  • collection1
  • collection1, collection2
Whether SSL verification will be enabled. Default value is False.

Content of SSL certificate needed for SharePoint Server. Keep this field empty, if ssl_enabled is set to False. Note: Applicable on SharePoint Server only.

Example certificate:

The number of retry attempts after failed request to the SharePoint. Default value is 3.

Deployment using Dockeredit

Follow these instructions to deploy the SharePoint connector using Docker.

Step 1: Download sample configuration file

Download the sample configuration file. You can either download it manually or run the following command:

curl https://raw.githubusercontent.com/elastic/connectors-python/main/config.yml --output ~/connectors-python-config/config.yml

Remember to update the --output argument value if your directory name is different, or you want to use a different config file name.

Step 2: Update the configuration file for your self-managed connector

Update the configuration file with the following settings to match your environment:

  • elasticsearch.host
  • elasticsearch.password
  • connector_id
  • service_type

Use sharepoint as the service_type value. Don’t forget to uncomment "sharepoint" in the sources section of the yaml file.

If you’re running the connector service against a Dockerized version of Elasticsearch and Kibana, your config file will look like this:

  host: http://host.docker.internal:9200
  username: elastic
  password: <YOUR_PASSWORD>

service_type: sharepoint

  # UNCOMMENT "sharepoint" below to enable the SharePoint connector

  #mongodb: connectors.sources.mongo:MongoDataSource
  #s3: connectors.sources.s3:S3DataSource
  #dir: connectors.sources.directory:DirectoryDataSource
  #mysql: connectors.sources.mysql:MySqlDataSource
  #network_drive: connectors.sources.network_drive:NASDataSource
  #google_cloud_storage: connectors.sources.google_cloud_storage:GoogleCloudStorageDataSource
  #azure_blob_storage: connectors.sources.azure_blob_storage:AzureBlobStorageDataSource
  #postgresql: connectors.sources.postgresql:PostgreSQLDataSource
  #oracle: connectors.sources.oracle:OracleDataSource
  #mssql: connectors.sources.mssql:MSSQLDataSource

Note that the config file you downloaded might contain more entries, so you will need to manually copy/change the settings that apply to you. Normally you’ll only need to update elasticsearch.host, elasticsearch.password, connector_id and service_type to run the connector service.

Step 3: Run the Docker image

Run the Docker image with the Connector Service using the following command:

docker run \
-v ~/connectors-python-config:/config \
--network "elastic" \
--tty \
--rm \
docker.elastic.co/enterprise-search/elastic-connectors: \
/app/bin/elastic-ingest \
-c /config/config.yml

Refer to this guide in the Python framework repository for more details.

Documents and syncsedit

The connector syncs the following SharePoint object types:

  • Sites and Subsites
  • Lists
  • List Items and its attachment content
  • Document Libraries and its attachment content(include Web Pages)

Sync rulesedit

  • Content of files bigger than 10 MB won’t be extracted.
  • Permissions are not synced. All documents indexed to an Elastic deployment will be visible to all users with access to that Elasticsearch Index.
  • Filtering rules are not available in the present version. Currently filtering is controlled via ingest pipelines.

Content Extractionedit

See Content extraction.

Connector client operationsedit

End-to-end testingedit

The connector framework enables operators to run functional tests against a real data source. Refer to Connector testing for more details.

To perform E2E testing for the sharepoint connector, run the following command:

$ make ftest NAME=sharepoint

For faster tests, add the DATA_SIZE=small flag:

make ftest NAME=sharepoint DATA_SIZE=small

Known issuesedit

There are currently no known issues for this connector. Refer to Known issues for a list of known issues for all connectors.


See Troubleshooting.


See Security.

Framework and sourceedit

This connector is included in the Python connectors framework.

View the source code for this connector (branch 8.8, compatible with Elastic 8.8).