SharePoint Sites

A SharePoint Site knowledge base lets your agents retrieve and reference content from your organization’s SharePoint sites. VIVI connects to SharePoint through the Microsoft Graph API using an app registration in Microsoft Entra ID (formerly Azure Active Directory). Once connected, you have access to two types of SharePoint knowledge bases:

SharePoint Site Pages

Index and retrieve content from your organization’s SharePoint site pages. Ideal for enterprise wikis, team collaboration content, and organizational knowledge.

SharePoint Documents

Sync and retrieve files from SharePoint document libraries. Ideal for PDFs, Word documents, and other files your agents need to reference.

Prerequisites

Before you set up a SharePoint knowledge base, make sure you have the following:

A Microsoft 365 tenant with SharePoint Online
Access to the Microsoft Entra admin center (requires at least the Application Developer role)
A Global Administrator or SharePoint Administrator to grant admin consent and assign site-level permissions

Set Up

VIVI uses client credentials (Client ID, Client Secret, and Tenant ID) to authenticate with Microsoft Graph and access your SharePoint content.

Sign in to the Microsoft Entra admin center
Navigate to Entra ID > App registrations
Click New registration
Enter a name for the app (e.g., “VIVI – SharePoint Connector”)
Under Supported account types, select Accounts in this organizational directory only
Leave Redirect URI blank
Click Register

Once registration is complete, copy the Application (client) ID and Directory (tenant) ID from the app’s Overview page. You’ll enter these into VIVI later.Next, create a client secret:

In your app registration, go to Certificates & secrets
Under Client secrets, click New client secret
Add a description and choose an expiration period
Click Add
Copy the secret Value immediately – it will not be visible again after you leave the page

For detailed guidance, see Microsoft’s official documentation: Register an application in Microsoft Entra ID.

Configure API Permissions

Your app registration needs permission to read SharePoint content through the Microsoft Graph API. Choose the permission model that fits your organization’s security requirements.

Option A: Sites.Read.All

This grants the app read access to all SharePoint sites in your tenant. It’s the simplest option – one admin consent step and you’re done.

In your app registration, go to API permissions
Click Add a permission > Microsoft Graph > Application permissions
Search for Sites.Read.All and select it
Click Add permissions
Click Grant admin consent for [your organization]

No further configuration is needed. The app can now read all sites in your tenant.

This permission is broad. The app will have read access to every SharePoint site in your organization. If you need to restrict access to specific sites only, use Option B instead.

Option B: Sites.Selected (Recommended)

This grants the app access to only the specific SharePoint sites you choose. The app will have zero access until you explicitly grant it to each site. This is the recommended approach for production environments because it follows the principle of least privilege.Add the permission:

In your app registration, go to API permissions
Click Add a permission > Microsoft Graph > Application permissions
Search for Sites.Selected and select it
Click Add permissions
Click Grant admin consent for [your organization]

At this point, the app has consent for Sites.Selected but cannot access any site yet. A SharePoint Administrator or Global Administrator must explicitly grant the app read access to each target site using one of the methods below.For more details on how Selected permissions work, see Microsoft’s documentation: Overview of Selected Permissions in OneDrive and SharePoint.Grant read access to specific sites:

Using PnP PowerShell (Recommended)

This is the easiest method. It requires the PnP PowerShell module.

# Install PnP PowerShell if needed
Install-Module -Name PnP.PowerShell -Scope CurrentUser

# Connect as a SharePoint Administrator
Connect-PnPOnline -Url "https://<yourcompany>.sharepoint.com/sites/<YourSite>" -Interactive

# Grant read access to the VIVI app
Grant-PnPAzureADAppSitePermission `
    -AppId "<your-app-client-id>" `
    -DisplayName "VIVI – SharePoint Connector" `
    -Site "https://<yourcompany>.sharepoint.com/sites/<YourSite>" `
    -Permissions Read

The account running this command must have Sites.FullControl.All delegated permission and hold a SharePoint Administrator or Global Administrator role. Repeat the command for each additional site the app needs to access.See the full cmdlet reference: Grant-PnPAzureADAppSitePermission.

Using the Microsoft Graph API

This requires an access token from an app or user with Sites.FullControl.All permission.First, get the site ID:

GET https://graph.microsoft.com/v1.0/sites/yourcompany.sharepoint.com:/sites/YourSite

The response will include the full site ID in the format hostname,siteCollectionId,webId.Then, grant read access to the app:

POST https://graph.microsoft.com/v1.0/sites/{siteId}/permissions
Content-Type: application/json

{
    "roles": ["read"],
    "grantedToIdentitiesV2": [
        {
            "application": {
                "id": "<your-app-client-id>",
                "displayName": "VIVI – SharePoint Connector"
            }
        }
    ]
}

A successful request returns a 201 Created response.For step-by-step details, see Microsoft’s developer blog: Controlling app access on specific SharePoint site collections.

Permission Comparison

	Sites.Read.All	Sites.Selected
Access scope	All sites in the tenant	Only explicitly granted sites
Setup complexity	Simple – one admin consent step	Moderate – requires per-site grant
Security	Broad read access	Least privilege, granular
Recommended for	Development and testing	Production environments
Site-level grant required	No	Yes

Enter Credentials in VIVI

Navigate to the Knowledge Base tab and click Add New. Select SharePoint Site from the Category dropdown menu and fill in the sections marked as required.

Enter the Client ID, Client Secret, and Azure Tenant ID from your app registration
Enter the full SharePoint site URL (e.g., https://<yourcompany>.sharepoint.com/sites/<YourSite>)
Click Test to verify the connection
Use + Add Site to add additional sites if needed

Once your SharePoint sites are connected, VIVI will begin indexing the content automatically. A status banner at the top of the page will display the current indexing status. Once indexed successfully, your agent can start referencing the content from your SharePoint sites.

Features

Monitoring Sync Status

The sync status banner shows the current state of your document sync. You can click directly on failed or skipped file links to view details, and a 24-hour aggregated sync summary gives you a consolidated view of activity over time.

Exclusions

You may exclude documents and site pages from your knowledge base. Simply select the checkbox to the left of the document name or site page and select the Exclude Selected button.

Best Practices

Use Sites.Selected in production to follow the principle of least privilege and restrict access to only the sites your agents need
Store your Client Secret securely and track its expiration date – secrets can’t be recovered after creation
Limit access to the app registration in Entra ID to only those who need it
Grant only Read access when assigning site-level permissions unless your use case requires more
Monitor indexing status to ensure all SharePoint content is processed before deploying agents to production
Write clear descriptions for your knowledge base to help your agents understand what SharePoint content is available and when to use it
Test the connection after setup and periodically verify that credentials haven’t expired

Getting Started

Core Concepts

Accounts & Billing

Features

Resources

SharePoint Sites

SharePoint Site Pages

SharePoint Documents

Prerequisites

Set Up

Features

Monitoring Sync Status

Exclusions

Best Practices

Getting Started

Core Concepts

Accounts & Billing

Features

Resources

SharePoint Site Pages

SharePoint Documents

​Prerequisites

​Set Up

​Features

​Monitoring Sync Status

​Exclusions

​Best Practices

Prerequisites

Set Up

Features

Monitoring Sync Status

Exclusions

Best Practices