Microsoft 365/SharePoint Online integration
The ThoughtFarmer Microsoft 365 integration allows OneDrive and SharePoint Online files and folders to be safely linked and embedded directly within intranet pages. It also allows Outlook shared, group, and resource calendars to be surfaced within the ThoughtFarmer interface. These connected documents and calendar events can be indexed and queried using ThoughtFarmer's cloud drive search features.
To utilize these features, you must first register and configure an application within Microsoft Entra ID, and then activate the integration within your ThoughtFarmer administrative settings.
ThoughtFarmer utilizes the Microsoft Graph API platform to securely interface with Microsoft Entra ID and Microsoft 365. Configuring this integration requires granting explicit delegated permissions to Microsoft Graph.
Please note that functional scopes, setup paths, and access permissions differ between the standard Microsoft 365/SharePoint Online integration and the AI Assistant Microsoft 365 integration.
Calendar integration
If you have already configured a Microsoft 365 integration for cloud drive functionality but want to add Outlook shared, group and resource calendar features, you must complete two specific updates detailed in this guide:
- Outlook Calendar integration required delegated permissions
- Deploying calendar integration in ThoughtFarmer.
Configure/Register App with Microsoft Entra ID
Security Requirements
The ThoughtFarmer site must be actively served over a secure HTTPS connection.
The administrator performing the setup within the Microsoft Azure Portal must possess Global Administrator or Application Administrator privileges.
Create the app registration
Authenticate to the Microsoft Azure Portal.
Navigate to Microsoft Entra ID from the main dashboard or left-hand navigation pane.
In the left menu, select App registrations, then click New registration.
-
Configure the following registration parameters:
- Name: Enter a recognizable system name (e.g., ThoughtFarmer Intranet).
Supported account types: Select Accounts in this organizational directory only (Single tenant).
-
Redirect URI: Select Web from the dropdown menu, then enter your ThoughtFarmer site URL appended with /entra/token/exchange (e.g., https://intranet.thoughtfarmer.com/entra/token/exchange).
Click Register. Once the process completes, copy the Application (client) ID and the Directory (tenant) ID from the application Overview screen for later use.
Configure API permissions
In the application left navigation menu, click API permissions, then select + Add a permission.
Select Microsoft Graph from the available APIs, and click Delegated permissions.
-
Add the following required permission scopes depending on your deployment objectives:
Feature component Required Microsoft Graph delegated permission Description Cloud drive integration Files.Read.All Allows the application to read files the signed-in user has access to. offline_access Allows the application to maintain access to data even when the user isn't actively using the app. User.Read Allows the user to sign in and profiles to be read. Outlook calendar integration
Calendars.Read Allows the application to read user calendars. Calendars.Read.Shared Allows the application to read calendars the user has access to (including shared calendars). Group.Read.All Allows the application to read group properties (required for group calendars). Place.Read.All Allows the application to read meeting room and location directory attributes. - Click Add permissions.
Optional SharePoint Online validation: If your organization utilizes SharePoint Online (and not exclusively OneDrive), click + Add a permission, scroll to select SharePoint, click Delegated permissions, select Sites.Search.All, and click Add permissions.
On the main API permissions screen, click Grant admin consent and select Yes to confirm. A green success checkmark must appear beside each permission scope before proceeding.
Enable advanced authentication tokens
Navigate to Authentication via the left navigation menu.
- Click Settings.
Check the boxes for both Access tokens (used for implicit flows) and ID tokens (used for implicit and hybrid flows).
Click Save.
Create an application client secret
Navigate to Certificates & secrets in the left navigation menu, and select the Client secrets tab.
Click + New client secret.
Provide a description (e.g., ThoughtFarmer Sharepoint Secret) and set the Expires duration to 24 months.
Click Add.
Critical: Copy the exact alphanumeric string listed within the Value column immediately. This value will be permanently masked once you navigate away from this screen.
Enabling the Microsoft 365 integration in ThoughtFarmer
Log in to your ThoughtFarmer intranet site as an administrator.
Navigate to Admin panel: Integrations section > Cloud drives and calendars page.
Under the Microsoft 365 tab, click the toggle switch next to Microsoft 365 integration to turn it ON.
In the Microsoft 365 tenant name field, paste your copied Directory (tenant) ID, then click Save beside the field.
In the Microsoft 365 Client Id field, paste your copied Application (client) ID, then click Save beside the field.
Under the Authentication type dropdown menu, select MSAL - Server side.
In the client secret field that appears, input your copied Client secret value.
-
Scroll to the Cloud drives subsection:
Check the Enable cloud drives box.
In the SharePoint Online URL field, enter your organization's root SharePoint domain (e.g., https://yourdomain.sharepoint.com).
Under Search Microsoft 365, select either the OneDrive or OneDrive and SharePoint Online radio button to control search indexing boundaries.
Optional: Click the pencil icon next to the search results field to adjust the maximum number of cloud drive items surfaced within the find-as-you-type drop-down menu.
-
Scroll to the Calendars subsection (if deploying calendar integrations):
Check the Enable Outlook calendars box.
Toggle Outlook calendar search to ON if you want events indexed by the global search bar.
Click Login to execute an integration verification test. Complete the pop-up Microsoft login workflow using your administrator credentials. Note: These credentials are strictly utilized to authorize the initial handshake and are not retained by the system.
Once verification passes, check the confirmation box labeled Yes, calendar permissions have been added, and click Save at the bottom of the page.
If there are any issues, contact the Helpdesk.
Configure the Microsoft 365 integration for the mobile app
To ensure that authenticated file linking and search features transfer successfully to the ThoughtFarmer mobile app infrastructure, complete this final one-time platform mapping:
Return to the Microsoft Azure Portal and open your designated ThoughtFarmer App Registration.
Click Authentication in the left navigation menu.
Under the Platform configurations section, click + Add a platform.
Select Mobile and desktop applications from the context panel.
In the Custom redirect URIs text field, input the exact custom scheme string:
com.thoughtfarmer.auth://microsoft-auth/Click Configure at the bottom of the pane, then click Save to commit the mobile asset permissions.
Comments
0 comments
Please sign in to leave a comment.