Connect SharePoint to BEAMON

You can connect your organization’s SharePoint to BEAMON to enable direct access and automation.

Prerequisites

Before starting, you’ll need:

• Tenant ID
• Client ID
• Client Secret
• Default Site ID (optional)
  • If provided, BEAMON will only access this site.
  • If not provided, BEAMON will have access to your entire SharePoint.

Connect SharePoint to BEAMON

Step 1: Find your Tenant ID

1. Go to the Microsoft Entra admin center.
2. Copy your Tenant ID for later use in BEAMON.

Step 2: Create the App Registration

1. In the Entra portal, go to Applications > App registrations.
2. Create a new App registration (this will be the app used by BEAMON).
3. Under API permissions, select:
   • Microsoft Graph > Sites.FullControl.All to give access to all sites, or
     
     
   • Sites.Selected if you only want to give access to specific sites.
     
     
4. Grant admin consent for the permissions.

Step 3: Get the Client ID

1. Open your App registrations and go to the Overview page.
2. Copy the Application (client) ID.
3. This is your Client ID in BEAMON setup.

Step 4: Create a Client Secret

1. In your App Registration, go to Certificates & secrets.
2. Generate a new client secret.
3. Copy the Value shown. This is your Client Secret.

Step 5: Find the Site ID (Optional)

If you want to restrict BEAMON’s access to a single site:

1. Open a browser and navigate to one of the following URLs:

   https://<tenantname>.sharepoint.com/sites/<sitename>/_api/site/id
   https://<tenantname>.sharepoint.com/teams/<sitename>/_api/site/id

2. Copy the Site ID from the API response.

Step 6: (Optional) Grant Access to a Specific Site

If you’re using Sites.Selected, you’ll need to temporarily create an admin app to grant access to a site.

Create a Temporary Admin App

1. Register another app with Graph API Application Permission: Sites.FullControl.All.
   • This app will only be used by IT for granting authorization to a site.
   • It can be deleted afterwards.
2. Generate a bearer token using this admin app:
   • POST https://login.microsoftonline.com/<TENANT ID>/oauth2/token
   • Body (x-www-form-urlencoded):
     • grant_type=client_credentials
     • client_id=<admin app client id>
     • client_secret=<admin app client secret>
     • resource=https://graph.microsoft.com

Auth URL:

https://login.microsoftonline.com/<TENANT ID>/oauth2/v2.0/authorize

Access Token URL:

https://login.microsoftonline.com/<TENANT ID>/oauth2/v2.0/token

Grant Access with the Bearer Token

Make a POST request to grant the target BEAMON app access:

POST https://graph.microsoft.com/v1.0/sites/<SharePoint_SiteID>/permissions
Content-Type: application/json
Authorization: Bearer <Bearer Token>

{
  "roles": ["write"],
  "grantedToIdentities": [{
    "application": {
      "id": "xxxxxxxx",        // Target Application’s Client ID
      "displayName": "xxxxxx"  // Target Application’s Display name
    }
  }]
}

This grants the target app read or write access to the selected site.

Troubleshooting

Here are some common issues and how to resolve them:

• Error: Invalid Site ID
  • Double-check that you are using the correct URL format when retrieving the Site ID.
  • Ensure <tenantname> and <sitename> are spelled exactly as in SharePoint.
• Error: Insufficient privileges
  • Confirm that the app registration has the correct Microsoft Graph permissions.
  • Ensure admin consent has been granted.
  • If using Sites.Selected, verify that the temporary admin app successfully granted access.
• Token or authentication errors
  • Verify that the Client ID, Client Secret, and Tenant ID entered in BEAMON match those from the Entra portal.
  • If a client secret has expired, generate a new one and update it in BEAMON.
• BEAMON cannot access SharePoint after setup
  • Check whether a Default Site ID was set. If so, access will be limited to that site only.
  • If no Site ID was configured, verify that Sites.FullControl.All permission was granted.

Occasionally asked questions