Create a Microsoft SharePoint Online external content connector

  • Versão de lançamento: Australia
  • Atualizado 12 de mar. de 2026
  • 9 min. de leitura

    • Create an external content connector to retrieve searchable content and security principals from your Microsoft SharePoint Online source system.

    Antes de Iniciar

    A source system administrator must have already configured your Microsoft SharePoint Online source system to allow access by the Microsoft SharePoint Online external content connector. For details on configuring these settings in the source system, see Create a public/private key pair for the Microsoft SharePoint Online external content connector and Configure Microsoft SharePoint Online for external content indexing.

    If your Microsoft SharePoint Online tenant is in the Microsoft 365 GCC or GCC High cloud or the Microsoft 365 DoD cloud, you must have already configured the Microsoft cloud service endpoint URL. For instructions on configuring this setting, see .

    Role required: adminsn_ext_conn.xcc_admin

    Procedimento

    1. Navigate to All > External Content Connectors > External Content Admin Home.
    2. If prompted, select Switch scope to switch to the External Content Connectors Admin scope.
      You need to be in this scope to create or edit external content connectors.
    3. In the Connectors section, select New.
    4. On the Choose source page, select the SharePoint Online tile, then select Next.
    5. On the Connection settings page, fill in the connection settings.
      Connection setting Description
      Connector name Unique name for this Microsoft SharePoint Online external content connector.
      Application (client) ID Application (client) ID for the OAuth 2.0 application defined in the Microsoft Entra admin center that grants access to your Microsoft SharePoint Online source system.

      If you have access to the OAuth 2.0 application's registration record in the Microsoft Entra admin center, you can navigate to Overview and copy this ID from the Application (client) ID field in the Essentials section.

      If you can't access the OAuth 2.0 application's registration record in the Microsoft Entra admin center, ask your Microsoft Entra administrator for the application's Application (client) ID value.
      Directory (tenant) ID Directory (tenant) ID for the OAuth 2.0 application defined in the Microsoft Entra admin center that grants access to your Microsoft SharePoint Online source system.

      If you have access to the OAuth 2.0 application's registration record in the Microsoft Entra admin center, you can navigate to Overview and copy this ID from the Directory (tenant) ID field in the Essentials section.

      If you can't access the OAuth 2.0 application's registration record in the Microsoft Entra admin center, ask your Microsoft Entra administrator for the application's Directory (tenant) ID value.
      JKS Certificate Java KeyStore (JKS) file containing a public/private key pair generated with the Java keytool utility. These keys must match the public key from the DER-encoded binary X.509 format certificate uploaded to the OAuth 2.0 application defined in the Microsoft Entra admin center that allows the Microsoft SharePoint Online external content connector to access your source system data.

      If you don't have a copy of the JKS file, ask your security administrator for it. You can't download the JKS file from the OAuth 2.0 application's registration record in the Microsoft Entra portal.
      JKS certificate password Password for the Java KeyStore (JKS) file specified in JKS Certificate.

      If you don't have the password for the JKS file, ask your security administrator for it. You can't retrieve the JKS certificate password from the registration record for the OAuth 2.0 application defined in the Microsoft Entra admin center that allows the Microsoft SharePoint Online external content connector to access your source system data.
      JKS certificate thumbprint (Base 64) Base64-encoded SHA1 hash for the DER-encoded binary X.509 format public key certificate uploaded to the OAuth 2.0 application defined in the Microsoft Entra admin center that allows the Microsoft SharePoint Online external content connector to access your source system data.

      If you don't have this hash, ask your Microsoft Entra administrator for the SHA1 thumbprint hash for the application's DER-encoded binary X.509 format public key certificate, in base64 format.
      JKS certificate thumbprint Base64-encoded or hexadecimal SHA1 hash for the DER-encoded binary X.509 format public key certificate uploaded to the OAuth 2.0 application defined in the Microsoft Entra admin center that allows the Microsoft SharePoint Online external content connector to access your source system data.

      If you don't have this hash, ask your Microsoft Entra administrator for the SHA1 thumbprint hash for the application's DER-encoded binary X.509 format public key certificate, in either base64-encoded or hexadecimal format.
      Settings for regulated markets
      Configure settings for regulated markets

      Option to display Authority endpoint and Graph API endpoint settings fields.
      Authority endpoint

      URL for the Microsoft authorization server that you use to log in to your source system (Microsoft tenant). This field appears only when Configure settings for regulated markets is selected.

      Default value: https://login.microsoftonline.com/

      Cloud service endpoint URLs include:
      • https://login.microsoftonline.com/: Endpoint URL for the Microsoft 365 cloud
      • https://login.microsoftonline.us/: Endpoint URL for the Microsoft 365 GCC and GCC High cloud and the Microsoft 365 DoD cloud
      If you don't know the authority endpoint URL to use, ask your Microsoft administrator for it.
      Importante:
      The authority endpoint URL must end with a trailing slash.
      Graph API endpoint

      Microsoft Graph API endpoint for your source system (Microsoft tenant). This field appears only when Configure settings for regulated markets is selected.

      Default value: https://graph.microsoftonline.com/

      Microsoft Graph API endpoint URLs include:
      • https://graph.microsoftonline.com/: Endpoint URL for the Microsoft Graph global service cloud
      • https://graph.microsoftonline.us/: Endpoint URL for the Microsoft Graph for US Government L4 cloud
      • https://dod-graph.microsoftonline.us/: Endpoint URL for Microsoft Graph for US Government L5 (DOD) cloud
      If you don't know the Microsoft Graph API endpoint URL to use, ask your Microsoft administrator for it.
      Importante:
      The Microsoft Graph API endpoint URL must end with a trailing slash.
      Validate connection settings with test crawl

      Option to run a short test crawl to verify whether your connection settings and source system permissions are correctly set.

      For more details on validating connection settings and source system permissions with a test crawl, see Verify your connection settings and source system permissions for an external content connector.
      Importante:
      For connectors that support user permission crawls, all searchable content and metadata indexed by the validation test crawl is public until the connector completes its first user mapping permission crawl. This means the test crawl's content will be visible to all users of portals and search applications that the connector is linked to.
      Nota:
      The Settings for regulated markets connection settings aren't shown for Microsoft SharePoint Online connectors that you created in versions of External Content Connectors prior to version 4.0. Starting in External Content Connectors version 4.0, these connection settings are shown when you create a new Microsoft SharePoint Online external content connector.
    6. Save and validate your connection settings by selecting NextValidate Connection.
      Nota:
      If validation of your connection settings fails, the system shows an error message. Double-check your connection settings to ensure they're correct. If permissions required by the connector are missing or incorrectly configured in the source system, a warning message appears showing the permissions that need to be corrected. Provide the information from this message to your source system administrator.
    7. Once your connection settings are validated, select Next.
    8. On the Crawl settings page, modify any default crawl settings that you want to override for this connector, then select Next.
      If you want to skip this step for now, select Skip instead of Next. You can modify the crawl settings for this connector from the External Content Admin Home page. For details on this procedure and the available crawl settings, see Configure crawl settings for a Microsoft SharePoint Online external content connector.
    9. On the User mapping permission settings page, modify any default user mapping permission settings that you want to override for this connector.
      If you want to skip this step for now, select Skip instead of Next. You can modify the user mapping permission settings for this connector from the External Content Admin Home page. For details on this procedure and user mapping permission settings, see Configure user mapping permission settings for an external content connector.
    10. On the Create crawl page, create a content crawl for this connector by selecting a crawl scope (if supported) and any desired options, then select Next.
      If you want to skip this step for now, select Skip instead of Next. You can create and run crawls for this connector from the External Content Admin Home page. For details on creating content crawls, see Create a content crawl for an external content connector.
    11. On the Connect search profile page, use the Connect to search profile field and Add button to add any search profiles that you want to connect this external content connector's default search source to, then select Save.
      If you want to skip this step for now, select Skip instead of Next. You can connect search sources for this connector to search profiles from the External Content Admin Home page. For details on connecting an external content connector to search profiles, see Connect an external content connector to a search profile.
    12. Select Save.

    Resultado

    Your new external content connector appears in the Connectors list on the External Content Admin Home page.

    O que Fazer Depois

    To retrieve searchable content and security principals with your new connector, you need to configure and run content and user mapping crawls for it. You can modify your new connector's crawl settings and create crawls for it from the External Content Admin Home page even if you skipped these steps during connector creation.

    To make content crawled by your new connector searchable in a portal or search application, you need to link one of the connector's search sources to the search profile used by that portal or search application. You can create search sources with filters to specify which content from the connector's indexed source you want to make searchable. To view the connector's indexed source, navigate to All > AI Search > AI Search Index > Indexed Sources. For information about creating search sources and linking them to search profiles, see Search sources in AI Search.

    To make content crawled by your new connector searchable in portals and search applications, you need to link one of its search sources to the search profile used by each portal or search application. You can use the connector's default search source or create your own custom search sources.
    Default search source
    By default, the system creates a search source that includes all content from your external content connector's indexed source.
    Custom search sources
    You can create your own search sources with filters to specify which content from the connector's indexed source is searchable. To view the connector's indexed source, navigate to All > AI Search > AI Search Index > Indexed Sources. For information about creating search sources, see Search sources in AI Search.
    You can link connector search sources to search profiles from the External Content Admin Home page. For details on this procedure, see Connect an external content connector to a search profile.