Configure Graph Connection for MS SharePoint

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 2 minutes to read

    • Configure Graph connection on ServiceNow AI Platform instance to communicate with Microsoft SharePoint.

    Before you begin

    Role required: admin

    Procedure

    1. To configure graph connection and credential alias using client secret, see .
      Follow the steps below to configure graph connection and credential alias using client certificate.
      Note:
      By default, the JWT Provider, JWT Key, and Certificate, which is configured in the previous REST connection will be used here in this procedure. For more information, see Configure REST Connection for MS SharePoint.
      1. Navigate to All > Connections & Credentials > Connections & Credential Aliases.
      2. Open the record, MicrosoftSharePointGraph.
      3. Click the Create New Connection & Credential related link.
      4. On the form, fill these details.
        Field Description
        OAuth Entity Name Name to identify the OAuth application registry record.
        OAuth Client ID Client ID
        OAuth Client Secret You can enter any value.
        Note:
        This is not important as you will be using the certificate-based authentication.
        OAuth Authorization URL Authorization URL in this format: https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/authorize?response_mode=query
        OAuth Token URL Token URL in this format: https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/token
        Token Revocation URL Token revocation URL in this format: https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/token.
        OAuth Redirect URL ServiceNow redirect URL in this format: https://empipaas.service-now.com/oauth_redirect.do
        Note:
        You may change default values as per your requirement.
      5. Click Create and Get OAuth Token.
        An error message is displayed prompting 401- unauthorised.
      6. Reload the form and open the record in the Connections related list.
      7. Enter the Base64 encoded Thumbprint value in the Encoded Thumbprint Value attribute in the Attributes section.
        Note:
        The Thumbprint value is a hexadecimal value. You can use a Hexadecimal toBase64 (Hex to Base64) converter tool to encode the Thumbprint value to a Base64 value.
      8. Navigate to System Oauth > Application Registry.
      9. Open the record which is the same name as OAuth Entity Name, which is the step d in this same procedure.
      10. Modify the OAuth API script to: OAuthUtilJWTFESPGraph
      11. Navigate to Connections & Credentials > Credentials.
      12. Open the record: Microsoft SharePoint Graph Credential.
      13. Click Get OAuth Token from the Related Links section.
    2. Update the OAuth Entity Scope.
      1. Navigate to System Oauth > Application Registry.
      2. Open OAuth application registry record generated from Step 1.
      3. Select OAuth Entity Scopes related list.
      4. Replace OAuth scope field with the following offline_access value: 
        https://graph.microsoft.com/Sites.ReadWrite.All
        Note:
        You can ignore the step 2 and move to the next step, if you are adding a client certificate.
    3. Configure a new tenant record and select alias record as created in the Step 1.
      For more information, see Define Microsoft SharePoint tenants.
    4. Select the tenant record created in step 3 as: Graph Connection while filling the File Repository Configuration form.