Skip to main content

Overview

Rogue’s SharePoint integration allows your organization to seamlessly access and utilize documents stored in Microsoft SharePoint directly within the Rogue platform. This integration enables you to:
  • Access SharePoint files without leaving Rogue
  • Search across both Rogue and SharePoint content simultaneously
  • Use SharePoint documents in your War Rooms and document generation
  • Maintain secure, read-only access to your SharePoint content

Benefits

Centralized Access

Access all your organization’s documents from one place without switching between platforms

Enhanced Search

Search across both Rogue’s Data Shelf and SharePoint libraries simultaneously

Secure Integration

Read-only access ensures your SharePoint content remains protected

Easy Setup

One-time configuration that takes less than 15 minutes

Prerequisites

Before setting up the SharePoint integration, ensure you have:
  • Administrator access to your organization’s Azure portal
  • Permission to create and manage app registrations in Azure
  • Access to your Rogue organization’s settings

Setup Instructions

Step 1: Register Application in Azure Portal

  1. Navigate to the Azure Portal (or Azure US Government for government organizations)
  2. Register a new application:
    • Go to Microsoft Entra ID (formerly Azure Active Directory)
    • Select App registrationsNew registration
    • Name the application: Rogue SharePoint Integration
    • Select the appropriate account type for your organization
    • Click Register
Depending on your Azure dashboard setup, the app registration feature may be located under Microsoft Entra ID instead of the traditional Azure AD location.

Step 2: Configure API Permissions

Choose the appropriate permission model based on your Azure environment:
Important for GCC High/Government Cloud Users: Sites.Selected is not supported in GCC High environments. You must use Sites.Read.All permissions.

Option A: Sites.Read.All (Required for GCC High, Optional for Commercial)

Best for:
  • All GCC High/Government cloud organizations (required)
  • Commercial organizations comfortable with broad access to all SharePoint sites
  1. From your new application’s overview page, navigate to: ManageAPI PermissionsAdd a permission
  2. Select Microsoft GraphApplication permissions
  3. Grant the following permissions:
    • Files.Read.All - Read files in all site collections
    • Sites.Read.All - Read items in all site collections
  4. Click Add permissions
  5. Important: Have an administrator click Grant admin consent for these permissions

Option B: Sites.Selected (Commercial Cloud Only)

Best for: Commercial cloud organizations requiring strict security with access to specific sites only
This option is only available for commercial Azure (portal.azure.com). GCC High environments must use Sites.Read.All instead.
  1. From your new application’s overview page, navigate to: ManageAPI PermissionsAdd a permission
  2. Select Microsoft GraphApplication permissions
  3. Grant the following permissions:
    • Files.Selected - Read files in selected site collections
    • Sites.Selected - Read items in selected site collections
  4. Click Add permissions
  5. Important: Have an administrator click Grant admin consent for these permissions
Administrator consent is required for the integration to function. For Sites.Selected, additional per-site permissions must be granted (see Step 5 below).

Step 3: Create Client Secret

  1. Navigate to: ManageCertificates & secretsClient secretsNew client secret
  2. Configure the secret:
    • Description: Rogue Access (or another recognizable name)
    • Expiration: Choose a duration that aligns with your security policies
    • Click Add
  3. Important: Copy the secret value immediately after creation. You won’t be able to view it again.
You can revoke this secret at any time through the Azure portal if needed. Consider setting a reminder to rotate the secret before it expires.

Step 4: Configure Integration in Rogue

  1. In your Rogue dashboard, navigate to: SettingsManage Integrations
  2. Select SharePoint Integration
  3. Provide the following information:
    • Application (Client) ID: Found on your app’s overview page in Azure
    • Client Secret: The value you copied in Step 3 (not the ID)
    • Tenant ID: Found on your app’s overview page in Azure
    • Azure Cloud:
      • Select “Commercial” if you created your app on portal.azure.com
      • Select “US Government” if you created your app on portal.azure.us
  4. Click Save SharePoint Credentials
  5. Click Test Connection to verify your setup:
    • Sites.Read.All: Should immediately show connected sites
    • Sites.Selected: Will show setup instructions if site permissions haven’t been granted yet

Step 5: Grant Site Permissions (Commercial Cloud Sites.Selected Only)

This step is only required if you chose Sites.Selected permissions in Step 2. This option is not available for GCC High/Government cloud environments.
GCC High Users: Skip this step. Your Sites.Read.All permissions are already configured and no additional site-specific permissions are needed.
After saving your credentials in Rogue, you need to grant your app access to specific SharePoint sites. The Test Connection button will provide detailed instructions specific to your configuration.
  1. Install the PnP PowerShell module: 
    Install-Module PnP.PowerShell -Scope CurrentUser
  2. Connect to your SharePoint admin center: 
    Connect-PnPOnline -Url https://[tenant]-admin.sharepoint.com -Interactive
  3. For each site you want to grant access to: 
    Grant-PnPAzureADAppSitePermission -AppId "[Your-Client-ID]" -DisplayName "Rogue SharePoint Integration" -Site https://[tenant].sharepoint.com/sites/[site-name] -Permissions Read
  4. Return to Rogue and click Test Connection again to verify access

Using Microsoft Graph Explorer

  1. Sign in to Graph Explorer as a SharePoint administrator
    • In Graph Explorer, open the Permissions panel and consent to permissions as an administrator (“Consent on behalf of your organization”).
    • Add and consent to Sites.FullControl.All (delegated) for Graph Explorer. This is required before you can make site permission changes.
  2. Get the site ID for each site: 
    GET https://graph.microsoft.com/v1.0/sites/[tenant].sharepoint.com:/sites/[site-name]
  3. Grant permissions using the site ID: 
    POST https://graph.microsoft.com/v1.0/sites/{site-id}/permissions
{
  "roles": ["read"],
  "grantedToIdentities": [{
    "application": {
      "id": "[Your-Client-ID]",
      "displayName": "Rogue SharePoint Integration"
    }
  }]
}
  4. Return to Rogue and click Test Connection to verify access

Using SharePoint in Rogue

Once configured, your SharePoint documents will be accessible throughout Rogue:

In War Rooms

  • SharePoint files appear alongside Data Shelf documents
  • Use the filter options to view only SharePoint content
  • Documents are automatically indexed for AI-powered search

In Document Generation

  • Reference SharePoint documents when creating new content
  • Pull information from SharePoint files into your responses
  • Maintain consistency with existing organizational content
  • Global search includes SharePoint results
  • Filter results by source (Data Shelf vs SharePoint)
  • Preview SharePoint documents directly in Rogue

Security Considerations

Permission Models

  • Sites.Read.All: Grants read access to all SharePoint sites in your tenant. Required for GCC High/Government cloud. Also available for commercial cloud organizations.
  • Sites.Selected (Commercial Cloud Only): Grants read access only to specifically authorized sites. Available only for commercial Azure environments. Not supported in GCC High due to lack of Graph Explorer support.

Security Features

  • Read-Only Access: The integration provides read-only access to prevent accidental modifications
  • Granular Control: With Sites.Selected, you control exactly which sites the app can access
  • Revocable Access: You can revoke access at any time through Azure portal or SharePoint admin center
  • Audit Trail: All access is logged in both Azure and Rogue for compliance
  • No Data Storage: Rogue only stores file metadata; actual file content remains in SharePoint

Troubleshooting

  • Verify you copied the secret value, not the secret ID
  • Ensure the secret hasn’t expired
  • Confirm you selected the correct Azure Cloud option
  • Verify admin consent was granted for the API permissions
  • For Sites.Selected: Ensure you’ve granted per-site permissions (Step 5)
  • For Sites.Read.All: Wait 5-10 minutes for initial indexing to complete
  • Use the Test Connection button to verify your setup
  • This is expected for Sites.Selected permissions
  • Follow the provided instructions to grant site permissions
  • Your SharePoint admin must run the PowerShell commands or use Graph Explorer
  • After granting permissions, click Test Connection again
  • For Sites.Selected: Verify permissions were granted for those specific sites
  • Check that the sites exist and are accessible to administrators
  • Ensure the site URLs are correct when granting permissions
  • The integration only accesses files the application has permission to read
  • Verify the SharePoint site permissions include your app
  • Check if files are in personal OneDrive folders (not accessible)
  • For Sites.Selected, ensure the parent site has been granted permissions

Support

If you encounter issues during setup or usage:
  1. Review the setup steps to ensure all were completed correctly
  2. Check the troubleshooting section above
  3. Contact Rogue support at success@userogue.com with:
    • Your organization name
    • Step where the issue occurred
    • Any error messages received