> ## Documentation Index
> Fetch the complete documentation index at: https://docs.userogue.com/llms.txt
> Use this file to discover all available pages before exploring further.

# SharePoint Integration

> Connect your SharePoint documents to Rogue for seamless access to your organization's files

## Overview

Rogue's SharePoint integration allows your organization to seamlessly access and utilize documents stored in Microsoft SharePoint directly within the Rogue platform. This integration enables you to:

* Access SharePoint files without leaving Rogue
* Search across both Rogue and SharePoint content simultaneously
* Use SharePoint documents in your War Rooms and document generation
* Maintain secure, read-only access to your SharePoint content

## Benefits

<CardGroup cols={2}>
  <Card title="Centralized Access" icon="folder-tree">
    Access all your organization's documents from one place without switching between platforms
  </Card>

  <Card title="Enhanced Search" icon="magnifying-glass">
    Search across both Rogue's Data Shelf and SharePoint libraries simultaneously
  </Card>

  <Card title="Secure Integration" icon="shield-check">
    Read-only access ensures your SharePoint content remains protected
  </Card>

  <Card title="Easy Setup" icon="plug">
    One-time configuration that takes less than 15 minutes
  </Card>
</CardGroup>

## Prerequisites

Before setting up the SharePoint integration, ensure you have:

* Administrator access to your organization's Azure portal
* Permission to create and manage app registrations in Azure
* Access to your Rogue organization's settings

## Setup Instructions

### Step 1: Register Application in Azure Portal

1. Navigate to the [Azure Portal](https://portal.azure.com) (or [Azure US Government](https://portal.azure.us) for government organizations)

2. Register a new application:
   * Go to **Microsoft Entra ID** (formerly Azure Active Directory)
   * Select **App registrations** → **New registration**
   * Name the application: `Rogue SharePoint Integration`
   * Select the appropriate account type for your organization
   * Click **Register**

<Note>
  Depending on your Azure dashboard setup, the app registration feature may be located under Microsoft Entra ID instead of the traditional Azure AD location.
</Note>

### Step 2: Configure API Permissions

Choose the appropriate permission model based on your Azure environment:

<Note>
  **Important for GCC High/Government Cloud Users**: Sites.Selected is not supported in GCC High environments. You must use Sites.Read.All permissions.
</Note>

#### Option A: Sites.Read.All (Required for GCC High, Optional for Commercial)

**Best for:**

* **All GCC High/Government cloud organizations** (required)
* Commercial organizations comfortable with broad access to all SharePoint sites

1. From your new application's overview page, navigate to:
   **Manage** → **API Permissions** → **Add a permission**

2. Select **Microsoft Graph** → **Application permissions**

3. Grant the following permissions:
   * `Files.Read.All` - Read files in all site collections
   * `Sites.Read.All` - Read items in all site collections

4. Click **Add permissions**

5. **Important**: Have an administrator click **Grant admin consent** for these permissions

#### Option B: Sites.Selected (Commercial Cloud Only)

**Best for:** Commercial cloud organizations requiring strict security with access to specific sites only

<Warning>
  This option is only available for commercial Azure (portal.azure.com). GCC High environments must use Sites.Read.All instead.
</Warning>

1. From your new application's overview page, navigate to:
   **Manage** → **API Permissions** → **Add a permission**

2. Select **Microsoft Graph** → **Application permissions**

3. Grant the following permissions:
   * `Files.Selected` - Read files in selected site collections
   * `Sites.Selected` - Read items in selected site collections

4. Click **Add permissions**

5. **Important**: Have an administrator click **Grant admin consent** for these permissions

<Warning>
  Administrator consent is required for the integration to function. For Sites.Selected, additional per-site permissions must be granted (see Step 5 below).
</Warning>

### Step 3: Create Client Secret

1. Navigate to: **Manage** → **Certificates & secrets** → **Client secrets** → **New client secret**

2. Configure the secret:
   * Description: `Rogue Access` (or another recognizable name)
   * Expiration: Choose a duration that aligns with your security policies
   * Click **Add**

3. **Important**: Copy the secret value immediately after creation. You won't be able to view it again.

<Note>
  You can revoke this secret at any time through the Azure portal if needed. Consider setting a reminder to rotate the secret before it expires.
</Note>

### Step 4: Configure Integration in Rogue

1. In your Rogue dashboard, navigate to:
   **Settings** → **Manage Integrations**

2. Select **SharePoint Integration**

3. Provide the following information:
   * **Application (Client) ID**: Found on your app's overview page in Azure
   * **Client Secret**: The value you copied in Step 3 (not the ID)
   * **Tenant ID**: Found on your app's overview page in Azure
   * **Azure Cloud**:
     * Select "Commercial" if you created your app on portal.azure.com
     * Select "US Government" if you created your app on portal.azure.us

4. Click **Save SharePoint Credentials**

5. Click **Test Connection** to verify your setup:
   * **Sites.Read.All**: Should immediately show connected sites
   * **Sites.Selected**: Will show setup instructions if site permissions haven't been granted yet

### Step 5: Grant Site Permissions (Commercial Cloud Sites.Selected Only)

<Note>
  This step is only required if you chose **Sites.Selected** permissions in Step 2. This option is not available for GCC High/Government cloud environments.
</Note>

<Warning>
  **GCC High Users**: Skip this step. Your Sites.Read.All permissions are already configured and no additional site-specific permissions are needed.
</Warning>

After saving your credentials in Rogue, you need to grant your app access to specific SharePoint sites. The Test Connection button will provide detailed instructions specific to your configuration.

#### Using PowerShell (Recommended)

1. Install the PnP PowerShell module:
   ```powershell theme={null}
   Install-Module PnP.PowerShell -Scope CurrentUser
   ```

2. Connect to your SharePoint admin center:
   ```powershell theme={null}
   Connect-PnPOnline -Url https://[tenant]-admin.sharepoint.com -Interactive
   ```

3. For each site you want to grant access to:
   ```powershell theme={null}
   Grant-PnPAzureADAppSitePermission -AppId "[Your-Client-ID]" -DisplayName "Rogue SharePoint Integration" -Site https://[tenant].sharepoint.com/sites/[site-name] -Permissions Read
   ```

4. Return to Rogue and click **Test Connection** again to verify access

#### Using Microsoft Graph Explorer

1. Sign in to [Graph Explorer](https://developer.microsoft.com/graph/graph-explorer) as a SharePoint administrator

   * In Graph Explorer, open the Permissions panel and consent to permissions as an administrator ("Consent on behalf of your organization").
   * Add and consent to `Sites.FullControl.All` (delegated) for Graph Explorer. This is required before you can make site permission changes.

2. Get the site ID for each site:
   ```
   GET https://graph.microsoft.com/v1.0/sites/[tenant].sharepoint.com:/sites/[site-name]
   ```

3. Grant permissions using the site ID:
   ```
   POST https://graph.microsoft.com/v1.0/sites/{site-id}/permissions
   {
     "roles": ["read"],
     "grantedToIdentities": [{
       "application": {
         "id": "[Your-Client-ID]",
         "displayName": "Rogue SharePoint Integration"
       }
     }]
   }
   ```

4. Return to Rogue and click **Test Connection** to verify access

## Using SharePoint in Rogue

Once configured, your SharePoint documents will be accessible throughout Rogue:

### In War Rooms

* SharePoint files appear alongside Data Shelf documents
* Use the filter options to view only SharePoint content
* Documents are automatically indexed for AI-powered search

### In Document Generation

* Reference SharePoint documents when creating new content
* Pull information from SharePoint files into your responses
* Maintain consistency with existing organizational content

### In Search

* Global search includes SharePoint results
* Filter results by source (Data Shelf vs SharePoint)
* Preview SharePoint documents directly in Rogue

## Security Considerations

### Permission Models

* **Sites.Read.All**: Grants read access to all SharePoint sites in your tenant. Required for GCC High/Government cloud. Also available for commercial cloud organizations.
* **Sites.Selected** (Commercial Cloud Only): Grants read access only to specifically authorized sites. Available only for commercial Azure environments. Not supported in GCC High due to lack of Graph Explorer support.

### Security Features

* **Read-Only Access**: The integration provides read-only access to prevent accidental modifications
* **Granular Control**: With Sites.Selected, you control exactly which sites the app can access
* **Revocable Access**: You can revoke access at any time through Azure portal or SharePoint admin center
* **Audit Trail**: All access is logged in both Azure and Rogue for compliance
* **No Data Storage**: Rogue only stores file metadata; actual file content remains in SharePoint

## Troubleshooting

<AccordionGroup>
  <Accordion title="Integration fails with 'Invalid credentials' error">
    * Verify you copied the secret value, not the secret ID
    * Ensure the secret hasn't expired
    * Confirm you selected the correct Azure Cloud option
  </Accordion>

  <Accordion title="No SharePoint files appear after setup">
    * Verify admin consent was granted for the API permissions
    * For **Sites.Selected**: Ensure you've granted per-site permissions (Step 5)
    * For **Sites.Read.All**: Wait 5-10 minutes for initial indexing to complete
    * Use the **Test Connection** button to verify your setup
  </Accordion>

  <Accordion title="Test Connection shows 'Setup Required' (Sites.Selected)">
    * This is expected for Sites.Selected permissions
    * Follow the provided instructions to grant site permissions
    * Your SharePoint admin must run the PowerShell commands or use Graph Explorer
    * After granting permissions, click Test Connection again
  </Accordion>

  <Accordion title="Some sites are not accessible">
    * For **Sites.Selected**: Verify permissions were granted for those specific sites
    * Check that the sites exist and are accessible to administrators
    * Ensure the site URLs are correct when granting permissions
  </Accordion>

  <Accordion title="Some files are missing">
    * The integration only accesses files the application has permission to read
    * Verify the SharePoint site permissions include your app
    * Check if files are in personal OneDrive folders (not accessible)
    * For Sites.Selected, ensure the parent site has been granted permissions
  </Accordion>
</AccordionGroup>

## Support

If you encounter issues during setup or usage:

1. Review the setup steps to ensure all were completed correctly
2. Check the troubleshooting section above
3. Contact Rogue support at [success@userogue.com](mailto:success@userogue.com) with:
   * Your organization name
   * Step where the issue occurred
   * Any error messages received