1 of 1

SharePoint - Restrictive Permissions (App Registration)

This guide walks you through securely connecting SharePoint to Couchdrop using an application registered in Microsoft Entra, with access restricted to a specific site using the Sites.Selected permission.

Prerequisites

Access to Microsoft Entra Admin Center
Admin rights to register apps and grant tenant-wide permissions
Access to

The process has three main steps that will be explained in detail.

Configuring an Application in Entra
Granting Site permissions to the Application in Microsoft Graph Explorer
Connecting to SharePoint in Couchdrop using the configured Application

Go to
Navigate to App registrations → + New registration
Enter a name (e.g., Couchdrop-SharePoint)

After registration, you will be taken to a settings page for your new app. Copy the following from the Overview tab:

Application (client) ID
Directory (tenant) ID

Go to Certificates & secrets
Click + New client secret
Provide a description (e.g., CouchdropSecret), select expiry, and click Add

Microsoft Graph API

Navigate to API permissions → + Add a permission
Select Microsoft Graph → Application permissions
Find and check Sites.Selected

To find the SharePoint site's ID, open the following URL in your browser and replace elements in brackets with your tenant and Site information.

Example:

This will return an XML object containing the Site ID:

2. Sign in to Graph Explorer

Visit
Sign in with your Microsoft account
Click the user icon (top-right) → Consent to permissions

3. Send Permission Grant Request (for a specific site)

ENDPOINT

BODY

Replace:

{site_id} with the GUID you retrieved earlier
<APPLICATION_CLIENT_ID> with your app’s Client ID
<APPLICATION_DISPLAY_NAME> with your app name (e.g., Couchdrop-SharePoint

Click Run Query. A successful response will return 201 Created.

4. Send Permission Grant Request (root site)

ENDPOINT

BODY

Replace:

<APPLICATION_CLIENT_ID> with your app’s Client ID
<APPLICATION_DISPLAY_NAME> with your app name (e.g., Couchdrop-SharePoint)

Click Run Query. A successful response will return 201 Created.

Return to Couchdrop and choose to create a new SharePoint connector.
Uncheck the option to use Delegated OAUTH Access to connect via Application Access.
Complete the configuration using:

SharePoint Domain
Client ID
Directory (Tenant) ID
Client Secret

4. You must then “Choose a folder” and manually specify the SharePoint subfolder path. This ensures Couchdrop connects to the exact SharePoint site you granted access to via Sites.Selected.

5. Click Test to verify that you have successfully assigned access. Select Add Integration to complete the process.

SharePoint - Restrictive Permissions (App Registration)

Prerequisites

Access to Microsoft Entra Admin Center
Admin rights to register apps and grant tenant-wide permissions
Access to

The process has three main steps that will be explained in detail.

Configuring an Application in Entra
Granting Site permissions to the Application in Microsoft Graph Explorer
Connecting to SharePoint in Couchdrop using the configured Application

Go to
Navigate to App registrations → + New registration
Enter a name (e.g., Couchdrop-SharePoint)

After registration, you will be taken to a settings page for your new app. Copy the following from the Overview tab:

Application (client) ID
Directory (tenant) ID

Go to Certificates & secrets
Click + New client secret
Provide a description (e.g., CouchdropSecret), select expiry, and click Add

Microsoft Graph API

Navigate to API permissions → + Add a permission
Select Microsoft Graph → Application permissions
Find and check Sites.Selected

To find the SharePoint site's ID, open the following URL in your browser and replace elements in brackets with your tenant and Site information.

Example:

This will return an XML object containing the Site ID:

2. Sign in to Graph Explorer

Visit
Sign in with your Microsoft account
Click the user icon (top-right) → Consent to permissions

3. Send Permission Grant Request (for a specific site)

ENDPOINT

BODY

Replace:

{site_id} with the GUID you retrieved earlier
<APPLICATION_CLIENT_ID> with your app’s Client ID
<APPLICATION_DISPLAY_NAME> with your app name (e.g., Couchdrop-SharePoint

Click Run Query. A successful response will return 201 Created.

4. Send Permission Grant Request (root site)

ENDPOINT

BODY

Replace:

<APPLICATION_CLIENT_ID> with your app’s Client ID
<APPLICATION_DISPLAY_NAME> with your app name (e.g., Couchdrop-SharePoint)

Click Run Query. A successful response will return 201 Created.

Return to Couchdrop and choose to create a new SharePoint connector.
Uncheck the option to use Delegated OAUTH Access to connect via Application Access.
Complete the configuration using:

SharePoint Domain
Client ID
Directory (Tenant) ID
Client Secret

4. You must then “Choose a folder” and manually specify the SharePoint subfolder path. This ensures Couchdrop connects to the exact SharePoint site you granted access to via Sites.Selected.

5. Click Test to verify that you have successfully assigned access. Select Add Integration to complete the process.

SharePoint - Restrictive Permissions (App Registration)

Prerequisites

SharePoint - Restrictive Permissions (App Registration)

Prerequisites

Steps

Configuring an Application in Entra

1. Register a New Application

2. Copy your new Client ID and Tenant ID

3. Create a Client Secret

4. Assign API Permissions

Granting site permissions to App via Microsoft Graph Explorer

1. Retrieve the Site ID

Connecting to SharePoint in Couchdrop using the configured Application

Folder Path Syntax