Introduction
This article describes how to connect to your SharePoint environment following an invite from GetAccept to our iPaaS service called GetAccept Automation.
GetAccept Automation is a powerful iPaaS service that connects you to over 500+ community connectors. To access the GetAccept Automation, you need a subscription and an invitation. Contact our sales department to learn more. |
Requirements
Before you start connecting SharePoint to GetAccept Automation, ensure that you meet the following requirements:
Prerequisites
Active Microsoft 365 Subscription: The SharePoint connector is designed for SharePoint Online, part of Microsoft 365.
Azure AD Application: You must have an Azure AD application registered in your Microsoft 365 tenant to enable the required API permissions.
Administrator Access: Administrative access to both SharePoint and Azure Active Directory is required to set up the necessary permissions and authentication methods.
API Permissions
Depending on your chosen authentication method, different permission types (delegated or application) are required.
Authorization Code Grant (Delegated Permissions)
Files.ReadWrite
(delegated):
Grants access to read and write all files the signed-in user can access.Sites.ReadWrite.All
(delegated):
Allows the app to read and write documents in all site collections on behalf of the signed-in user.MyFiles.Read
(delegated):
Grants access to read files in the signed-in userโs personal OneDrive and any files shared with them.MyFiles.Write
(delegated):
Allows the app to create, update, and delete files in the signed-in userโs personal OneDrive.
These permissions are mandatory for folder discovery and upload actions when using the SharePoint REST API with a user-authenticated (delegated) connection.
Client Credentials (Application Permissions):
Sites.Selected
(application) (minimum):
Grants access only to specific SharePoint site collections that are explicitly assigned using Microsoft Graph or PowerShell.Sites.ReadWrite.All
(application) (optional):
Provides read and write access to all site collections in SharePoint across the tenant, without user context.
These permissions are used when configuring a headless or system-level integration without a user session. Sites.Selected
is the minimum requirement and must be scoped to the target site collection(s) after assignment.
Consent Grant: Admin consent must be granted for all permissions before authenticating the connector in GetAccept Automation.
Invitation and Basic Setup
Once you have been invited to GetAccept Automation, you will receive an email asking you to create your account. Follow the instructions to create the account and log in to the platform.
Important: After logging in, ensure you switch the workspace from "My Workspace" to your company workspace by clicking on your profile image in the top left corner and selecting the workspace that matches your organization's name.
If you encounter any issues with logging in or accessing your GetAccept Automation workspace, please contact your Customer Success Manager or our Customer Support team for assistance.
For a detailed guide on setting up your account and navigating your workspace, please refer to the full article: Getting Started with GetAccept Automation.
How to Connect to SharePoint
Authentication Options
There are two primary methods to authenticate and connect SharePoint with GetAccept Automation:
1. Authorization Code Grant Method (Delegated Permissions)
Permissions Required (Delegated):
Files.ReadWrite
Sites.ReadWrite.All
MyFiles.Read
MyFiles.Write
Use Case: Best for users who need broad access across multiple sites and who are comfortable tying access to a specific user account.
Setup Steps:
Register your application in Azure AD.
Under Authentication, add the following redirect URI:
https://www.workato.com/oauth/callback
(select "Web" as platform).Select Web as the platform type.
Assign the delegated permissions listed above.
Obtain the client ID and secret from Azure AD.
In GetAccept Automation, navigate to the SharePoint connector and select Authorization Code Grant.
Authenticate using the credentials of a user with SharePoint folder access.
Important Notes:
This method uses the context of the signed-in user and requires delegated permissions specifically for SharePoint.
Ensure that the user has access to the SharePoint folder.
Without the combination of
AllSites.*
andMyFiles.*
delegated permissions, upload attempts via GetAccept Automation may fail with a 403 Forbidden error.After updating permissions in Azure, reconnect the SharePoint connection in GetAccept Automation to apply the new scopes.
2. Client Credentials with Sites.Selected Scope (Application Permissions)
Permissions Required (Application):
Sites.Selected (minimum)
Sites.ReadWrite.All (if broader access needed)
Use Case: Ideal for IT-controlled environments where access should be restricted to selected site collections.
Setup Steps:
Register your application in Azure AD.
Assign the application permissions above.
Provide access to the specific site collections using Microsoft Graph or PowerShell.
In GetAccept Automation, use the Client Credentials option and provide the client ID and secret.
Reference Video: For a detailed walkthrough on configuring Sites.Selected permissions, watch this YouTube video.
Troubleshooting
If you encounter issues during the SharePoint integration, use the relevant error guidance below to understand where the problem likely lies. Most often, these errors are due to missing API permissions in Azure or incorrectly authenticated connections.
โ Error: 403 Forbidden - Uploading file fails
This error occurs when a file upload is attempted to a SharePoint folder that the authenticated connection does not have sufficient access to. Typically returned with this message:
{
"error": {
"code": "-2147024891, System.UnauthorizedAccessException",
"message": { "value": "Access denied" }
}
}
This error may also include the SharePoint-specific header X-Msdavext-Error: 917656
, which indicates access is blocked due to insufficient permission or user context in REST API calls.
๐ Authorization Code Grant (Delegated Permissions)
If you're using an Authorization Code Grant connection:
Confirm that the following delegated permissions have been added under the SharePoint API in Azure:
Files.ReadWrite
Sites.ReadWrite.All
MyFiles.Read
MyFiles.Write
Make sure the user who authenticated the connection:
Has manual access to the SharePoint folder via browser.
Has signed in and selected the site/folder at least once (if applicable).
After updating permissions in Azure, reconnect the SharePoint connection in GetAccept Automation to apply the new scopes.
๐ Client Credentials (Application Permissions)
If you're using the Client Credentials method:
Verify that the following application permissions have been added:
Sites.Selected
(minimum)Sites.ReadWrite.All
(optional, for broader access)
Confirm that the specific site collection is granted to the app using Microsoft Graph or PowerShell.
After this is done, the connection can be authenticated with updated access.
๐ Error: Folder path not found or inaccessible
The workflow fails to locate the SharePoint folder path. This typically blocks file uploads and is often caused by missing permissions or user access issues.
๐ Authorization Code Grant (Delegated Permissions)
If you're using an Authorization Code Grant connection:
Ensure the following delegated permissions are granted:
Files.ReadWrite
Sites.ReadWrite.All
MyFiles.Read
MyFiles.Write
The user who authenticated the connection must:
Have access to the target site and folder.
Have visited the folder manually at least once.
Reconnect the SharePoint connection in GetAccept Automation by logging in again with the correct user credentials under the connection settings.
๐ Client Credentials (Application Permissions)
If you're using the Client Credentials method:
Ensure the following application permissions are granted:
Sites.Selected
(minimum)Sites.ReadWrite.All
(optional, for broader access)
The app must be granted access to the specific site collection using Microsoft Graph or PowerShell.
If the folder path is still inaccessible:
Confirm the site was added to the appโs access scope.
Temporarily test with Sites.ReadWrite.All to validate access.
Reconnect the SharePoint connection in GetAccept Automation by logging in again with the correct user credentials under the connection settings.
For further assistance, reach out to your GetAccept Customer Success Manager or our Support team.