Help Center
DocsSharePoint Document Libraries
Attach files from your organization's SharePoint sites to CRM records.
Overview
SharePoint integration uses an admin-consent flow because Sites.Read.All is a tenant-wide permission.
Microsoft Graph requires tenant admin approval before any user in the tenant can read SharePoint sites. We use the documented Microsoft admin-consent flow: a tenant admin clicks "Authorize SharePoint for the org" once, which grants every user in that tenant access to attach SharePoint files.
Why an admin step?
Sites.Read.All is what Microsoft calls an "admin-restricted" permission. Unlike Mail.ReadWrite or Calendars.ReadWrite which any user can consent to for themselves, Sites.Read.All requires the tenant Global Administrator to consent on behalf of all users.
For tenant admins
1
Open Settings → Integrations
You must be signed in with a Microsoft 365 work/school account that has Global Administrator role.
2
Click "Authorize SharePoint for the org"
You will be redirected to Microsoft's admin consent endpoint.
3
Review the requested permissions and approve
Once approved, the consent is recorded for your tenant and applies to every user.
4
Confirm the badge
After redirect, the SharePoint section in Settings → Integrations should show "Authorized for your tenant" and every user in the tenant gets SharePoint browse access automatically.
For non-admin users
If your tenant admin has not completed the consent step yet, the SharePoint tab in the file picker shows an empty state with a "Copy admin URL" button. Send the URL to your admin; once they consent, you will gain access without needing to reconnect your Microsoft 365 account.