Unique AI Documentation

SharePoint Connector - Operator Manual

3 min read

Overview

This guide provides IT operators with the technical information needed to deploy, configure, and maintain the SharePoint Connector.

For end-user and administrator documentation, see the SharePoint Connector Overview.

Documentation

Document

Description

Deployment

Container images, Helm charts, Terraform modules, release/support policy

Configuration

Tenant configuration, site configuration, scheduling

Authentication

Azure AD setup, certificates, service principals

FAQ

Frequently asked questions and common issues

Configuration Approach

The connector uses a YAML-based tenant configuration file that can source site configurations from:

Source

Description

config_file

Static YAML configuration for fixed site list

sharepoint_list

Dynamic configuration from a SharePoint list

See Configuration Guide for details.

Architecture Overview

embedded_e6c112066d6854d1637d2dbe869168b0.png

The SharePoint Connector runs as a single pod that periodically scans SharePoint sites and synchronizes flagged documents to the Unique knowledge base.

Cluster-Internal Deployment

When deployed within the same Kubernetes cluster as Unique services:

embedded_279e228286bc2ba8c379f9f069bc6054.png

In cluster-internal mode, Zitadel token validation is not needed as services communicate securely within the cluster using custom request headers for company and user scope.

Quick Start

Unique SaaS

When Unique hosts the SharePoint Connector, Unique provisions the app registration, certificate, and deployment infrastructure. Your side of the setup is:

  1. Provide the information below to Unique Support or Solution Engineering

  2. Grant admin consent using the URL Unique sends you

  3. Grant site-specific access for Unique's app registration to each SharePoint site (see Grant Site-Specific Access

What to provide to Unique (all items are required):

  • [ ] Microsoft Entra Tenant ID — Azure Portal → Microsoft Entra ID → Overview → Directory (tenant) ID (e.g. )

  • [ ] SharePoint base URL — the root URL of your SharePoint Online tenant (e.g. https://contoso.sharepoint.com)

  • [ ] Site configuration source — how the connector discovers which sites to sync:

  • sharepoint_list(recommended) — a SharePoint list controls which sites are synced dynamically; provide:

    1incomplete Configuration site ID — the ID of the SharePoint site that hosts the sync control list2incomplete Configuration list ID — the ID of the list within that site

  • config_file — a static list of site IDs baked into the deployment; provide:

    1incomplete The Site IDs to sync (and optionally Document Library IDs for library-level access)

For Multi Tenant deployments, grant site access to Unique's shared app ID . For Single Tenant deployments, Unique will provide the dedicated app ID after provisioning.

Infrastructure Requirements

Component

Requirement

Notes

Kubernetes

1.25+

Any Kubernetes distribution

Container Runtime

Docker/containerd

Standard container runtime

Memory

2 GB

Minimum allocation

CPU

1 core

Minimum allocation

Network Requirements

Destination

Port

Protocol

Direction

login.microsoftonline.com

443

HTTPS

Outbound

graph.microsoft.com

443

HTTPS

Outbound

{tenant}.sharepoint.com

443

HTTPS

Outbound

Unique API

443/8080

HTTPS/HTTP

Outbound/Internal

DNS

53

UDP/TCP

Outbound

Deployment Checklist

1. Infrastructure

1incomplete Kubernetes namespace created2incomplete Network egress to Microsoft Graph allowed3incomplete Network egress to SharePoint REST API allowed (if permission sync enabled)4incomplete Connectivity to Unique API verified

2. Microsoft Entra ID

1incomplete App registration created2incomplete API permissions granted3incomplete Admin consent completed4incomplete Certificate configured5incomplete Site or library-specific access granted

3. Unique Platform

1incomplete Service user created with required permissions2incomplete Company ID noted (for cluster-internal mode)3incomplete Scope IDs created for each site to sync

4. Application

1incomplete Tenant configuration file created2incomplete Certificate secrets created in Kubernetes3incomplete Helm chart deployed4incomplete Sites configured (YAML or SharePoint list)5incomplete Sync column configured in SharePoint libraries

5. Verification

1incomplete Connector logs show successful authentication2incomplete Sites are being scanned3incomplete Flagged files are being synced4incomplete Files appear in Unique knowledge base5incomplete GET /health returns 200 with all checks passing
Last updated