Skip to main content
Skip table of contents

Step 3: Set-up API Permissions in Azure

API Permissions

Go to API-permissions in Azure => click add permission => Choose SharePoint

First select ‘Delegated permissions’. Use the search bar to quickly navigate to the options below

Select following three options:

1. AllSites.Write
2. Sites.Search.All
3. Termstore.ReadWrite.All

After selecting the options, click “add permissions”.

Note that The Write permission is more like a standard Contribute permission in a SharePoint site i.e. you can add content to libraries but not create any new libraries or make changes to the structure of existing libraries.

Note: You also have FullControl permission to be able to do everything in the site i.e. create, read, update and delete but for 24Files this FullControl permission is not required.

Once this write permission is granted on tenant-level,  only users who have the required rights (cfr oAuth) to access and upload data to that library can contribute. In other words, even with Write rights on tenant level only users who have permissions to upload data can perform these activities.

24Files operates using delegated permissions because it is designed to work with an integration user rather than relying on the client credentials grant flow. As a result, application permissions (which are typically used in system-to-system authentication) are not supported in 24Files.

 The “Files.ReadWrite.All” delegated permission is requested during authentication because 24Files relies on user context to access and manage files within SharePoint. This ensures that all actions are performed on behalf of the integration user, maintaining compliance with Microsoft’s delegated permission model. Since delegated permissions inherently require user authentication, the scope needs to be broad enough to allow access to the necessary resources the integration user is permitted to reach.

Microsoft Graph Permissions

Next, we will configure Microsoft Graph permissions.

Configuring Graph Permissions

Go to API-permissions in Azure => click add permission => Microsoft Graph.

First select ‘Delegated permissions’. Use the search bar to quickly navigate to the options below.

Select following options:

  • Offline access

  • Open ID

After selecting the two options, click “update permissions”.

Grant admin consent

Click “Grant admin consent for {your_company}” next to “Add a permission”.

After you granted the permissions as described above, your granted permissions should look as follows:

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close