Set Up a Tonkean SharePoint Application

We've created two applications (enterprise applications in Azure admin center) that grant Tonkean access to your SharePoint instance at the tenant level—that is, they leverage the OAuth 2.0 client credentials flow. Admins can either choose between granting Tonkean access to all the sites in a SharePoint environment or granting access only to selected sites by connecting the appropriate application in Azure:

  • Tonkean for SharePoint - All Sites - When an admin connects this application, they allow Tonkean to access all sites in their SharePoint environment. This configuration creates one SharePoint data source in Tonkean and any Tonkean solutions with access to that SharePoint data source can access all SharePoint sites.

    This option offers less permissions control because it allows users to access all SharePoint sites but is easier to set up and manage—no additional setup is required after connecting the application and giving admin consent.

    We recommend this method for most admins who want to set up a tenant-level connection with SharePoint.

  • Tonkean for SharePoint - Selected Sites - When an admin connects this application, they allow Tonkean access to only one site in their SharePoint environment. Setting up this application requires extracting a unique identifier for each SharePoint site you want to share, then running a PowerShell script to give Tonkean access. An admin must repeat this process for each SharePoint site they want to connect using this application.

    This method creates a SharePoint data source for each site connected to Tonkean, requiring Tonkean users to potentially maintain multiple SharePoint data sources. While this method does require significantly more administrative overhead than the "All Sites" application, it does provide an additional layer of access control.

Users in Tonkean who create new SharePoint connections cannot choose between accessing all sites or selected sites in their SharePoint instance. This choice is made at the admin level and cannot be changed by users.

Much of the setup for either Tonkean application consists largely of preconfiguration performed in SharePoint and Azure. See the relevant section below to set up the application that best fits your needs.

Learn More