Grant Access to Selected Sites

Grant Azure Application Permission for a Specific SharePoint Site

To ensure proper integration and access, follow the steps below to grant the Sites.Selected permission to your Azure AD application using the Microsoft Graph API.

Step 1: Open Microsoft Graph Explorer

1. Visit the Microsoft Graph Explorer: https://developer.microsoft.com/en-us/graph/graph-explorer

2. Sign in using your Microsoft account to proceed.

Step 2: Retrieve the SharePoint Site ID

Use the following API request to get the Site ID of your target SharePoint site:

GET https://graph.microsoft.com/v1.0/sites/{tenant-name}.sharepoint.com:/sites/{site-name}

In the example shown, the site URL is visible and can be referenced from the browser's address bar.

Once the query is run, it returns the Site ID in the response. If the query does not return a response, click on Modify Permissions in Graph Explorer and allow the required access. This access is requested by Microsoft and is safe to grant.

After the permissions are granted, run the query again. The response will contain the Site ID, which you can copy for use in the next step.

Step 3: Grant Permissions Using the Site ID

Once you have the Site ID, use the following API with the POST method to grant permissions:

POST https://graph.microsoft.com/v1.0/sites/{site-id}/permissions

In this case, the example API with the Site ID looks like:| POST https://graph.microsoft.com/v1.0/sites/a634ebd4-ae97-4317-8f15-6cd58a651b0c/permissions

In the request body, include the JSON payload with the roles and application details.

Example:

{
  "roles": ["fullcontrol"],
  "grantedToIdentities": [
    {
      "application": {
        "id": "{your app Id}",
        "displayName": "{your app display name}"
      }
    }
  ]
}

If an error occurs after submitting the request, click on Modify Permissions again and grant the permissions requested by Graph Explorer.

Once the necessary permissions are granted, re-run the query. It should return a response confirming the permission assignment.

Step 4: Verify Permission Assignment

After successful execution, you will receive a response like the following:

{
  "roles": ["fullcontrol"],
  "grantedToIdentities": [
    {
      "application": {
        "id": "79871c67-c281-41b0-999e-5c1a20c878d5",
        "displayName": "Inogic Site Selected"
      }
    }
  ]
}

After the permission has been successfully granted, log out of Graph Explorer and try to authenticate the SharePoint connector. The connector should now be successfully authenticated.

If you receive an error after executing this request, it usually means additional permission consent is required. Click on "Modify permissions" in Graph Explorer and grant the permissions requested.

Once the permission is granted successfully, the response will confirm it.

{
  "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#sites('a634ebd4-ae97-4317-8f15-6cd58a651b0c')/permissions/$entity",
  "id": "aTowaS50fG1zLnNwLmV4dHw3OTg3MWM2Ny1jMjgxLTQxYjAtOTk5ZS01YzFhMjBjODc4ZDVAOGNhYmFjODYtMTYwYi00NmU2LTkwZWQtNTBlNmIxMGQ5M2Vl",
  "roles": ["fullcontrol"],
  "grantedToIdentitiesV2": [
    {
      "application": {
        "displayName": "Inogic Site Selected",
        "id": "79871c67-c281-41b0-999e-5c1a20c878d5"
      }
    }
  ],
  "grantedToIdentities": [
    {
      "application": {
        "displayName": "Inogic Site Selected",
        "id": "79871c67-c281-41b0-999e-5c1a20c878d5"
      }
    }
  ]
}

Step 5: Test the Connector Authentication

After successfully granting permissions:

• Log out from Graph Explorer.

• Re-authenticate the SharePoint connector in SharePoint Security Tool.

• It should now be authenticated successfully.