🚀 Step-by-Step Guide: Connecting SharePoint to Agentforce with the Data Cloud SharePoint Connector

by brandonin Advanced, Agentforce, Education, Learning, Salescloud, Salesforce Course Workon Posted on

Bringing SharePoint into Agentforce via Salesforce Data Cloud unlocks the ability to surface your documents directly in AI workflows. The process involves setting up a Microsoft Entra ID app, securing credentials, and wiring everything up in Salesforce.

In this article, we’ll explain the architecture at a high level, and provide an end-to-end tutorial with some troubleshooting tips.

đź“‚ File Types Agentforce Can Use from SharePoint

Once connected, Agentforce can access a wide range of file formats stored in SharePoint.

File Types Agentforce Can Use from SharePoint

Currently confirmed: PDF files are supported via the unstructured connector Salesforce Developers.

Other common formats (Word, Excel, PowerPoint, text files, HTML, images) are likely supported but are not explicitly documented.

If you plan to use other file types, it’s recommended to test them or ask Salesforce support directly.

Agentforce doesn’t just pull these files as “attachments”—it ingests the contents so they can be searched, summarized, or used in context-aware responses.

🧩 How Chunks Work in Queries

Large files (like a 50-page PDF or a long Word doc) are automatically broken into chunks when processed by Data Cloud and surfaced in Agentforce.

  • Each chunk is a small block of text or data, sized so that the AI can handle it efficiently.

  • When you run a query in Agentforce, the system doesn’t scan the whole file at once. Instead, it searches across these chunks for relevant matches.

  • This ensures that even very large SharePoint documents can be retrieved quickly, while still keeping the AI responses focused and accurate.

Think of chunks as “searchable paragraphs” — they’re invisible to end users, but they make the AI much smarter and faster when working with your SharePoint data.

🔹 Step 1: Register the App in Microsoft Entra ID

    1. In the Azure Portal, go to
      Microsoft Entra ID → App registrations → New registration.

    1. Enter a name (e.g., Agentforce-SharePoint-Connector).

    1. Choose Accounts in this organizational directory only (single tenant).

    1. Add a Redirect URI (Web) – use the Salesforce callback URL shown in the Data Cloud connector setup wizard.

 

🔹 Step 2: Configure the App as a Confidential Client

By default, new apps may allow public flows. The SharePoint connector requires a confidential client.

    1. In the new app, go to Authentication.

    1. Disable “Allow public client flows”.

    1. Remove any Mobile & desktop redirect URIs.

⚠️ Error avoided:
If left as public, you’ll hit
AADSTS700025: Client is public so neither 'client_assertion' nor 'client_secret' should be presented.

🔹 Step 3: Create a Client Secret (or Certificate)

    1. Navigate to Certificates & secrets → New client secret.

    1. Provide a description and set an expiry.

    1. Copy the Value immediately (this is your only chance).

⚠️ Common mistake: Copying the Secret ID instead of the Secret Value.
This triggers AADSTS7000215: Invalid client secret provided.

🔹 Step 4: Grant Microsoft Graph Permissions

    1. In the app, go to API permissions → Add a permission.

    1. Select Microsoft Graph → Application permissions.

    1. Add Sites.Read.All (or Sites.Selected if you want to scope).

    1. Click Grant admin consent.

Use Graph API Permissions in Azure[/caption]

🔹 Step 5: Verify the Credential Works

Before touching Salesforce, test the secret directly with a curl call:

curl -X POST https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "client_id={client_id}" \
  -d "client_secret={secret_value}" \
  -d "grant_type=client_credentials" \
  -d "scope=https://graph.microsoft.com/.default"

âś… Expected: JSON containing an access_token.
❌ If you see errors:

    • AADSTS7000215 → wrong or expired secret (check that you used the Value).

    • AADSTS700025 → app is still public (fix Authentication tab).

 

🔹 Step 6: Configure Salesforce Data Cloud

    1. In Setup → External Credentials:
        • Choose OAuth 2.0 Client Credentials.

        • Token URL: https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token.

        • Client ID: Entra app’s Application (client) ID.

        • Client Secret: paste the secret Value.

        • Scope: https://graph.microsoft.com/.default.

    1. Create a Named Credential linked to that External Credential.

    1. In Data Cloud → Connections → SharePoint Connector, select the Named Credential and target SharePoint sites.

🔹 Step 7: Test the Connector in Salesforce

    • Run a test connection from the SharePoint Connector setup page.

    • If successful, you’ll be able to browse and sync SharePoint sites.

🔹 Quick Troubleshooting Checklist

    • App is confidential, not public.

    • Secret Value, not Secret ID, is in Salesforce.

    • Secret hasn’t expired.

    • Tenant ID in URL matches the app’s directory.

    • Microsoft Graph permissions granted with Admin consent.

    • Curl test succeeds before Salesforce connection.

🎯 Conclusion

With the Microsoft Entra app properly registered as a confidential client, the right client secret value, and Graph application permissions, your SharePoint environment can now flow into Agentforce through Data Cloud. Once connected, you can leverage SharePoint content in Einstein Copilot, workflows, and AI assistants seamlessly.

Work with Us

Cypress Learning Solutions is ready to make your AI plans a reality. Our team of Salesforce & AI Experts are ready to help your business recognize the full potential of Salesforce.