From Corporate V4.2, this integration is self-service. Luminance Account Administrators can configure and manage the integration directly in Luminance.
Supported features
Feature | Details |
Document sync | Sync documents and folders from SharePoint Online to Luminance |
Folder-level sync | Sync specific document libraries or folders |
Automatic updates | Sync new and updated documents periodically |
Site-level access control | Configure access to all sites or selected sites only |
Two-way delete sync | Optionally enable delete sync when write permissions are granted |
Division-level configuration | Configure sync per Division |
SharePoint Azure Integration Setup Guide
Note:
You need Administrator access to the Azure Portal and Account Administrator access to Luminance to complete this setup
This integration supports SharePoint Online only. SharePoint Server is not supported unless it is managed through Azure applications
This integration syncs files and folders from document libraries only. Lists, list items and other SharePoint objects are not supported
Step 1: Register an Application in Microsoft Entra ID
Note: If you have already configured a Microsoft Entra ID application for Luminance, e.g., for SSO, you can reuse that application and continue to Step 2.
Sign in to the Azure Portal
Go to App registrations
Click New registration
Configure the application pursuant to the fields below
Click Register
Setting | Value |
Name | Luminance |
Supported account types | Select the option that matches your organization's requirements |
Redirect URI | Platform: Web, URI: https://<your-luminance-url>/auth/callback |
Step 2: Configure Authentication
Open the application you registered
Go to Authentication
Under Implicit grant and hybrid flows, enable Access tokens
Verify the following redirect URI is listed:
https://<your-luminance-url>/auth/callbackClick Save
Note: SharePoint Azure requires Access tokens to be enabled. This is different from SSO, which uses ID tokens
Step 3: Obtain Application Details
On the application's Overview page, note the following values.
Value | Description |
Application (client) ID | The unique identifier for this application (a GUID) |
Directory (tenant) ID | The unique identifier for your Azure AD tenant (a GUID) |
These will be needed when configuring the integration in Luminance.
Step 4: Configure API Permissions
Within this step, choose one of the following two options depending on the scope of access you require.
Option | Description |
Option A: Full Sites Access | Grants the application read access to all SharePoint sites in your tenant. Simpler to configure |
Option B: Selected Sites Access | Grants the application access to specific SharePoint sites only. More secure, but requires an additional API call to assign permissions. |
Note: The client secret value is shown only once. Store it securely before leaving the page.
Option A: Full Sites Access
Best practice tip: Use this option if the integration should be able to read all SharePoint sites in your tenant.
Go to API permissions
Click Add a permission
Add the Application permissions detailed in the below table
Click Grant admin consent and verify a green check mark appears next to each permission
Note: An Azure AD Administrator may need to approve the consent request.
Go to Certificates & secrets
Click New client secret
Enter a description and select an expiry duration
Click Add
Copy the Value immediately
API | Permission | Type |
Microsoft Graph | Sites.Read.All | Application |
SharePoint | Sites.Read.All | Application |
Option B: Selected Sites Access
Best practice tip: Use this option if the integration should access specific SharePoint sites only. This is more restrictive and usually preferred where possible.
Go to API permissions
Click Add a permission
Add the Application permissions detailed in the below table
Click Grant admin consent and verify a green check mark appears next to each permission
Note: An Azure AD Administrator may need to approve the consent request.
Go to Certificates & secrets
Click New client secret
Enter a description and select an expiry duration
Click Add
Copy the Value immediately
Step 5: Grant vAccess to Specific Sites (Option B Only)
To grant the application access to a specific SharePoint site, a user with the required Microsoft permissions must assign site access through Microsoft Graph.
Find the Site ID by opening the following URL in your browser:
https://<your-tenant>.sharepoint.com/sites/<site-name>/_api/site/idCopy the Site ID
Make the following Microsoft Graph API call for each SharePoint site you want Luminance to access:
POST https://graph.microsoft.com/v1.0/sites/{siteId}/permissions
Content-Type: application/json
{
"roles": ["{read or write}"],
"grantedToIdentities": [
{
"application": {
"id": "{your-application-client-id}",
"displayName": "Luminance"
}
}
]
}Role | Description |
read | One-way sync (SharePoint → Luminance only) |
write | Two-way sync (enables delete sync from Luminance back to SharePoint) |
Note: Repeat this step for each SharePoint site you want the integration to access
For more information, see Microsoft's documentation: Grant an application access to a site.
Step 5: Create the Integration in Luminance
Log in to Luminance as an Account Administrator
Go to Account Settings → Integrations
Click Create Integration
Select SharePoint Azure
Complete the fields as described below
Click Create
Field | Description | Example |
Name | Enter a name for the integration | SharePoint Production |
Type | Leave as Sync | Sync |
Application (client) ID | Enter the application client ID | f47ac10b-58cc-4372-a567-0e02b2c3d479 |
Client Secret | Enter the client secret value | Secret value from Azure Portal |
Site ID | Enter the SharePoint Site ID if using Selected Sites Access (Option B) | contoso.sharepoint.com,{site-guid},{web-guid} |
Directory (tenant) ID | Enter the tenant ID | 123e4567-e89b-12d3-a456-426614174000 |
Note: The Site ID field is required only if you are using Selected Sites Access
Step 7: Configure sync in Luminance
Go to Upload & File Management
Select the required Division
Select or create a folder
Open the Information panel
Click the settings icon next to Sync Source
Select SharePoint Azure
Click the cloud icon to open the Site Picker
Select the SharePoint site you want to sync
Enter or select the document library or folder path
Click Activate Sync
Usage: Expected Behavior
Once the integration is created, users can sync documents from SharePoint into any Luminance folder.
Behavior | Details |
Automatic sync | Documents added to the selected SharePoint location are automatically synced to Luminance. Sync occurs periodically, so there may be a short delay before documents appear |
One-directional by default | Sync from SharePoint to Luminance only |
Two-way delete sync | If the application was granted 'write' permissions (Option B), two-way delete sync can be enabled. Deleting a document in one system may remove it from the other. |
Site-scoped | Sync only the selected SharePoint site and configured folder path |
Document libraries only | Sync only files and folders in document libraries. Lists, list items and other SharePoint objects are not supported |
Authentication | The integration uses application-level authentication rather than user-level authentication |
Sync interruption | If the connection is interrupted, e.g., because permissions change, the sync pauses until the connection is restored |
Secret expiry | If the client secret expires, the sync stops until the secret is replaced |
Security best practices
Use Selected Sites Access where possible
Grant read access unless write access is specifically required
Store the Client Secret securely and track its expiry date
Rotate secrets before they expire
Review site permissions regularly
Ensure admin consent is granted for all required permissions
Troubleshooting
Use this table to identify and resolve common issues.
Issue | Cause | Resolution |
Internal Server Error during setup | Application configuration issue | Verify Access tokens is enabled and required API permissions have been granted |
Documents stopped syncing | Connection interrupted | Reauthenticate or restore the required permissions |
Cannot see the desired site in the Site Picker | Application does not have access to the site | If using Selected Sites Access, verify site access was granted through Microsoft Graph. If using Full Sites Access, verify Sites.Read.All is granted |
Version incompatibility (known limitation) | SharePoint Server environment | Use SharePoint Online or a SharePoint Server environment managed through Azure applications |
Redirect URI mismatch | Redirect URI does not match | Verify the redirect URI matches https:///auth/callback |
Secret expired | Client secret expired | Create a new client secret in Azure Portal and update it in Luminance |
Document library content missing | Unsupported SharePoint object type | Verify the selected path is in a document library and not a list or other SharePoint object |