Create a Service Account (no SSO requirements) to be used as the authorization to get to the SharePoint Site

Create a new App Registration in Azure Entra that allows access to all SharePoint sites for your organization (granular control comes after this).

Configure the AWS Knowledge Base with the credentials you created

Sync the data from SharePoint to Knowledge Base

Add Data Contexts using this new Connector

Azure Entra administrative rights

Admin rights to AWS

Admin rights to the Sharepoint Site you would like to index

Admin rights to SurePath AI https://admin.surepath.ai

Application (client) ID

Directory (tenant) ID

SharePoint URL

App Registration secret

Login to Microsoft Azure Portal:

Select Microsoft Entra ID

Navigate to Users -> New user

Add the new service account with a descriptive name

Be sure to disable two factor authentication for this account.

Once it's been added, this User Name needs to be added to the "Site Members" in the SharePoint site that you want to index.

Please note that MS Teams sites look a little different, so be SURE that you add the new user to Site Members and not the teams members list that could show up.

Login to Microsoft Azure Portal:

Select Microsoft Entra ID

Select App registrations > New Application

Enter the name AWS SharePoint Connector or another identifiable name.

Redirect URI (optional): Web

Leave the URI blank next to where you selected “Web”.

Select Register at the bottom of the page when done.

Capture the values from the following two items and get them to the SurePath engineers. In the future you will enter these into a self provisioning form in the SurePath Admin console.

Select Manage > API permissions > Add a permission

Select the tile SharePoint

Select Application permissions

Select Sites.Read.All

Click the button Add permission at the bottom

Select Grant admin consent for {your organization here}

Select Yes on the pop-up screen.

The Status should have green checks on them now.

Select Certificates & Secrets -> Client secrets (0) -> New client secret

Enter a name of the secret and set the expire date

Be sure to capture your secret Value as this is your only chance to capture it.

Application (client) ID

Directory (tenant) ID

SharePoint URL

Username and user Password with access to the SharePoint site

App Registration secret

Admin rights to AWS

Application (client) ID

Directory (tenant) ID

SharePoint URL

App Registration secret

Login to AWS and navigate to the Secrets Manager > Store a new secret

Select Other type of secret

Enter the four (4) Key's and their associated values into the UI. The text/case must match exactly on the keys

Click Next when done

Enter a Secret name

Click Next and Save until you are done and back at the main Secret screen

Access AWS BedRock > Builder Tools > Knowledge Bases > Create

Select Knowledge Base with vector store

Enter a Knowledge Base name or leave the default

Leave IAM permissions > Create and use a new service role

Update the Service role name or leave default

Scroll down a bit and select Sharepoint - Preview

Then select Next (not shown)

Enter a data source Name or leave the default

Set the Source > Site URLs

Enter the Domain

In Authentication, leave it set to OAth 2.0 authentication

Enter the Tenant ID from Azure

Enter the AWS Secrets Manager secret you created earlier

Leave everything else default, and select Next at the bottom of the page.

Click on Select Model > Titan Text Embeddings V2

Click Apply

Leave everything on the rest of the page default, and select Next.

Review and select Create Knowledge Base when done.

Your new Knowedge Base will be created and will Sync the data

Please add a connector using the Create an AWS Connector instructions here

A Data Source can now be created and you can provide access to it using the following document