1. Integration Method

We integrate with SharePoint Online via the Microsoft Graph API, using OAuth 2.0 for authentication. The OAuth flow is managed through Nango, a certified integration platform that acts as the OAuth broker.

There is no need for your organization to register an Enterprise App in Azure AD. Nango provides a pre-registered Azure AD application that handles the OAuth handshake. When a user connects SharePoint from within Inventive, they are redirected to Microsoft's standard consent screen where they (or your Azure AD admin, depending on your tenant policies) approve the requested permissions.

2. Integration Architecture

Flow:

1. Connection Setup (One-Time) — User connects SharePoint from Inventive → OAuth flow via Nango → Microsoft consent screen → User approves read-only permissions → Connection established
2. File Selection & Immediate Indexing — User browses SharePoint sites & folders → Selects files/folders to import → Files are fetched and indexed in Knowledge Hub
3. Ongoing Sync (Automated, Daily) — Daily sync picks up updates and new files in synced folders → Re-indexes in Knowledge Hub automatically — no manual action needed

3. Permissions Requested

The following Microsoft Graph API scopes are requested — all are read-only and delegated (meaning they act on behalf of the signed-in user and can only access what that user already has access to):

4. File Permissions: Read-Only

Our integration is strictly read-only. We do not request any write, modify, or delete permissions.

• ✅ We can: Browse sites, list folders, read file metadata, and download file content
• ❌ We cannot: Create, modify, or delete files, change permissions, or alter sharing settings

No write scopes (such as Files.ReadWrite or Sites.ReadWrite) are requested at any point.