Connect Microsoft SharePoint Online with data federation

This page describes how to connect Microsoft SharePoint Online to Gemini Enterprise using data federation.

Use the following procedure to search through your SharePoint account using federated search.

About data federation

With data federation, Gemini Enterprise directly retrieves information from the third-party data sources using APIs, instead of copying the data into Gemini Enterprise. Using this approach, you can access external data sources immediately, without waiting for ingestion.

Before you begin

Before you can create the connector in Gemini Enterprise, you must set up an Entra application registration to enable secure access to SharePoint.

  1. To register Gemini Enterprise as an OAuth 2.0 application in Entra, do the following:

    1. Navigate to Microsoft Entra admin center.
    2. In the menu, expand the Applications section and select App registrations.
    3. On the App registrations page, select New registration.
      Register a new app in Entra
      Register a new app in Microsoft Entra admin center
    4. Create an app registration on the Register an application page:
      Register Accounts in the organizational directory only
      Select the account type and enter the redirect URI
    5. In the Supported account types section, select Accounts in the organizational directory only.

    6. In the Redirect URI section, select Web and enter the following URLs as web callback URLs (or redirect URLs):

      • https://vertexaisearch.cloud.google.com/console/oauth/sharepoint_oauth.html
      • https://vertexaisearch.cloud.google.com/oauth-redirect

    7. Click Register. Your app will be created.

  2. To obtain the client ID and secret for the app, do the following:

    1. On the app page, select Certificates & secrets.
    2. Click New client secret.
    3. Enter a description for the secret.
    4. Select an expiry duration. We recommend that you select the default value.
    5. Click Add.
    6. Copy the secret displayed in the Value column (Client Secret) and the identifier in the Secret ID column (Client ID), and securely store both for later use.

  3. To configure the required API permissions for the app, do the following:

    1. On the app page, select API permissions.

    2. Click Add permissions.

    3. In the Request API permissions page, select SharePoint.

    4. Select Delegated permissions.

    5. Search for and select the following permissions:

      • Sites.Search.All

      For site access, choose either of the following permissions:

      • AllSites.Read: Lets you to search all documents they have access to across any site.
      • Sites.Selected: Provides you more administrative control. Admins can restrict which sites the user can query, but they must grant access to each individual site they want to enable. For more information, see Granting permissions to a specific Site Collection.

    6. Click Add permissions.

Create a federated search connector with SharePoint

Console

Use the following steps for Google Cloud console to perform federated search through SharePoint from Gemini Enterprise.

  1. In the Google Cloud console, go to the Gemini Enterprise page.

    Gemini Enterprise

  2. In the navigation menu, click Data Stores.

  3. Click Create Data Store.

  4. On the Select a data source page, scroll or search for SharePoint Federated to connect your third-party source.

    create-data-store
    Search for SharePoint Federated

  5. Under Authentication settings:

    1. Enter the Client ID, Client secret, Instance URL, and Tenant ID.
    2. Click Authenticate.

    3. Click Continue.

      enter-auth-info
      Enter the authentication information

  6. Select the entity types you want to search.

    select-region-enter-name
    Select the entity types

  7. Select a region for your data source.

  8. Enter a name for your data source.

    select-region-enter-name
    Configure your data connector

  9. Click Create. Gemini Enterprise creates your data store and displays your data stores on the Data Stores page.

Once the data store is created, go to the Data Stores page and click your data store name to see the status. If the Connector state changes from Creating to Active, the federated search connector is ready to be used.

User authorization

After creating a federated search data store, you can see it listed as one of the data sources in your source management panel. If you haven't previously authorized Gemini Enterprise, then you can't select the data source. Instead, an Authorize button appears next to it.

To initiate the authorization flow:

  1. Click Authorize. You are redirected to the SharePoint authorization server.
    click-authorize
    Click Authorize

  2. Sign in to your account.

  3. Click Grant access. After granting access, you are redirected back to Gemini Enterprise to complete the authorization flow. Gemini Enterprise obtains the access_token, and uses it to access the 3P search.

Query execution

When you enter a search query:

  • If SharePoint is authorized, Gemini Enterprise sends the query to the SharePoint API.
  • Gemini Enterprise blends the results with those from other sources and displays them.

Data handling

When using third-party federated search, your query string is sent to the third-party search backend. These third parties may associate queries with your identity. If multiple federated search data sources are enabled, the query may be sent to all of them.

Once the data reaches the third-party system, it is governed by that system's Terms of Service and privacy policies (not by Google Cloud's terms).