Agentic Data Plane
beta

SharePoint Managed MCP Server

The SharePoint managed MCP server lets agents read SharePoint sites, document libraries, lists, and files, upload files, and search content through the Microsoft Graph API. Each agent caller authenticates against Microsoft with their own identity through user-delegated OAuth, so every call stays bounded by the signed-in user’s own SharePoint permissions: the server never holds workspace-wide access.

After reading this page, you will be able to:

  • Register a Microsoft Entra app and an OAuth provider for the SharePoint managed MCP server

  • Create the SharePoint managed MCP server with the correct Microsoft Graph scopes

  • Authorize a user and run the SharePoint tools from the Inspector or an agent

The SharePoint managed MCP server is in beta. If you don’t see SharePoint in the picker, contact Redpanda support.

What this MCP server does

The SharePoint managed type wraps the Microsoft Graph API (https://graph.microsoft.com/v1.0) and authenticates per user through the gateway’s token vault. Per-user OAuth is the only authentication mode this type supports. It exposes the following tools:

Tool What it does

list_sites

Search for SharePoint sites. The search term passes straight to Graph’s /sites?search= endpoint. An empty search returns no results, so pass * to list every site or a name fragment to narrow the search.

get_site

Fetch a single site by composite ID (contoso.sharepoint.com,<guid>,<guid>) or hostname path (contoso.sharepoint.com:/sites/team).

list_drive_items

Browse a site’s default document library. Lists the library root by default; pass folder_id to descend into a folder.

get_file_content

Read a file from a site’s document library as UTF-8 text, with its filename, MIME type, and size.

upload_file

Upload a text file to a site’s document library, into the root or a folder. Requires the Sites.ReadWrite.All scope.

search_content

Search across all SharePoint sites, files, and list items the user can see. The query supports Keyword Query Language (KQL).

list_lists

List the SharePoint lists on a site. Hidden lists are excluded.

list_list_items

List the items in a SharePoint list, with each item’s column values returned as JSON in fields_json.

The file tools operate on the site’s own default document library (/sites/<site-id>/drive/…​), never on a user’s personal OneDrive. File content travels as UTF-8 text in both directions: downloads through get_file_content are capped at 10 MiB, and uploads through upload_file are capped at 4 MiB (the Microsoft Graph simple-upload limit). Binary files aren’t supported; open the web_url returned by list_drive_items to access them directly.

The list_sites, list_drive_items, and list_list_items tools return up to 100 items by default and accept a page_size of up to 999. The search_content tool returns up to 25 hits by default and accepts a page_size of up to 500. The list_lists tool takes no page_size.

Prerequisites

Before you create the server, make sure you have:

  • Access to a Microsoft SharePoint tenant.

  • Permission to register an app in the Microsoft Entra admin center (or an Entra admin who can register one for you).

  • A way to write the OAuth client secret into the Redpanda ADP secret store.

  • For most tenants, a tenant admin who can grant admin consent for the Microsoft Graph scopes. See Grant admin consent.

  • Familiarity with user-delegated OAuth.

Register the Microsoft Entra app

In the Microsoft Entra admin center, go to App registrations > New registration and create an app:

  1. Give the app a descriptive name, for example, Redpanda AI Gateway - SharePoint MCP.

  2. Set Supported account types to single tenant.

  3. Set the Redirect URI to platform Web with the gateway’s OAuth callback for your cluster:

    https://aigw.<cluster-id>.clusters.rdpa.co/oauth/v1/callback

    Replace <cluster-id> with your cluster identifier. The callback path is /oauth/v1/callback.

    The Entra Register an application form with the app name filled in, Supported account types set to single tenant only, and the Redirect URI row set to platform Web with the gateway’s OAuth callback URL

  4. After registering, note the Application (client) ID and Directory (tenant) ID from the app’s Overview page. You need both when you configure the OAuth provider.

    The Entra app’s Overview page with the Essentials pane showing where the Application (client) ID and Directory (tenant) ID values appear

Single-tenant apps must use the tenant-specific Microsoft OAuth endpoints (https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/…​;), not the /common/ endpoints, which can return AADSTS errors for single-tenant apps. Replace <tenant-id> with the Directory (tenant) ID from the app’s Overview page.

Add Microsoft Graph permissions

In the Microsoft Entra admin center, open the app’s API permissions, select Add a permission > Microsoft Graph > Delegated permissions, then add:

Scope Why

Sites.ReadWrite.All

Read and write everything the server touches: sites, document libraries, files, lists, and upload_file. For read-only deployments, use Sites.Read.All instead, which drops upload_file.

offline_access

Issues refresh tokens so connections stay valid over time.

The openid, profile, email, and User.Read scopes come from the OAuth provider’s standard scopes.

The Entra app’s API permissions page listing the delegated Microsoft Graph permissions Sites.ReadWrite.All, Sites.Read.All, offline_access, and User.Read, each with admin consent granted

Use the Microsoft Graph permissions, not the legacy Office 365 SharePoint Online API in the picker. The server calls Microsoft Graph only.

Use the Sites. scopes, not Files.. The server’s file and list endpoints all live under /sites/<site-id>/…​, and its site lookups and content search are also authorized by the Sites.* scopes. The Files.ReadWrite.All scope additionally grants access to users' personal OneDrive, which the server never uses.

Create a client secret

In the Microsoft Entra admin center, open the app’s Certificates & secrets and select New client secret. Give it a description, choose an expiry, and select Add. Copy the secret value immediately; Microsoft never shows it again.

The Entra Certificates & secrets page with the Add a client secret panel open, a description entered, and the recommended 180-day expiry selected

Store the secret in the ADP secret store under an UPPER_SNAKE_CASE key, for example, SHAREPOINT_CLIENT_SECRET. The OAuth provider references the secret by name, so the plaintext never enters the MCP server configuration.

The SharePoint Graph scopes are high-privilege delegated scopes, so most tenants require a tenant admin to consent before any user can connect. A Global Administrator, Privileged Role Administrator, or Cloud Application Administrator opens the app, selects API permissions, then selects Grant admin consent for <org>.

Admin consent does not escalate access: delegated scopes always stay bounded by the signed-in user’s own SharePoint permissions. Admin consent approves the app to request the scopes so that individual users aren’t each prompted. Without it, a non-admin user sees the Need admin approval message on the consent screen.

Configure the OAuth provider

Register an OAuth provider in ADP that points at Microsoft’s tenant-specific endpoints and references the client secret. See Configure an OAuth Provider. The Microsoft / Azure AD preset in the provider catalog pre-fills the endpoints, standard scopes, PKCE, and token auth method; for a single-tenant app, replace its /common/ endpoints with the tenant-specific ones. Use these values:

The provider page also shows the Authorization Callback URL to register as the Entra app’s redirect URI.

The SharePoint OAuth provider detail page showing the authorization callback URL, the tenant-specific Microsoft endpoints, the client ID, the SHAREPOINT_CLIENT_SECRET reference, the Client Secret POST auth method with PKCE required, and the six default scopes

Create the server

Create a new SharePoint MCP server in ADP:

  1. Open MCP Servers > Create server.

  2. Pick SharePoint from the marketplace picker.

    The Create MCP Server marketplace picker filtered to SharePoint, showing the SharePoint managed type card next to the Remote (Proxied) option

  3. Fill in the identity fields (name, description).

  4. Under Auth, select User OAuth (the only option for this type), then set Provider Name to the SharePoint OAuth provider you configured.

  5. Under Required Scopes, add Sites.ReadWrite.All (or Sites.Read.All for a read-only server).

    The Configure SharePoint MCP Server form with User OAuth selected, the SharePoint provider chosen, Sites.ReadWrite.All as a required scope, and the request preview panel showing the resulting userOauth JSON payload

  6. Click Submit.

The required scopes are enforced against each user’s connection. A connection with insufficient scopes returns scope_upgrade_required, and the user re-consents with the higher scope.

Configure from the CLI

Use rpk ai to create the server with a managed config. Set the OAuth provider inside the managed config; the top-level --user-oauth-provider and --user-oauth-scopes flags apply to self-managed servers only.

rpk ai mcp create --name sharepoint \
  --description "SharePoint MCP over Microsoft Graph with per-user OAuth" \
  --managed-config '{
    "@type": "type.googleapis.com/redpanda.mcps.sharepoint.v1.SharePointMCPConfig",
    "userOauth": {
      "providerName": "sharepoint",
      "requiredScopes": ["Sites.ReadWrite.All"]
    }
  }'

Authorize a user and test

The SharePoint server uses per-user OAuth, so each user connects their Microsoft identity before tools work for them:

  1. Open the server in ADP. If you haven’t connected to the SharePoint OAuth provider yet, a connection banner with a Connect button appears above the server’s tabs. Click Connect, sign in to Microsoft, and approve the consent screen. The token lands in the vault keyed to your identity.

    If you call a tool before connecting, the call returns an OAuthConnectionRequired error carrying an authorize_url that points at the gateway’s /oauth/v1/authorize endpoint. Opening that URL in a browser starts the same Microsoft consent flow.

    The SharePoint server page after creation, showing the OAuth connection banner with a Connect button above the Overview, Connection, and Inspector tabs, the MCP server URL, and the Tools section showing a count of eight

  2. Open the server’s Inspector tab and run list_sites with the argument {"search": "*"}. It returns the sites you can see. See Test an MCP Server’s Tools with the Inspector.

    The Inspector tab running list_sites with the search argument set to an asterisk, with the response panel showing a JSON sites array of the SharePoint sites the signed-in user can access

The list_sites tool passes the search term straight to Graph’s /sites?search= endpoint, which returns nothing for an empty search. Pass * to list every site, or a name fragment to narrow the search.

Troubleshooting

Symptom What to check

OAuthConnectionRequired

First call from a user with no stored token. The user completes Microsoft’s OAuth consent flow, the token lands in the vault, and subsequent calls reuse it. See User-delegated OAuth.

Need admin approval on the Microsoft consent screen

A tenant admin hasn’t granted admin consent for the Graph scopes. See Grant admin consent.

scope_upgrade_required

The user’s connection has fewer scopes than the server requires, either because the server’s required scopes grew or because the user originally consented with fewer. The user re-consents with the higher scope.

AADSTS errors during authorization

A single-tenant app is using the /common/ OAuth endpoints. Switch the OAuth provider to the tenant-specific endpoints (https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/…​;).

SharePoint API error (status 403, code: accessDenied)

The signed-in user lacks permission on that site, file, or list. Graph errors surface only the HTTP status and Graph error code; the upstream error message is withheld.

list_sites returns no sites

An empty search returns nothing. Pass * to list every site, or a name fragment.

upload_file fails

The upload_file tool requires the Sites.ReadWrite.All scope; a read-only server configured with Sites.Read.All cannot upload. Content is also capped at 4 MiB and must be UTF-8 text.

get_file_content reports the file exceeds the byte cap

Downloads are capped at 10 MiB. Open the file’s web_url directly instead.

Token expired and no refresh token available

The stored token expired and couldn’t be refreshed. Confirm offline_access is in the OAuth provider’s scopes, then have the user reconnect through the same consent flow.

Next steps