Unifize’s integration with SharePoint and Microsoft 365 enables users to seamlessly access, manage, and collaborate on documents within a unified workspace. To ensure secure and functional operation, both SharePoint permissions and Microsoft 365 permissions are required. Here's a complete breakdown of the access levels necessary.
To enable integration at the organizational or tenant level, admin-level access is required. This is necessary for Unifize to authenticate, connect, and interact with SharePoint resources.
Microsoft Graph API permissions:
Sites.ReadWrite.All → Allows Unifize to read and write to all site collections on behalf of the signed-in user.
Files.ReadWrite.All → Enables full access to all files the user has access to.
These permissions need to be granted by a Microsoft 365 Global Administrator during the initial connection setup.
Once integration is set up, each Unifize user interacting with SharePoint must have appropriate permissions within the SharePoint site or document library. These are needed for accessing, editing, uploading, or collaborating on documents.
Users will see permission errors inside Unifize if their SharePoint roles do not match the operation they’re trying to perform (e.g., upload, rename, lock/unlock files).
To enhance collaboration using tools like Word, Excel, and Teams inside Unifize, users need the following permissions at the Microsoft 365 level:
Microsoft 365 License:
Ensure users are licensed for SharePoint Online and Office Online (Word, Excel, etc.)
Teams Integration (optional):
Unifize uses OAuth2 and Microsoft Identity Platform for secure access:
Tokens are scoped to the signed-in user
Permissions are enforced based on what the user has in Microsoft 365 and SharePoint
Admin consent is required only once unless permissions change
Use SharePoint permission inheritance carefully to avoid unwanted access escalation.
If users report access errors in Unifize: check both SharePoint library permissions and their Microsoft 365 license.
Maintain a least-privilege approach: grant only what is necessary per role.
User.Read → Grants read access to the user's profile.
offline_access → Allows Unifize to maintain access using refresh tokens even when the user is offline.
Chat.ReadWrite and Teams.ReadBasic.All if Teams chat or group-based workflows are used within UnifizeRead
Viewing linked documents
Library or Folder
Contribute
Uploading new documents, editing existing ones
Library
Edit
Managing document metadata, versioning
Library
Full Control
Site admin operations, managing permissions
Initial Integration Setup
Microsoft 365 Global Admin
Sites.ReadWrite.All, Files.ReadWrite.All, offline_access
Daily Use of SharePoint via Unifize
End User
SharePoint site-specific (Read, Contribute, Edit)
Office 365 Document Editing
End User
Valid license for Office Online
Admin Management of Files
SharePoint Admin or Site Owner
Site (Admin only)
Full Control