SharePoint

Important: This is a beta feature.

The SharePoint connector enables Nintex Apps to interact with Microsoft SharePoint lists through either a user-based authenticated connection or through a service account. Use this connector to allow end users to perform create, read, update, and delete (CRUD) operations on SharePoint list items directly from an app. You can further enhance these operations with UI design and component usage, as well as streamlining complex processes by using action flows.

Supported CRUD operations:

  • Create: Add new items to SharePoint lists
  • Read: Retrieve list items and metadata
  • Update: Modify existing list items
  • Delete: Remove items from SharePoint lists

There are some limitations on supported field types. See the Constraints section.

Jump to: 

Prerequisites

Before connecting Nintex Apps to SharePoint, ensure you have:

  • A Microsoft 365 account with access to the target SharePoint site
  • Permissions to register applications in Azure Active Directory (for OAuth setup)
  • The SharePoint site URL and list names you want to access

Terminology

Root site vs. subsites

  • Root site: The top-level SharePoint site in your tenant (e.g., https://contoso.sharepoint.com). For more information, see Microsoft's modern root site documentation.
  • Subsite: A site created under a root site (e.g., https://contoso.sharepoint.com/sites/marketing)

For detailed information about SharePoint information architecture, see Microsoft's SharePoint information architecture documentation.

Technical notes

  • The SharePoint connector uses SharePoint REST APIs (not Microsoft Graph APIs)
  • Supported authentication: OAuth 2.0 Authorization Code flow (user-based), certificate-based authentication (service account)

Constraints

Subsites must be accessed via root site

The SharePoint connector requires connections to be configured at the root site level. You cannot directly specify subsites in the connection configuration. Instead, connect to the root site and select the appropriate subsite when creating models (see Using the SharePoint connector in Nintex Apps).

Image field display

Image field types are not fully supported for display in Nintex Apps. You can retrieve image URLs, but inline rendering is limited.

Unsupported field types

The following SharePoint field types are not currently supported:

  • Location
  • Average ratings
  • Groups
  • Managed Metadata
  • Item Attachments (list of files)
  • Managed Metadata column

The following SharePoint field types are coming soon:

  • MultiChoice

  • LookupMulti

  • Files and Drive Folders

The following SharePoint fields have partial support:

  • User: Can read, but cannot create, update, or delete
  • Image: Can retrieve link to image, but cannot show thumbnail or upload/download

Configuration

The SharePoint connector supports two authentication methods: a user-based method where delegated permissions are applied and a service account-based method with application permissions.

User-based authentication allows each Nintex Apps user to authenticate with their own Microsoft credentials. This enables user-specific data filtering based on the running user's SharePoint permissions.

Considerations:

  • User-specific permissions are applied automatically
  • Supports running user attribute for data filtering
  • Individual accountability and audit trails
  • Each user must authenticate separately
  • Requires managing OAuth consent for each user

Use cases:

  • User-specific filtering with the running user attribute
  • Scenarios where each user needs their own SharePoint permissions applied
  • Delegated access models where users authenticate as themselves

Step 1: Register an application in Azure Active Directory

  1. Sign in to the Azure Portal.

  2. Use the search bar to navigate to Azure Active Directory.

  3. Go to App registrations.

  4. Click New registration.

  5. Configure the application:

    • Name: Enter a descriptive name (e.g., " Nintex Apps SharePoint Connector")
    • Supported account types: Select "Accounts in this organizational directory only" (single tenant)
    • Redirect URI: Click Add a platform > Web, then enter your Nintex callback URL:
      •  https://[subdomain].nintex.app/auth/oauth/callback

      For more information, see Nintex callback URLs documentation.

  6. Click Register.

  7. After registration, note the Application (client) ID and Directory (tenant) ID from the Overview page — you'll need both for the Nintex Apps connection.

Step 2: Configure API permissions

  1. In your registered app, go to Manage > API permissions.

    For navigation guidance, see Microsoft's API permissions documentation.

  2. Click Add a permission > SharePoint (not Microsoft Graph).

Note: We use SharePoint scope instead of Graph APIs scope.

  1. Select Delegated permissions.
  2. Add one of the following permissions:
    1. AllSites.Write — Read and write items in all site collections (recommended)
    2. AllSites.FullControl — Full control over all site collections (use sparingly)
  1. Click Add permissions.
  2. Click Grant admin consent to approve the permissions.

Step 3: Enable access tokens

  1. In your registered app, go to Authentication.
  2. Under Implicit grant and hybrid flows, select Access tokens.
  3. Click Save.

Step 4: Create a client secret

  1. In your registered app, go to Certificates & secrets.
  2. Under Client secrets, click New client secret.
  3. Add a description (e.g., " Nintex Apps SharePoint Connector Secret").
  4. Select an expiration period (6 months, 12 months, 24 months, or Custom).
  5. Click Add.
  6. Copy the secret value.

Important: The secret value should be copied immediately. It will not be shown again.

Step 5: Create the connection in Nintex Apps

  1. In Nintex Apps, go to Connections.

  2. Click Create.

  3. Select Microsoft SharePoint as the connector.

  4. Enter a connection name (e.g., "ProductionSharePoint").

  5. Click Next.

  6. Enter the SharePoint Online Tenant URL.

  7. Click Save.

  8. Click Authentication.

  9. Configure authentication settings:

    • Authentication method: OAuth 2.0 / OpenID

    • Grant type: Authorization Code

    • Authorize URL: https://login.microsoftonline.com/Directory (tenant) ID>/oauth2/v2.0/authorize

      • Replace <Directory (tenant) ID> with your Azure AD tenant ID.

    • Access token URL: https://login.microsoftonline.com/(Directory) (tenant) ID>/oauth2/v2.0/token

      • Replace <Directory (tenant) ID> with your Azure AD tenant ID.

    • Callback URL / Redirect URI: Auto-populated, should match the redirect URI you configured in Azure
      Scopes: https://<root_site_domain>.sharepoint.com/.default

      • Replace <root_site_domain> with your SharePoint tenant domain (e.g., https://contoso.sharepoint.com/.default).

    • Client ID: Paste the Application (client) ID from Azure

    • Client secret: Paste the client secret value

  10. Click Save.

Service account authentication uses a single dedicated Microsoft service account and certificate-based authentication to connect on behalf of all Nintex Apps users. This is useful when all users should have the same SharePoint permissions and user-specific filtering is not required.

Considerations:

  • Centralized authentication using a single service account
  • No individual user authentication required
  • Simplified permission management
  • Certificate-based security (no expiring secrets)
  • All users share the same permissions
  • No user-specific data filtering
  • Requires certificate management

Use cases:

  • Scenarios where all users need the same SharePoint access level
  • Simplified permission management

Step 1: Generate a certificate in Nintex Apps

  1. In Nintex Apps, go to Settings > Certificates.
  2. Click Create.
  3. Configure the certificate:
    1. Name: Enter a descriptive name (e.g., "SharePointServiceAccountCertificate")
    2. Key size: Leave at default setting
    3. Type: Leave at default setting
  4. Click Create.
  5. Once created, click More Options next to the newly created certificate.
  6. Click Configure.
  7. Click Download certificate.
  8. Save the certificate file — you'll upload this to Azure AD in a later step.

Step 2: Register an application in Azure Active Directory

  1. Sign in to the Azure Portal.
  2. Use the search bar to navigate to Azure Active Directory.
  3. Go to App registrations.
  4. Click New registration.
  5. Configure the application:
    1. Name: Enter a descriptive name (e.g., " Nintex Apps SharePoint Service Account")
    2. Supported account types: Select "Accounts in this organizational directory only" (single tenant)
    3. Redirect URI: Not required for service account flow
  6. Click Register.
  7. After registration, note the Application (client) ID and Directory (tenant) ID from the Overview page.

Step 3: Configure API permissions

  1. In your registered app, go to Manage > API permissions.
  2. Click Add a permission > SharePoint (not Microsoft Graph).
  3. Select Application permissions (not Delegated).
  4. Add one of the following permissions:
    1. Sites.ReadWrite.All — Read and write items in all site collections
    2. Sites.FullControl.All — Full control over all site collections
  5. Click Add permissions.
  6. Click Grant admin consent.

Step 4: Upload the certificate to Azure AD

  1. In your registered app, go to Certificates & secrets.
  2. Select the Certificates tab.
  3. Click Upload certificate.
  4. Select the certificate file downloaded from Nintex Apps in Step 1: Generate a certificate in Nintex Apps..
  5. Add a description (e.g., " Nintex Apps Service Account Certificate").
  6. Click Add.

Step 5: Create the connection in Nintex Apps

  1. In Nintex Apps, go to Connections.

  2. Click Create.

  3. Select Microsoft SharePoint as the connector.

  4. Enter a connection name (e.g., "SharePointServiceAccount").

  5. Click Next.

  6. Enter the SharePoint Online Tenant URL.

  7. Click Save.

  8. Click Authentication.

  9. Configure authentication settings:

    • Authentication method: Service account

    • Certificate: Select the certificate generated and uploaded to the app registration in Step 1: Generate a certificate in Nintex Apps.

    • Tenant ID: Paste the Directory (tenant) ID from the app registration Overview page

    • Client ID: Paste the Application (client) ID from the app registration Overview page

  10. Click Save.

The connection is now configured and authenticated as the service account for all users.

Using the SharePoint connector in Nintex Apps

Creating a model from a SharePoint list

  1. In Nintex Apps, create a new page or open an existing one in the Page Designer.
  2. Click the Models tab.
  3. Click Add a model.
  4. Add a model name and description.
  5. Select the configured SharePoint connection.
  6. Select the Subsite you want to access the list from.
  7. In the Object field, select the SharePoint list.
  8. Click OK.

Once the model is created, all standard Nintex Apps model features are available, including conditions, filters, and model actions. For more information on model features, see Create and configure models.

Troubleshooting

Cause: The scope or client ID was not saved correctly in the Nintex Apps connection configuration.

Solution:

  1. Verify the Scopes field matches: https://<root_site_domain>.sharepoint.com/.default
  2. Verify the Client ID matches the Application (client) ID from Azure AD.
  3. Click Save and try authenticating again.

Cause: Access tokens are not enabled in the Azure AD app registration.

Solution:

  1. Go to the Azure Portal.
  2. Navigate to Azure Active Directory > App registrations.
  3. Select your SharePoint connector app registration.
  4. Go to Authentication.
  5. Under Implicit grant and hybrid flows, select Access tokens.
  6. Click Save.
  7. Clear your browser cache and hard reload the page.
  8. Try authenticating again in Nintex Apps.