SharePoint Online

SharePoint Online is a cloud-based service hosted by Microsoft that helps organizations share and manage content, knowledge, and applications. You can create sites to share documents and information with colleagues, partners, and customers. For more information, see Introduction to SharePoint Online.

You can connect your Nintex Automation Cloud tenant to your organization's SharePoint Online service so that workflow designers can configure actions like retrieving data from a SharePoint list or updating a list item.

Nintex Automation Cloud supports connections to SharePoint Commercial and FedRAMP-compliant SharePoint GCC environments. See Grant permission for Nintex Automation Cloud to access your SharePoint Online service below.

Before you begin:

Understand SharePoint Online sites, site collections, lists, document libraries, and document sets

SharePoint Online sites and site collections: A SharePoint site is a website that contains different SharePoint components such as Lists, Document Libraries, Calendars, and Task Lists. SharePoint sites can have one or more pages to display content to users.
SharePoint Online lists: A SharePoint list is used to store a collection of data and organize information. Add columns for different types of data, such as text, currency, or multiple choice. You can sort, group, format, and filter lists that can include people, links, pictures, dates, and more. When using a Person or Group column in a SharePoint list with groups enabled, SharePoint Online actions will only support returning the ID property.
SharePoint Online document libraries: A document library is used to store files that teams can work on together. The default SharePoint Online site and any new sites that you create include a document library, and you can create additional document libraries. For example, you can use a document library on a site in SharePoint Online to store all files related to a specific project.
SharePoint Online document sets: A document set organizes multiple related documents into a single view where they can be worked on and managed as a single entity. You can create a document set involving different file formats (for example, Word documents, OneNote notebooks, PowerPoint presentations, Visio diagrams, Excel workbooks, and so on). When a document set content type is added to a library, users can create new instances of the document set in the same way that they create a single document. For more information, see Introduction to Document Sets.

Jump to:

Grant permission for Nintex Automation Cloud to access your SharePoint Online service
Create a connection to SharePoint Online to configure a workflow action
Create a SharePoint Online data lookup

Grant permission for Nintex Automation Cloud to access your SharePoint Online service

Nintex Automation Cloud integrates with SharePoint Online through the Nintex connector for SharePoint Online. A Global Administrator in Azure Active Directory must grant permission for the connector to access your organization’s SharePoint Online content. Once permission is granted by a Global Administrator in Azure Active Directory, Nintex Automation Cloud workflow designers can create connections to individual lists and libraries in SharePoint Online without needing to provide consent repeatedly.

This setup is necessary due to Microsoft's API requirements. For details, see this article. When an Azure Active Directory Global Administrator grants permission to the Nintex connector for SharePoint Online, the connector integrates with SharePoint Online using OAuth 2.0 through the Microsoft Graph API. Permission only needs to be granted once by the Global Administrator for your Nintex Automation Cloud tenant, and then all Nintex Automation Cloud workflow designers can create their own connections to access SharePoint Online data for which they have permissions.

Granting Global Administrator permission to the Nintex connector for SharePoint Online does not give workflow designers unrestricted access to your organization’s SharePoint Online service. Designers will still only be permitted to access data from SharePoint Online lists and libraries where they have the required permissions. For instance, if a workflow designer lacks Read permissions for a list, they will not be able to access its data in their workflows.

Instructions for Global Administrators to grant permissions in Azure Active Directory for the Nintex connector for SharePoint Online

Prerequisites

A Nintex Automation Cloud account with at least the minimum role required in your Nintex Automation Cloud tenant. If you're not sure about the role, use an Administrator role.

Microsoft Azure credentials for an account with the Global Administrator role.

To confirm the role of a Microsoft Azure account:

Navigate to portal.azure.com and log in.
Select or search for Users.
In the search bar, search for the account you want to check.
Select the account.
Select Assigned Roles and confirm that Global Administrator is applied.

To grant permissions for the Nintex connector for SharePoint Online to access your organization's SharePoint Online service

In Nintex Automation Cloud, on the top navigation bar, click Automate and then select Connections on the left menu.
On the Connections page, click Add connection.
In the Add connection panel, select SharePoint Online as the connector and click Next.
In the User authentication method section, select SharePoint Online: Query user profile or SharePoint Online: Site collection administration and click Next.
Note:
When SharePoint Online: Query user profile is selected, the Nintex connector for SharePoint Online application is installed in Azure Active Directory with the following permissions:
- Microsoft Graph: openid
- Microsoft Graph: email
- Microsoft Graph: profile
- Microsoft Graph: offline_access
- Office 365 SharePoint Online: AllSites.Manage
- Office 365 SharePoint Online: User.Read.All
When SharePoint Online: Site collection administration is selected, the Nintex connector for SharePoint Online application is installed in Azure Active Directory with the following permissions:
- Office 365 SharePoint Online: AllSites.FullControl

In Connection settings:
1. Enter a Connection name.
2. Enter the SharePoint Online URL.
Click Connect.
Follow the Microsoft login prompts to enter the credentials for the Azure Active Directory Global Administrator account.
In the Permission requested dialog box shown below, select the Consent on behalf of your organization check box and click Accept.

If the Azure Active Directory Global Administrator grants the permission, that connection can be deleted after the permission is granted for the tenant. After this connection is deleted, from that point on individual users' delegated permissions take over, ensuring that workflow designers can only operate within their own access levels to SharePoint Online, which enhances security and control. Any connection established by designers in their workflows will run under their permissions and therefore can only access sites, lists, and items that the provided credentials have access to so that users can’t bypass SharePoint permissions.

Watch the video below to see these instructions demonstrated.

Create a connection to SharePoint Online to configure a workflow action

Once an Azure Active Directory Global Administrator has granted permission for the Nintex connector for SharePoint Online to access your organization’s SharePoint Online service, workflow designers in Nintex Automation Cloud can create their own connections to configure SharePoint Online workflow actions. These connections rely on REST API and the CSOM library to provide the necessary data required for workflows interacting with SharePoint Online, and will only permit access to the sites, lists, libraries, etc. that the credentials provided are granted. In other words, a workflow designer cannot subvert SharePoint Online permissions in your organization through Nintex Automation Cloud connections.

These connections can be created from the connections page or from the action configuration panel in the workflow designer. The SharePoint Online connector is used to create connections to both SharePoint Online Commercial and FedRAMP-compliant SharePoint Online GCC environments.

If the Azure Active Directory Global Administrator has not granted permission to the Nintex connector for SharePoint Online, workflow designers will encounter an error message when trying to connect to SharePoint Online lists or libraries. The error will indicate that a Global Administrator must grant the necessary permission.

For more information about creating connections and assigning permissions, see Manage connections.

Instructions to create a connection from the Connections page

In Nintex Automation Cloud, on the top navigation bar, click Automate and then select Connections on the left menu.
On the Connections page, click Add connection.
In the Add connection panel, select SharePoint Online as the Connector and click Next.
Select a User authentication method. See Authentication methods for SharePoint Online connections.
In Connection settings:
1. Enter a Connection name.
2. Enter the SharePoint Online URL.
Click Connect.

Instructions to create a connection from the action configuration panel

Under Connection, click Add connection. (If an appropriate connection already exists, select it and move to step 6).
Under Connection name, give your connection a name.
Enter the tenant URL of your organization's SharePoint Online, e.g., https://domain.sharepoint.com.
Click Connect.
You may be prompted to sign in to your organization's Microsoft account. The system might not prompt you to select an authentication method but may automatically use the method associated with the specific action you are configuring. For details on authentication methods for each action, see Authentication methods for SharePoint Online connections.
Enter the URL of the SharePoint Online sub-site you want to use in your workflow action.
Follow the prompts in the configuration panel to configure the rest of the action. These prompts vary depending on the action, and may include entering the name of the specific list or library you would like to access in your workflow.

Authentication methods for SharePoint Online connections

There are several authentication methods that can be used to create a SharePoint Online connection. The authentication method you select depends on the SharePoint Online action you want to use the connection with. For example, if you want to check items in and out of a SharePoint Online library or list, you can create a SharePoint Online connection with the List & Library authentication method.

Use the table below as a guide when you are creating a new connection to determine which authentication method to select. The authentication method only has to be selected when creating a connection through the Connections page. See Instructions to create a connection from the Connections page. When you create a connection from the action configuration panel, the connection is automatically created using the authentication method associated with the specific action you are configuring. See the table below for a list of the authentication methods that are associated with each SharePoint Online workflow action.

Authentication method	Description	SharePoint Online action
SharePoint Online: List and libraries	Used for actions related to: List and document library operations including create, update, and delete query. File operations. Document sets and attachments	SharePoint Online - Query a list SharePoint Online - Create a list SharePoint Online - Delete a list SharePoint Online - Get attachment names SharePoint Online - Get item attachment by name SharePoint Online - Get members of a SharePoint group SharePoint Online - Add attachment to an item SharePoint Online - Copy an item SharePoint Online - Update items SharePoint Online - Create a document set SharePoint Online - Create an item SharePoint Online - Create a folder SharePoint Online - Delete items SharePoint Online - Check out files SharePoint Online - Check in files SharePoint Online - Send document to repository SharePoint Online - Copy or move a file SharePoint Online - Get a file SharePoint Online - Store a file SharePoint Online - Retrieve an item SharePoint Online - Send document set to repository SharePoint Online - Set approval status SharePoint Online - Set document set approval status
SharePoint Online: Site Administration	Used for actions related to site operations such as the following: Deleting sites. Adding and removing users form SharePoint Online groups. Setting list item permissions.	SharePoint Online - Update item permissions SharePoint Online - Create a site SharePoint Online - Delete a site SharePoint Online - Add user to SharePoint group SharePoint Online - Remove user from SharePoint group
SharePoint Online: Site collection administration	Actions related to admin operations such as creating site collections.	SharePoint Online - Create a site collection
SharePoint Online: Query user profile	Actions related to query user profile operations.	SharePoint Online - Query user profile

Create a SharePoint Online data lookup

Use the SharePoint Online data lookup to create a drop-down list of items within a specified SharePoint Online site in a form. Each data lookup is configured for a specific account. You can create as many data lookups as you need. For more information on creating a data lookup and assigning permissions to it, see Data lookups.

For example, use the SharePoint Online - Query a list data lookup in a data lookup form control to list the items in a specified SharePoint Online site.

You can create a data lookup to:

Query a list: List all the items within a specified SharePoint Online site. You can add conditions to limit the returned query results.
Query user profile: List user information of a SharePoint user profile.
Get members of a SharePoint group: List details of members in a SharePoint group.

SharePoint Online data lookup fields

When you create a SharePoint Online data lookup, you can configure additional fields.

To access the data lookup fields, in the Add data lookup section, select the Connector and the Operation.

The following operations are available for the SharePoint Online connector:

Query a list
Query user profile
Get members of a SharePoint group

The configuration fields displayed depend on the operation selected.

Operation	Field or selection	Description
Query a list	Connection	The connection to use for the data lookup. The drop-down lists all the available SharePoint Online connections.
	SharePoint site URL	The URL of the SharePoint Online site containing the list from which you want to retrieve data. Example:https://domain.sharepoint.com/sites/hr
	List name	The name of the SharePoint Online list that you want to use for the data lookup.
	Columns	The list of columns that you want to fetch from the selected SharePoint Online list.
	Item limit	The maximum number of rows to be returned from the queried list.
	Sort by	The column by which you want to sort the query result.
	Ascending/Descending	Sort the query result by ascending or descending order using the Sort by column.
	Conditions	Add a condition to limit returned query results. For fields and settings, see Condition builder.
Query user profile	Connection	The connection to use for the data lookup. The drop-down lists all the available SharePoint Online connections.
	User email address	The email address of the user that you want to query.
Get members of a SharePoint group	Connection	The connection to use for the data lookup. The drop-down lists all the available SharePoint Online connections.
	SharePoint site URL	The URL of the SharePoint Online site that has the group you want. Example:https://domain.sharepoint.com/sites/hr
	Group name	The name of the group from which you want to retrieve members details.