:Harvey:Support

SharePoint/OneDrive Integration Troubleshooting

Troubleshoot common SharePoint integration issues in Harvey, including unauthorized errors, URL formatting, and access permissions.

Last updated: Jul 7, 2025

Common Setup Issues

Why do users receive an “Unauthorized” error after enabling the integration?

If users encounter an “Unauthorized” error, it may relate to your Azure AD configuration. Here are a few factors to check:

  • If tenant-wide admin consent was granted: Ensure permissions (Files.Read.All, Sites.Read.All, and offline_access) cover all necessary SharePoint/OneDrive access.
  • If user assignment is required: Check that users have been assigned to the Harvey-SharePoint Active Directory App, either directly or through a designated group.
  • In Harvey, try simplifying the resource URL in your settings. Remove any extra directories from the URL to ensure it points directly to the root of your SharePoint site.

For example, update:

https://harveyai.sharepoint.com/harveyai

to:

https://harveyai.sharepoint.com/

This can help prevent authentication or permission errors.

Tenant-wide admin consent is optional but can simplify the integration experience and improve predictability. To grant consent, follow these instructions.

Note: This action will not impact permissions previously granted by individual users.

Can I restrict SharePoint access to specific users?

Yes, Admins can configure access restrictions in two ways:

  1. Azure AD User Assignment: Set the Harvey-SharePoint App to require user assignment, limiting access to specified users.
  2. Harvey Permissions: Selectively grant the SharePoint/OneDrive permission only to users in the workspace that should be able to leverage the integration. Without the permission, users will not be able to authenticate or upload files from Sharepoint/OneDrive.
  3. Harvey Assistance: Contact your Harvey Customer Success Manager to override access settings for select users within your workspace.

Why did automatic knowledge base syncing fail and require re-authentication when I try to manually sync?

The most likely reason for the syncing to stop is the expiration/blocking of the user token and requiring manual re-authentication. Although we usually refresh the token automatically, it may stop working if your organization’s Entra (Azure AD) is set up to require this.

Some configurations that can lead to this issue include:

  1. A restrictive conditional access policy that requires a specific sign-in frequency, a specific MFA frequency, or only allows Microsoft-listed "approved client apps."
  2. Enabling Security Defaults, which revokes existing tokens and forces MFA at a specified frequency, disrupting persistent sync.

Any policy that enforces re-authentication, demands extra claims (such as MFA or a compliant device), or blocks the client app/IP can interrupt automatic syncing until the user signs in to Azure/Microsoft/SharePoint again.

To avoid this, we recommend excluding the Harvey app from these policies or setting up a dedicated integration account and exempting it from the above policies (described below).

How can I setup a dedicated integration service account for syncing a firm knowledge base?

Follow these steps to set up a dedicated integration service account for syncing a firm knowledge base:

  1. Create the service account in Entra (Azure AD).
  2. Create and configure an exclusion group.
  3. Configure conditional access policy exclusions for specific users by email. You can also place the account in a special Azure AD group (e.g., “HarveyIntegrationAccounts”) and exclude that group from relevant policies.
    Image of how to set 'exclude' settings.
  4. Disable MFA for the service account.
  5. Grant appropriate site, file, and folder access. Provide the newly created account access to the limited set of sites and folders needed for syncing to SharePoint.
  6. Use the new dedicated integration account when connecting to SharePoint from Harvey. This will allow you to leverage the integration account while setting up the syncing knowledge base.
  7. Set up the knowledge base and share with specific users or the whole workspace.

Are there limits on how many files or how often we can sync a project?

SharePoint enforces per-app throttling based on resource units. For smaller tenants (up to 1,000 licensed users), apps are allowed approximately 1,250 resource units per minute and 1.2 million per 24 hours, with each file operation typically costing 2 units. Exceeding these limits can temporarily block all SharePoint traffic from our app, including manual "Import from SharePoint" uploads. These limits are global and shared with any other apps using SharePoint. (source: https://learn.microsoft.com/en-us/sharepoint/dev/general-development/how-to-avoid-getting-throttled-or-blocked-in-sharepoint-online)

To avoid throttling, Harvey will maintain low bursts, space requests evenly, honor the Retry-After header, and cap automatically syncing files to ~10,000 per workspace. This approach uses only a fraction of the daily quota, leaving room for manual uploads and other SharePoint activity.

Why am I encountering an error when setting up a synced knowledge base?

If you encounter an error message like “Something went wrong when connecting to your integration. Please reconnect manually and try again” while setting up a synced knowledge base, it is likely due to expired or invalid SharePoint tokens.

To resolve this issue, disconnect your SharePoint connection in Harvey and then reconnect. This should establish the connection with new tokens, allowing you to set up a synced knowledge base.