Optimizely Connect for SharePoint provides a transparent connection between Optimizely and Microsoft SharePoint®. The connector copies documents, blocks, or other items from SharePoint document libraries and lists them automatically. Updates occur on a scheduled or manual basis and are available to the CMS as media or blocks.
You can configure this connector for SharePoint on-premises or SharePoint online. Skip directly to the section for the SharePoint implementation you use.
SharePoint on-premises
Copy assets from a SharePoint repository
Optimizely compares files from a SharePoint view on the SharePoint server with files in the database and, if a difference exists, copies the SharePoint files to the database. The comparison is based on the GUID of the file. So, if you copy a file called Red to the database, then change the file name to Blue on the SharePoint server, Optimizely detects the change and copies the Blue file, overwriting the Red file (because it has the same GUID).
-
Go to Admin > Config > Tool Settings > Connect For SharePoint (Settings > Tools > Connect For SharePoint). The Connect For SharePoint page displays.
- Complete the Connect for SharePoint page with the following information:
- Site URL – Specify the URL of the SharePoint repository.
-
Connection type – Select On premises if you have a local on-premises SharePoint repository. On-premises has only the Basic authentication (NTLM) type option.
You can switch between local on-premises and online cloud repositories and have both repositories copy files to the same media folder or different folders. See SharePoint On-Premises VS. SharePoint Online (2013). - Click Test Connection to verify that your connection to the SharePoint repository is valid. If valid, a list of SharePoint views displays.
- Select one or more lists and corresponding views.
- Documents
- Form Templates
- Site Assets
- Site Pages
- Style Library
-
Select folder – Choose an empty Optimizely Content Management System (CMS) or Optimizely Commerce Connect folder into which SharePoint assets are copied. You must select an empty folder. If you do not have an empty folder, enable Create New Sub-Folder and create an empty folder.
-
Select the SharePoint views from which you want to copy the files. Most views copy files to the Media assets panel, but a custom list view is copied to the Blocks assets panel.
-
Click Save to copy selected files from the SharePoint repository to Optimizely. The Remaining items value decreases to 0 as the file assets are copied.
Click Refresh to display whether new or changed assets were added to the SharePoint repository. -
Go to CMS edit view and select the Media folder to see the uploaded SharePoint content items.
SharePoint online
If you use SharePoint online, you must use modern authentication, which requires you to first register an application in Microsoft Entra ID and grant SharePoint API permissions.
Select Online if you have a remote Office 365 SharePoint repository. Online has only the Modern authentication type option.
Set up modern authentication for SharePoint online
Before configuring Modern authentication in Optimizely, register an application in Microsoft Entra ID and grant the required SharePoint permissions.
Step 1 – Register an application in Microsoft Entra ID
- Sign in to the Azure portal.
- Go to Microsoft Entra ID > App registrations > New registration.
- Enter a name for the application (for example, Optimizely SharePoint Connector).
- Select Accounts in this organizational directory only for Supported account types.
- Leave Redirect URI blank.
- Click Register.
- Copy the Application (client) ID and Directory (tenant) ID on the app overview page. You need these when configuring the connector.
Step 2 – Create a credential
The connector supports two credential types. Certificate-based authentication is recommended because it is required for Sites.Selected permissions and avoids secret expiry.
-
Option A – Client secret (simpler setup)
- In your app registration, go to Certificates & secrets > Client secrets > New client secret.
- Enter a description and choose an expiry period.
- Click Add.
- Copy the Value of the secret immediately. It will not be shown again.
-
Option B – Certificate (recommended)
-
Create a self-signed certificate using PowerShell:
$cert = New-SelfSignedCertificate -Subject "CN=Optimizely SharePoint Connector" -CertStoreLocation "Cert:\LocalMachine\My" -KeyExportPolicy Exportable -KeySpec Signature -KeyLength 2048 -HashAlgorithm SHA256 -NotAfter (Get-Date).AddYears(2) Export-Certificate -Cert $cert -FilePath "SharePointConnector.cer" - Go to Certificates & secrets > Certificates > Upload certificate in your app registration. Upload the
.cerfile. - Save the Thumbprint. You will need it when configuring the connector.
-
Ensure the certificate (with private key) is installed in the Windows Certificate Store (Local Machine\Personal) on the server running the CMS site. The IIS application pool identity must have read access to the certificate's private key.
Certificate-based credentials are not currently supported in Optimizely DXP.
-
Step 3 – Grant SharePoint API permissions
- Go to API permissions > Add a permission in your app registration.
- Select SharePoint (not Microsoft Graph) > Application permissions.
- Select the permissions the connector needs:
- Sites.Read.All – Read access to all site collections (minimum required).
- Sites.ReadWrite.All – Required if write access is needed.
- Sites.Selected – Restricts access to specific sites; requires certificate authentication.
- Click Add permissions.
- Click Grant admin consent for [your organization] and confirm. Verify that all permissions show a green checkmark under Status.
Select permissions under SharePoint, not Microsoft Graph. Both APIs have similarly named permissions, but only SharePoint application permissions work with this connector.
Step 4 – Verify app-only access is enabled
SharePoint Online has a tenant-level setting that can block app-only access. Verify it is enabled using SharePoint Online Management Shell or Azure Cloud Shell:
Install-Module -Name Microsoft.Online.SharePoint.PowerShell
Connect-SPOService -Url https://{tenant}-admin.sharepoint.com
Get-SPOTenant | Select-Object DisableCustomAppAuthentication
Set-SPOTenant -DisableCustomAppAuthentication $falseIf DisableCustomAppAuthentication returns True, run the final command above to enable app-only access.
Step 5 – Grant per-site access (Sites.Selected only)
If you chose Sites.Selected in step 3, grant the app access to each site individually using Microsoft Graph PowerShell:
Install-Module Microsoft.Graph.Sites
Connect-MgGraph -Scopes "Sites.FullControl.All"
$site = Get-MgSite -Search "your-site-name"
New-MgSiteSPermission -SiteId $site.Id -BodyParameter @{ roles = @("read");
grantedToIdentities = @(@{ application = @{ id = "YOUR_APP_CLIENT_ID";
displayName = "Optimizely SharePoint Connector" } }) }Replace YOUR_APP_CLIENT_ID with the Application (client) ID from Step 1. Repeat the command for each site the connector needs to access.
Troubleshoot authentication for SharePoint online
The following table describes common authentication errors and solutions for SharePoint online.
| Problem | Solution |
| "Unauthorized" error with Modern auth | Verify the Client ID, Client Secret, and Tenant ID are correct. Ensure admin consent has been granted for the API permissions (green checkmark in Status column). |
| "Unauthorized" after token succeeds | App-only access may be disabled at the tenant level. Check with Get-SPOTenant | Select-Object DisableCustomAppAuthentication. If True, run Set-SPOTenant -DisableCustomAppAuthentication $false (see Step 3b). |
| "Unsupported app only token" | You may be using a client secret with Sites.Selected permission. Switch the credential type to Certificate, or use Sites.Read.All with a client secret instead. |
| Token request fails (400 Bad Request) | Verify the Tenant ID is the GUID from Entra ID Overview. Confirm the client secret has not expired. Ensure the SharePoint URL starts with https://. |
| No roles claim in token | Admin consent was not applied. Go to API permissions and click Grant admin consent for [your organization]. Obtain a new token after consenting. |
| "Access denied" to specific lists | The app registration may need higher-level permissions (for example, Sites.ReadWrite.All). Grant the required permissions and re-consent. |
| On-premises connection fails | Ensure the account has access to the SharePoint site and that NTLM authentication is enabled on the server. |
Update SharePoint assets automatically
You can set Connect for SharePoint to automatically import updated SharePoint documents and files into Optimizely and set the interval between checks of the SharePoint repository for changes.
From the top menu, go to Settings > Scheduled Jobs > SharePoint Update. The SharePoint update screen appears.
-
Settings tab:
- Active – Enable the check box to set a scheduled interval for importing SharePoint files into Optimizely.
- Scheduled job interval – Set the number and time units between each running of the SharePoint update job. For example, the job can automatically check for changes every 3 hours (or every 5 minutes or every 2 days).
- Next scheduled date – Specify when you want the automatic intervals to begin.
- Save – Click to set the automatic schedule.
- Start Manually – Click to compare media assets on the SharePoint site with those previously imported into Optimizely, and copy them if changes exist.
- History tab displays status messages.
SharePointBlockData
The SharePointBlockData is a default reference data type that is used by the default SharePoint Processor to convert Custom List items into Optimizely Blocks. A developer can use the SharePointProcessor API as an example to create custom Optimizely block types to pull data from their SharePoint Custom List.
Please sign in to leave a comment.