SharePoint

SharePoint is the recommended destination for most production finance reports. It survives personnel changes, has the clearest permissions story of any destination Outpost supports, and every BI tool your team uses already knows how to read from a SharePoint document library.

Register an Azure AD app (one-time, per tenant)

Outpost uses the Microsoft Graph API with client credentials auth. Your tenant needs an app registration that Outpost authenticates as. You register the app once; every SharePoint and OneDrive Connection in your Outpost install can share it.

  1. Sign in to the Azure Portal as an admin
  2. Go to Azure Active Directory → App registrations → New registration
  3. Name it something identifiable like Outpost SuiteApp and leave it single-tenant
  4. After creation, note the Application (client) ID and Directory (tenant) ID from the Overview page
  5. Go to API permissions → Add a permission → Microsoft Graph → Application permissions, add Sites.ReadWrite.All, then click Grant admin consent
  6. Go to Certificates & secrets → New client secret, give it a description and expiry, and copy the secret value immediately. It's only shown once.

Create the Connection in Outpost

  1. In NetSuite, open Outpost by VCG → Connections
  2. Click New Connection and pick SharePoint
  3. Fill in:
    • Connection name. Whatever you want to call it (e.g. Finance SharePoint).
    • SharePoint site URL. The site host and path, e.g. contoso.sharepoint.com/sites/Finance.
    • Folder path. The path inside the site's document library, e.g. /Shared Documents/Outpost Exports.
    • Application (Client) ID. From the Azure app registration.
    • Directory (Tenant) ID. From the Azure app registration.
    • Client secret. Paste the secret you copied at step 6 above.
  4. Click Test connection. Outpost will acquire a token, resolve the site, and write a probe file to confirm permissions. If it fails, see the troubleshooting section below.
  5. Click Save. The Connection is now reusable by any export template.

Configure folder and filename on the export template

When you create an export template that uses this Connection, Step 2 (Destination) lets you override the folder path and set the file name. Supported filename tokens: {date}, {datetime}, {search_id}. For example:

/Shared Documents/Outpost Exports/ar_aging_{date}.csv

Outpost writes a new file per run if you include a token. Without a token, it overwrites the file in place on every run, which is usually what you want for BI consumers that refresh from a stable path.

What to expect on delivery

  • File format: CSV, UTF-8, with a header row
  • Overwrite behavior: Outpost overwrites the file at the exact path you specified. If the parent folder doesn't exist, Outpost creates it.
  • Latency: Typically a few seconds between the saved search finishing and the file appearing in SharePoint. Slower for very large result sets.
  • Metadata: The file shows up in SharePoint with "Modified by" set to the Outpost Azure app registration, not a human user. That's normal.

Tips & gotchas

  • Use the site URL, not the document URL. contoso.sharepoint.com/sites/Finance is correct. contoso.sharepoint.com/sites/Finance/Shared%20Documents/foo.csv is not. The folder path belongs in the Folder field, not the site URL.
  • /Shared Documents is the default document library. Most modern SharePoint sites also have it aliased as /Documents. Either works, but be consistent so your export templates don't scatter files across two paths.
  • Permissions inherit from the parent folder. Anyone with Read access to the target folder can read the file Outpost writes. If you need tighter access, put the Outpost folder inside a permissions-scoped subsite or document library.
  • One app registration, many sites. The same Azure app can write to any SharePoint site in the tenant as long as admin consent covers it. You do not need a separate registration per site.
  • Secret rotation. Azure client secrets expire. Set a calendar reminder for a month before expiry, generate a new secret, and update the Connection. Forgetting this is the single most common cause of silent failures on the SharePoint path.

Permissions & access control

Once Outpost writes the file, downstream access is pure SharePoint. It uses the site's existing permissions model. If a user can browse to the folder in SharePoint, they can open the file. If they can't, they can't. Outpost does not rewrite or override these permissions.

For sensitive reports, put the destination folder inside a dedicated document library with its own permission group rather than relying on site-wide inherited permissions. This is especially important if the site is broadly accessible across the company.

When to pick SharePoint (and when not to)

Troubleshooting

  • AADSTS65001: The user or administrator has not consented. You skipped "Grant admin consent" in step 5 of the app registration. Go back to Azure Portal → App registrations → your app → API permissions and click Grant admin consent.
  • 403 Forbidden on write. The Sites.ReadWrite.All permission is missing or was not consented. Re-check the API permissions page.
  • 404 Site not found. The SharePoint site URL is wrong. It should be the host plus the site path, e.g. contoso.sharepoint.com/sites/Finance, with no https:// prefix.
  • Test works but scheduled runs fail. Almost always an expired client secret. Generate a new one in Azure Portal and update the Connection.

Related

Authenticate your first destination

Create a Connection so Outpost can deliver files to SharePoint, OneDrive, Google Drive, Azure Blob, FTP / SFTP, or the NetSuite File Cabinet.

OneDrive

Set up a OneDrive Connection in Outpost. Good for individual workflows and prototypes; use SharePoint for team-owned production files.

Connect Excel to your Outpost data

Wire Excel to NetSuite saved searches and datasets that Outpost delivers to SharePoint, OneDrive, Google Drive, or File Cabinet.