> ## Documentation Index
> Fetch the complete documentation index at: https://doc.lucidworks.com/llms.txt
> Use this file to discover all available pages before exploring further.

# SharePoint Optimized V2

> The SharePoint Optimized V2 connector indexes content and metadata from SharePoint Online and on-premises environments, making it searchable in Fusion.

export const schema = {
  "type": "object",
  "title": "SharePoint Optimized (v2)",
  "description": "An Optimized Connector for SharePoint 2010, 2013, 2016, 2019 and SharePoint Online",
  "required": ["parserId", "id", "properties", "pipeline"],
  "properties": {
    "created": {
      "type": "string",
      "title": "Date Created",
      "description": "The date at which this Configuration was created.",
      "hints": ["readonly", "hidden"]
    },
    "description": {
      "type": "string",
      "title": "Description",
      "description": "Optional description",
      "hints": ["lengthy"],
      "maxLength": 125
    },
    "collection": {
      "type": "string",
      "title": "Collection ID",
      "description": "The associated content Collection.",
      "hints": ["readonly", "hidden"],
      "minLength": 1,
      "pattern": "^[a-zA-Z0-9_-]+$"
    },
    "type": {
      "type": "string",
      "title": "Type",
      "description": "A type ID for this connector.",
      "hints": ["readonly", "hidden"]
    },
    "pipeline": {
      "type": "string",
      "title": "Pipeline ID",
      "description": "Name of the IndexPipeline used for processing output.",
      "minLength": 1,
      "pattern": "^[a-zA-Z0-9_-]+$"
    },
    "diagnosticLogging": {
      "type": "boolean",
      "title": "Diagnostic Logging",
      "description": "Enable diagnostic logging; disabled by default",
      "default": false
    },
    "connector": {
      "title": "Connector Type",
      "description": "Connector type.",
      "minLength": 1,
      "type": "string",
      "hints": ["hidden"]
    },
    "parserId": {
      "type": "string",
      "title": "Parser ID",
      "description": "The Parser to use in the associated IndexPipeline."
    },
    "coreProperties": {
      "type": "object",
      "title": "Core Properties",
      "description": "Common behavior and performance settings.",
      "required": [],
      "properties": {
        "fetchSettings": {
          "type": "object",
          "title": "Fetch Settings",
          "description": "System level settings for controlling fetch behavior and performance.",
          "required": [],
          "properties": {
            "pluginInstances": {
              "type": "number",
              "title": "Number of plugin instances for distributed fetching",
              "description": "Maximum number of plugin instances for distributed fetching. Only specified number of plugin instanceswill do fetching. This is useful for distributing load between different instances.",
              "default": 1,
              "maximum": 1,
              "exclusiveMaximum": false,
              "minimum": 1,
              "exclusiveMinimum": false,
              "multipleOf": 1
            },
            "asyncParsing": {
              "type": "boolean",
              "title": "Async Parsing",
              "description": "When enabled, content will be indexed asynchronously.",
              "default": false
            },
            "fetchItemQueueSize": {
              "type": "number",
              "title": "Fetch Item Queue Size",
              "description": "Size of the fetch item queue.Larger values result in increased memory usage, but potentially higher performance.Default is 10k.",
              "default": 10000,
              "hints": ["hidden"],
              "maximum": 500000,
              "exclusiveMaximum": false,
              "minimum": 1,
              "exclusiveMinimum": false,
              "multipleOf": 1
            },
            "fetchRequestCheckInterval": {
              "type": "number",
              "title": "Fetch request check interval(ms)",
              "description": "The amount of time to wait before check if a request is done",
              "default": 15000,
              "hints": ["hidden"],
              "maximum": 500000,
              "exclusiveMaximum": false,
              "minimum": 1000,
              "exclusiveMinimum": false,
              "multipleOf": 1
            },
            "fetchResponseScheduledTimeout": {
              "type": "number",
              "title": "Fetch response scheduled timeout(ms)",
              "description": "The maximum amount of time for a response to be scheduled. The task will be canceled if this setting is exceeded.",
              "default": 300000,
              "maximum": 500000,
              "exclusiveMaximum": false,
              "minimum": 1000,
              "exclusiveMinimum": false,
              "multipleOf": 1
            },
            "fetchResponseCompletedTimeout": {
              "type": "number",
              "title": "Fetch response completion timeout(ms)",
              "description": "The maximum amount of time for a response to be completed. If exceeded, the task will be retried if the job is still running",
              "default": 300000,
              "hints": ["hidden"],
              "maximum": 600000,
              "exclusiveMaximum": false,
              "minimum": 1,
              "exclusiveMinimum": false,
              "multipleOf": 1
            },
            "indexingInactivityTimeout": {
              "type": "number",
              "title": "Indexing inactivity timeout(seconds)",
              "description": "The maximum amount of time to wait for indexing results (in seconds). If exceeded, the job will fail with an indexing inactivity timeout.",
              "default": 86400,
              "maximum": 691200,
              "exclusiveMaximum": false,
              "minimum": 60,
              "exclusiveMinimum": false,
              "multipleOf": 1
            },
            "pluginInactivityTimeout": {
              "type": "number",
              "title": "Plugin inactivity timeout(seconds)",
              "description": "The maximum amount of time to wait for plugin activity (in seconds). If exceeded, the job will fail with a plugin inactivity timeout.",
              "default": 600,
              "maximum": 691200,
              "exclusiveMaximum": false,
              "minimum": 60,
              "exclusiveMinimum": false,
              "multipleOf": 1
            },
            "indexMetadata": {
              "type": "boolean",
              "title": "Index metadata",
              "description": "When enabled the metadata of skipped items will be indexed to the content collection.",
              "default": false
            },
            "indexContentFields": {
              "type": "boolean",
              "title": "Index content fields",
              "description": "When enabled, content fields will be indexed to the crawl-db collection.",
              "default": false
            },
            "numFetchThreads": {
              "type": "number",
              "title": "Fetch Threads",
              "description": "Maximum number of fetch threads; defaults to 20.This setting controls the number of threads that call the Connectors fetch method.Higher values can, but not always, help with overall fetch performance.",
              "default": 20,
              "maximum": 500,
              "exclusiveMaximum": false,
              "minimum": 1,
              "exclusiveMinimum": false,
              "multipleOf": 1
            },
            "indexingThreads": {
              "type": "number",
              "title": "Index Subscription Threads",
              "description": "Maximum number of indexing threads; defaults to 4.This setting controls the number of threads in the indexing service used for processing content documents emitted by this datasource.Higher values can sometimes help with overall fetch performance.",
              "default": 4,
              "maximum": 10,
              "exclusiveMaximum": false,
              "minimum": 1,
              "exclusiveMinimum": false,
              "multipleOf": 1
            }
          },
          "interfaces": ["com.lucidworks.fusion.connector.plugins.sharepoint.config.SharepointConfig$CoreSharepointConfig$SharepointFetchSettings", "com.lucidworks.fusion.connector.plugin.api.config.CoreConfig$FetchSystemSettings"]
        }
      },
      "interfaces": ["com.lucidworks.fusion.connector.plugins.sharepoint.config.SharepointConfig$CoreSharepointConfig", "com.lucidworks.fusion.connector.plugin.api.config.CoreConfig"],
      "hints": ["advanced"]
    },
    "modified": {
      "type": "string",
      "title": "Date Modified",
      "description": "The date at which this Configuration was last modified.",
      "hints": ["readonly", "hidden"]
    },
    "id": {
      "type": "string",
      "title": "Configuration ID",
      "description": "A unique identifier for this Configuration.",
      "minLength": 1,
      "pattern": "^[a-zA-Z0-9_-]+$"
    },
    "category": {
      "type": "string",
      "title": "Category",
      "default": "An Optimized Connector for SharePoint 2010, 2013, 2016, 2019 and SharePoint Online",
      "hints": ["hidden", "readonly"]
    },
    "properties": {
      "type": "object",
      "title": "SharePoint properties",
      "description": "Plugin specific properties.",
      "required": ["webApplication"],
      "properties": {
        "webApplication": {
          "type": "object",
          "title": "Web application config",
          "description": "The SharePoint Web application to crawl.",
          "required": ["webApplicationUrl"],
          "properties": {
            "webApplicationUrl": {
              "type": "string",
              "title": "Web application URL",
              "minLength": 1
            },
            "fetchSiteCollections": {
              "type": "boolean",
              "title": "Fetch all site collections",
              "description": "This feature requires site collection administrator rights on your Sharepoint instance. If enabled, the sharepoint crawler will fetch all site collections from the web application automatically. If not enabled, you must explicitly list all site collections in the siteCollections parameter.",
              "default": true
            },
            "doNotRunExporter": {
              "type": "boolean",
              "title": "Skip Exporter",
              "description": "No longer used.",
              "default": false,
              "hints": ["hidden", "advanced"]
            },
            "forceFullCrawl": {
              "type": "boolean",
              "title": "Force Full Crawl",
              "description": "Do this if you want to force a full crawl each time you run this datasource.",
              "default": false,
              "hints": ["advanced"]
            },
            "aclsOnlyCrawl": {
              "type": "boolean",
              "title": "Only Crawl ACLs (no longer used)",
              "description": "Kept for back compat. Not used.",
              "default": false,
              "hints": ["hidden"]
            },
            "siteCollections": {
              "type": "array",
              "title": "Site collection list",
              "description": "A list of site collections to crawl. Because only site collection administrators or site collection auditors can list the site collections in a SharePoint web application, you can use this when you are crawling as a user that is not an admin/auditor. This allows you to explicitly list site collections you want to crawl. Specify paths relative to the web application url, such as /sites/site1",
              "default": [],
              "items": {
                "type": "string",
                "minLength": 1
              }
            },
            "includedFileExtensions": {
              "type": "array",
              "title": "Included file extensions",
              "description": "Set of file extensions to be fetched. If specified, all non-matching files will be skipped.",
              "default": [],
              "items": {
                "type": "string",
                "minLength": 1
              }
            },
            "excludedFileExtensions": {
              "type": "array",
              "title": "Excluded file extensions",
              "description": "A set of all file extensions to be skipped from the fetch.",
              "default": [],
              "items": {
                "type": "string",
                "minLength": 1
              }
            },
            "inclusiveRegexes": {
              "type": "array",
              "title": "Inclusive regexes",
              "description": "Regular expressions for URI patterns to include. This will limit this datasource to only URIs that match the regular expression.",
              "default": [],
              "items": {
                "type": "string",
                "minLength": 1
              }
            },
            "exclusiveRegexes": {
              "type": "array",
              "title": "Exclusive regexes",
              "description": "Regular expressions for URI patterns to exclude. This will limit this datasource to only URIs that do not match the regular expression.",
              "default": [],
              "items": {
                "type": "string",
                "minLength": 1
              }
            },
            "includeContentsExtensions": {
              "type": "array",
              "title": "Include extensions for having contents downloaded",
              "description": "Only files with these file extensions will not have their contents downloaded when indexing this item. The list item metadata will still be indexed but the file contents will not. The comparison is not case sensitive, and you do not have to specify the '.' but it still work if you do. For example \"zip\" and \".zip\" are both acceptable. The whitespace will also be trimmed.",
              "default": [],
              "items": {
                "type": "string"
              }
            },
            "excludeContentsExtensions": {
              "type": "array",
              "title": "Exclude extensions from having contents downloaded",
              "description": "File extensions of files that will not have their contents downloaded when indexing this item. The list item metadata will still be indexed but the file contents will not. The comparison is not case sensitive, and you do not have to specify the '.' but it still work if you do. For example \"zip\" and \".zip\" are both acceptable. The whitespace will also be trimmed.",
              "default": [],
              "items": {
                "type": "string"
              }
            },
            "regexCacheSize": {
              "type": "number",
              "title": "",
              "default": 10000,
              "hints": ["hidden"],
              "maximum": 2147483647,
              "exclusiveMaximum": false,
              "minimum": -2147483648,
              "exclusiveMinimum": false,
              "multipleOf": 1
            },
            "restrictToSpecificItems": {
              "type": "array",
              "title": "Restrict to specific SharePoint items",
              "description": "Instead of specifying regular expressions to restrict the SharePoint items that are crawled, this allows you to specify specific SharePoint item URLs of the resources that are to be crawled. The crawl will then be restricted to only include these specified SharePoint items URLs. You can specify list, sub-site, folder, and list item URLs.",
              "default": [],
              "items": {
                "type": "string",
                "minLength": 1
              }
            },
            "restrictToSpecificSubsites": {
              "type": "array",
              "title": "Restrict to specific sub-sites (no longer used)",
              "description": "Restrict crawl to specific sub-sites.",
              "default": [],
              "hints": ["hidden"],
              "items": {
                "type": "string",
                "minLength": 1
              }
            }
          },
          "interfaces": ["com.lucidworks.fusion.connector.plugins.sharepoint.config.WebApplicationConfig", "com.lucidworks.fusion.connector.checker.config.ExtensionConfig$Properties", "com.lucidworks.fusion.connector.checker.config.RegexConfig$Properties", "com.lucidworks.fusion.connector.checker.config.RegexCacheConfig"]
        },
        "apiQueryRowLimit": {
          "type": "number",
          "title": "API query row limit",
          "default": 5000,
          "hints": ["advanced"],
          "maximum": 2147483647,
          "exclusiveMaximum": false,
          "minimum": 1,
          "exclusiveMinimum": false,
          "multipleOf": 1
        },
        "changeApiQueryRowLimit": {
          "type": "number",
          "title": "Changes API query row limit",
          "default": 2000,
          "hints": ["advanced"],
          "maximum": 2147483647,
          "exclusiveMaximum": false,
          "minimum": 1,
          "exclusiveMinimum": false,
          "multipleOf": 1
        },
        "aclCommitAfter": {
          "type": "number",
          "title": "ACL solr commitWithin",
          "description": "When doing solr update to the acl collection, specify the commitWithin parameter to use when updating.",
          "default": 60000,
          "maximum": 2147483647,
          "exclusiveMaximum": false,
          "minimum": -2147483648,
          "exclusiveMinimum": false,
          "multipleOf": 1
        },
        "siteCollectionDeletionThreshold": {
          "type": "number",
          "title": "Site Collection Deletion Threshold",
          "description": "Site collections will be removed from the index after they are no longer available for this many hours. Set to 0 for immediate deletion. Default is 2 weeks.",
          "default": 336,
          "maximum": 2147483647,
          "exclusiveMaximum": false,
          "minimum": -2147483648,
          "exclusiveMinimum": false,
          "multipleOf": 1
        },
        "solrSocketTimeout": {
          "type": "number",
          "title": "Solr socket timeout",
          "description": "Socket timeout when performing solr operations.",
          "default": 60000,
          "maximum": 2147483647,
          "exclusiveMaximum": false,
          "minimum": -2147483648,
          "exclusiveMinimum": false,
          "multipleOf": 1
        },
        "moderationStatusFilter": {
          "type": "array",
          "title": "Moderation Status Filter",
          "description": "If specified, only index items with the following moderation statuses specified. Valid values are: 0 = The list item is approved, 1 = The list item has been denied approval, 2 = The list item is pending approval, 3 = The list item is in the draft or checked out state, 4 = The list item is scheduled for automatic approval at a future date.",
          "items": {
            "type": "number",
            "title": "Moderation Status Filter",
            "description": "If specified, only index items with the following moderation statuses specified. Valid values are: 0 = The list item is approved, 1 = The list item has been denied approval, 2 = The list item is pending approval, 3 = The list item is in the draft or checked out state, 4 = The list item is scheduled for automatic approval at a future date.",
            "enum": [0, 1, 2, 3, 4],
            "maximum": 2147483647,
            "exclusiveMaximum": false,
            "minimum": -2147483648,
            "exclusiveMinimum": false,
            "multipleOf": 1
          }
        },
        "fetchTaxonomies": {
          "type": "boolean",
          "title": "Fetch Taxonomies",
          "description": "Fetch Taxonomy data from sharepoint.",
          "default": false
        },
        "siteCollectionTaxonomyCacheSize": {
          "type": "number",
          "title": "Taxonomy Terms Cache Size",
          "description": "To make the connector faster, when the taxonomy terms for a site collection are needed, they are cached to avoid looking up from disk again. This is the size of that cache.",
          "default": 10,
          "hints": ["advanced"],
          "maximum": 10000,
          "exclusiveMaximum": false,
          "minimum": 1,
          "exclusiveMinimum": false,
          "multipleOf": 1
        },
        "fetchACLs": {
          "type": "boolean",
          "title": "Fetch ACLs",
          "description": "Fetch Access Control Data",
          "default": true,
          "hints": ["advanced"]
        },
        "asyncParsing": {
          "type": "boolean",
          "title": "Tika Async",
          "description": "Enable only if Tika Async is configured in the Fusion environment. Note: To enable async-parsing, check Core Properties -> Fetch Settings -> Async Parsing (since Fusion 5.8.0)",
          "default": false,
          "hints": ["advanced"]
        },
        "veryLargeGroups": {
          "type": "array",
          "title": "ACL ids with large group memberships",
          "description": "There are times when one or more groups may have huge group memberships which slows down security trimming. If you have any of these such groups, list them here and an optimized security trimming query will be used for improved performance.",
          "default": [],
          "hints": ["hidden"],
          "items": {
            "type": "string"
          }
        },
        "zkHosts": {
          "type": "string",
          "title": "Solr zk hosts string",
          "description": "Solr zk hosts string used for direct connections to solr.",
          "hints": ["advanced"]
        },
        "contentCommitAfter": {
          "type": "number",
          "title": "Content solr commitWithin",
          "description": "When doing solr update to the content collection, specify the commitWithin parameter to use when updating.",
          "default": 60000,
          "maximum": 2147483647,
          "exclusiveMaximum": false,
          "minimum": -2147483648,
          "exclusiveMinimum": false,
          "multipleOf": 1
        },
        "zkChroot": {
          "type": "string",
          "title": "Solr zk chroot string",
          "description": "Solr zk chroot string used for direct connections to solr.",
          "hints": ["advanced"]
        },
        "solrConnectionTimeout": {
          "type": "number",
          "title": "Solr connection timeout",
          "description": "Connection timeout when performing solr operations.",
          "default": 60000,
          "maximum": 2147483647,
          "exclusiveMaximum": false,
          "minimum": -2147483648,
          "exclusiveMinimum": false,
          "multipleOf": 1
        },
        "includedListBaseTypes": {
          "type": "array",
          "title": "Included List Base Types",
          "description": "If specified, the only SharePoint lists that will be fetched are the ones that match one of these base types. Accepts values (not case sensitive): [None, GenericList, DocumentLibrary, Unused, DiscussionBoard, Survey, Issue]",
          "items": {
            "type": "string"
          }
        },
        "includedObjectTypes": {
          "type": "array",
          "title": "Included SharePoint Object Types",
          "description": "If specified, only fetch specific SharePoint objects. SharePoint object types that can be specified (not case sensitive): [Site, List, List_Item, Folder, Attachment]",
          "items": {
            "type": "string"
          }
        },
        "builtInFieldNames": {
          "type": "array",
          "title": "Built-in field names",
          "description": "List of field names that will be skipped while indexing Sharepoint List Items",
          "default": ["_no_longer_used_"],
          "hints": ["hidden"],
          "items": {
            "type": "string",
            "minLength": 1
          }
        },
        "proxyProperties": {
          "type": "object",
          "title": "Proxy options",
          "description": "A set of options for configuring the proxy.",
          "required": [],
          "properties": {
            "username": {
              "type": "string",
              "title": "Proxy username",
              "description": "Proxy username",
              "minLength": 1
            },
            "password": {
              "type": "string",
              "title": "Proxy password",
              "description": "Proxy password",
              "hints": ["secret"],
              "minLength": 1
            },
            "url": {
              "type": "string",
              "title": "Proxy URL",
              "description": "The proxy URL",
              "minLength": 1
            }
          },
          "interfaces": ["com.lucidworks.fusion.connector.plugins.sharepoint.config.ProxyConfig$Properties"],
          "hints": ["advanced"]
        },
        "ntlmProperties": {
          "type": "object",
          "title": "NTLM Authentication settings",
          "required": [],
          "properties": {
            "user": {
              "type": "string",
              "title": "User",
              "description": "User",
              "minLength": 1
            },
            "password": {
              "type": "string",
              "title": "Password",
              "description": "Password",
              "hints": ["secret"],
              "minLength": 1
            },
            "domain": {
              "type": "string",
              "title": "Domain",
              "description": "Domain",
              "minLength": 1
            },
            "workstation": {
              "type": "string",
              "title": "Workstation",
              "description": "Workstation",
              "minLength": 1
            }
          },
          "interfaces": ["com.lucidworks.fusion.connector.plugins.sharepoint.config.SharepointNTLMConfig$Properties", "com.lucidworks.connector.components.httpclient.config.authentication.NTLMConfig$Properties", "com.lucidworks.connector.components.httpclient.config.authentication.AuthConfig$Properties"]
        },
        "sharepointOnlineAuthProperties": {
          "type": "object",
          "title": "SharePoint Online Authentication",
          "description": "Settings relevant only when crawling SharePoint online .",
          "required": ["userAgent"],
          "properties": {
            "account": {
              "type": "string",
              "title": "SharePoint Online Account",
              "description": "Your Microsoft SharePoint Online Account name which takes the form of username@domain.com",
              "minLength": 1
            },
            "password": {
              "type": "string",
              "title": "Password",
              "description": "Password for your Microsoft SharePoint Online Account.",
              "hints": ["secret"],
              "minLength": 1
            },
            "sessionExpirationMs": {
              "type": "number",
              "title": "Session expiration (ms)",
              "description": "How long in milliseconds before new SharePoint online authentication cookies should be fetched.",
              "default": 7200000,
              "maximum": 172800000,
              "exclusiveMaximum": false,
              "minimum": 1,
              "exclusiveMinimum": false,
              "multipleOf": 1
            },
            "userAgent": {
              "type": "string",
              "title": "User agent",
              "description": "The user agent header decorates the http traffic. This is important for preventing hard rate limiting by SharePoint Online.",
              "default": "ISV|Lucidworks|Fusion/5.x"
            },
            "capUserAgent": {
              "type": "string",
              "title": "CAP User agent",
              "description": "When \"O365 Conditional Access Policy (CAP) setting\" is enabled, we need to use a compliant User-Agent that matches one of the supported devices when doing O365 STS authentication. For example if iOS is a supported platform, set this to 'Mozilla/5.0 (iPhone; CPU iPhone OS 10_3_3 like Mac OS X) AppleWebKit/603.1.30 (KHTML, like Gecko) CriOS/60.0.3112.89 Mobile/14G60 Safari/602.1'",
              "maxLength": 4000,
              "minLength": 1
            },
            "appAuthClientId": {
              "type": "string",
              "title": "Azure AD Client ID",
              "description": "Applicable to SharePoint Online App-Auth Public/Private Service Account. The Azure client ID of your application.",
              "maxLength": 100,
              "minLength": 1
            },
            "appAuthPkcs12KeystoreBase64String": {
              "type": "string",
              "title": "Azure AD PKCS12 Base64 Keystore",
              "description": "Applicable to SharePoint Online App-Auth only. This is the base64 string of your PKCS12 keystore loaded with the PFX certificate file supplied by Azure AD. To get this value, first take the Azure AD yourcert.pfx you recieved from Azure and convert to PKCS12 keystore format (example \"keytool -importkeystore -srckeystore yourcert.pfx -srcstoretype pkcs12 -destkeystore yourcert.p12 -deststoretype pkcs12\"). Next convert yourcert.p12 to base64 string.",
              "hints": ["secret"],
              "maxLength": 10000,
              "minLength": 1
            },
            "appAuthPkcs12KeystorePassword": {
              "type": "string",
              "title": "Azure AD PKCS12 Keystore Password",
              "description": "Applicable to SharePoint Online App-Auth Public/Private Service Account. Password of the PKCS12 keystore.",
              "hints": ["secret"],
              "maxLength": 100,
              "minLength": 1
            },
            "appAuthClientSecret": {
              "type": "string",
              "title": "Azure AD Client Secret",
              "description": "Applicable to SharePoint Online OAuth App-Auth only. The Azure client ID of your application.",
              "hints": ["secret"],
              "maxLength": 100,
              "minLength": 1
            },
            "appAuthRefreshToken": {
              "type": "string",
              "title": "Azure AD Refresh Token",
              "description": "Applicable to SharePoint Online OAuth App-Auth only. This is a refresh token which is reusable for up to 12 hours. You must obtain a new tokenusing the OAuth login process if the token becomes expired.",
              "maxLength": 1000,
              "minLength": 1
            },
            "appAuthTenant": {
              "type": "string",
              "title": "Azure AD Tenant",
              "description": "Applicable to SharePoint Online App-Auth only. The Office365 tenant name to use when authenticating with Azure AD.",
              "maxLength": 2083,
              "minLength": 1
            },
            "appAuthAzureLoginEndpoint": {
              "type": "string",
              "title": "Azure AD Login Endpoint",
              "description": "Applicable to SharePoint Online App-Auth Public/Private Service Account. The Azure login endpoint to use when authenticating.",
              "default": "https://login.windows.net",
              "hints": ["advanced"],
              "maxLength": 2083,
              "minLength": 1
            },
            "jsAuthConfigJson": {
              "type": "string",
              "title": "JS Auth Config Json File",
              "description": "JS Auth config json file contains a list of WebCredential to do a web driver login process."
            },
            "jsAuthLoginUrl": {
              "type": "string",
              "title": "JS Auth Login Url",
              "description": "JS Auth Login Url to use when doing the login process."
            },
            "jsAuthSeleniumUrl": {
              "type": "string",
              "title": "JS Auth Selenium Grid URL",
              "description": "URL of the Selenium grid service to use while obtaining performing WebDriver auth to sharepoint online."
            }
          },
          "interfaces": ["com.lucidworks.fusion.connector.plugins.sharepoint.config.SharepointOnlineAuthConfig$Properties"]
        },
        "maximumItemLimitConfig": {
          "type": "object",
          "title": "Item Count Limit",
          "required": [],
          "properties": {
            "maxItems": {
              "type": "number",
              "title": "Maximum Output Limit",
              "description": "Limits the number of items emitted to the configured IndexPipeline. The default is no limit (-1).",
              "default": -1,
              "maximum": 2147483647,
              "exclusiveMaximum": false,
              "minimum": -2147483648,
              "exclusiveMinimum": false,
              "multipleOf": 1
            }
          },
          "interfaces": ["com.lucidworks.fusion.connector.plugin.api.config.MaximumItemLimitConfig$Properties"]
        },
        "sizeLimitProperties": {
          "type": "object",
          "title": "Item Size Limits",
          "description": "For documents which do not meet the maximum/minimum size limits, only metadata will be indexed without body.The documents will indicate reason why content is not indexed, with the field '_lw_contents_excluded_s: file size'",
          "required": [],
          "properties": {
            "maxSizeBytes": {
              "type": "number",
              "title": "Maximum",
              "description": "Used for excluding items when the item size is larger than the configured value.",
              "default": -1,
              "maximum": 2147483647,
              "exclusiveMaximum": false,
              "minimum": -2147483648,
              "exclusiveMinimum": false,
              "multipleOf": 1
            },
            "minSizeBytes": {
              "type": "number",
              "title": "Minimum",
              "description": "Used for excluding items when the item size is smaller than the configured value.",
              "default": 1,
              "maximum": 2147483647,
              "exclusiveMaximum": false,
              "minimum": -2147483648,
              "exclusiveMinimum": false,
              "multipleOf": 1
            }
          },
          "interfaces": ["com.lucidworks.fusion.connector.plugins.sharepoint.config.SizeLimitConfig$Properties"]
        },
        "fetchRetryProperties": {
          "type": "object",
          "title": "Retry Options",
          "description": "A set of options for configuring retry behavior.",
          "required": ["delayMs", "maxDelayTimeMs", "delayFactor"],
          "properties": {
            "delayMs": {
              "type": "number",
              "title": "Retry Delay",
              "description": "Sets the delay between retries, exponentially backing off to the maxDelayTimeMs and multiplying successive delays by the delayFactor",
              "default": 1000,
              "maximum": 9223372036854776000,
              "exclusiveMaximum": false,
              "minimum": 1,
              "exclusiveMinimum": false,
              "multipleOf": 1
            },
            "maxDelayTimeMs": {
              "type": "number",
              "title": "Maximum Delay Time",
              "description": "The maximum time wait time between successive retries.",
              "default": 300000,
              "maximum": 600000,
              "exclusiveMaximum": false,
              "minimum": 1,
              "exclusiveMinimum": false,
              "multipleOf": 1
            },
            "maxTimeLimitMs": {
              "type": "number",
              "title": "Maximum Time Limit",
              "description": "This setting is used to limit the maximum amount of time spent on retries. Note: this will be ignored if \"Maximum Retries\" is specified.",
              "default": 600000,
              "maximum": 28800000,
              "exclusiveMaximum": false,
              "minimum": 1,
              "exclusiveMinimum": false,
              "multipleOf": 1
            },
            "errorExclusions": {
              "type": "array",
              "title": "Error Exclusions",
              "description": "Optional regex list that will be matched against failed attempts exception class and message. If any regex matches, do not retry this request. This is needed to prevent the retryer from retrying non-recoverable errors that were not already ignored by the connector implementation.",
              "items": {
                "type": "string",
                "maxLength": 256,
                "minLength": 1
              }
            },
            "delayFactor": {
              "type": "number",
              "title": "Delay Factor",
              "description": "The retryer will retry failed operations in the case that they might succeed if attempted again. The retryer will sleep an exponential amount of time after the first failed attempt and retry in exponentially incrementing amounts after each failed attempt up to the maximumTime. nextWaitTime = exponentialIncrement * multiplier.",
              "default": 2,
              "maximum": 9999,
              "exclusiveMaximum": false,
              "minimum": 1,
              "exclusiveMinimum": false,
              "multipleOf": 1
            },
            "maxRetries": {
              "type": "number",
              "title": "Maximum Retries",
              "description": "The retryer will retry failed operations in the case that they might succeed if attempted again. This parameter states the number of attempts to retry until giving up. This parameter, if specified, will override the \"Stop retrying after time (milliseconds)\" parameter.",
              "default": 3,
              "maximum": 100,
              "exclusiveMaximum": false,
              "minimum": 0,
              "exclusiveMinimum": false,
              "multipleOf": 1
            }
          },
          "interfaces": ["com.lucidworks.fusion.connector.plugin.api.config.RetryConfig$Properties"]
        },
        "connections": {
          "type": "object",
          "title": "Http client options",
          "description": "A set of options for configuring the http client.",
          "required": ["maxPerRoute", "maxConnections"],
          "properties": {
            "maxConnections": {
              "type": "number",
              "title": "Max connections",
              "description": "The maximum number of connections",
              "default": 5000,
              "maximum": 2147483647,
              "exclusiveMaximum": false,
              "minimum": 1,
              "exclusiveMinimum": false,
              "multipleOf": 1
            },
            "maxPerRoute": {
              "type": "number",
              "title": "Max per route",
              "description": "Defines a connection limit per one HTTP route. In simple cases you can understand this as a per target host limit. Under the hood things are a bit more interesting: HttpClient maintains a couple of HttpRoute objects, which represent a chain of hosts each, like proxy1 -> proxy2 -> targetHost. Connections are pooled on per-route basis. In simple cases, when you're using default route-building mechanism and provide no proxy suport, your routes are likely to include target host only, so per-route connection pool limit effectively becomes per-host limit.",
              "default": 1000,
              "maximum": 2147483647,
              "exclusiveMaximum": false,
              "minimum": 1,
              "exclusiveMinimum": false,
              "multipleOf": 1
            },
            "ignoreSSLValidationExceptions": {
              "type": "boolean",
              "title": "Ignore SSL Validation Exceptions",
              "description": "Do not attempt to do an SSL Handshake and do not verify the hostname of SSL certificates. Use this when accessing an https url with a self-signed or enterprise certificate authority that you do not want to put in the Java keystore.",
              "default": false
            },
            "readTimeoutMs": {
              "type": "number",
              "title": "",
              "default": 60000,
              "maximum": 2147483647,
              "exclusiveMaximum": false,
              "minimum": -1,
              "exclusiveMinimum": false,
              "multipleOf": 1
            },
            "connectTimeoutMs": {
              "type": "number",
              "title": "",
              "default": 300000,
              "maximum": 2147483647,
              "exclusiveMaximum": false,
              "minimum": -1,
              "exclusiveMinimum": false,
              "multipleOf": 1
            }
          },
          "interfaces": ["com.lucidworks.fusion.connector.plugins.sharepoint.config.SharepointHttpClientConfig$Properties"],
          "hints": ["advanced"]
        },
        "debug": {
          "type": "object",
          "title": "Debug options",
          "description": "Special properties used for debugging the connector.",
          "required": [],
          "properties": {
            "onlyFetchAcls": {
              "type": "boolean",
              "title": "ACLs only crawl",
              "description": "Do a full crawl where we only crawl acls. Also - when the ACLs are all fully indexed, clear any old ACL documents from previous crawl(s) for this datasource. This gives you a fresh SharePoint ACLs without effecting the content.",
              "default": false
            },
            "logThreadDumpEveryNSeconds": {
              "type": "number",
              "title": "Write Thread Dump to Logs Every N Seconds",
              "description": "For diagnostic purposes, write a thread dump to logs every N seconds. If set <= 0, no dump is taken.",
              "default": -1,
              "maximum": 9999999,
              "exclusiveMaximum": false,
              "minimum": -1,
              "exclusiveMinimum": false,
              "multipleOf": 1
            },
            "simulate429ErrorsEveryNRequests": {
              "type": "number",
              "title": "Simulate rate limit error every N requests",
              "description": "If > 0, simulate a SharePoint 429 status (too-many-requests) error such that there will be one error per this many requests.",
              "default": -1,
              "maximum": 999999,
              "exclusiveMaximum": false,
              "minimum": -1,
              "exclusiveMinimum": false,
              "multipleOf": 1
            },
            "preserveFullExportDb": {
              "type": "boolean",
              "title": "Preserve full export DB",
              "description": "The list* tables are normally cleared prior to saving the crawl database. This gives option to leave these files for analysis. This parameter is ignored if using a persistent volume to store the crawl DB because the data will always be saved in that case.",
              "default": false
            },
            "onlyFetchMetadata": {
              "type": "boolean",
              "title": "Only Fetch Metadata",
              "description": "For diagnostic purposes, do a dry run where the connector will only generate the metadata sharepoint export database and index the ACL records in the ACL collection, but will not fetch content.",
              "default": false
            },
            "logAclInserts": {
              "type": "boolean",
              "title": "Log ACL Inserts",
              "description": "For diagnostic purposes, log all documents inserted into the ACL collection.",
              "default": false
            }
          },
          "interfaces": ["com.lucidworks.fusion.connector.plugins.sharepoint.config.DebugConfig$Properties"]
        },
        "security": {
          "type": "object",
          "required": [],
          "properties": {
            "collectionId": {
              "type": "string",
              "title": "ACL collection id",
              "description": "Id of the collection to be used for storing ACL records. If not specified, ACL collection name will be generated automatically using pattern '<datasource_id>_access_control_hierarchy'."
            }
          },
          "interfaces": ["com.lucidworks.fusion.connector.plugin.api.config.security.AccessControlConfig$Properties"]
        }
      },
      "interfaces": ["com.lucidworks.fusion.connector.plugins.sharepoint.config.SharepointConfig$Properties", "com.lucidworks.fusion.connector.plugins.sharepoint.config.SharepointNTLMConfig", "com.lucidworks.connector.components.httpclient.config.authentication.NTLMConfig", "com.lucidworks.fusion.connector.plugin.api.config.MaximumItemLimitConfig", "com.lucidworks.fusion.connector.plugin.api.config.RetryConfig", "com.lucidworks.fusion.connector.plugin.api.config.security.AccessControlConfig", "com.lucidworks.fusion.connector.plugins.sharepoint.config.SharepointHttpClientConfig", "com.lucidworks.connector.components.httpclient.config.authentication.AuthConfig", "com.lucidworks.fusion.connector.plugin.api.config.ConnectorPluginProperties", "com.lucidworks.fusion.connector.plugins.sharepoint.config.SharepointOnlineAuthConfig", "com.lucidworks.fusion.connector.plugins.sharepoint.config.ProxyConfig", "com.lucidworks.fusion.connector.plugins.sharepoint.config.SizeLimitConfig"]
    },
    "type_description": {
      "type": "string",
      "title": "Type Description",
      "default": "An Optimized Connector for SharePoint 2010, 2013, 2016, 2019 and SharePoint Online",
      "hints": ["hidden", "readonly"]
    }
  },
  "category": "SharePoint",
  "categoryPriority": 1
};

export const SchemaParamFields = ({schema}) => {
  const sanitize = str => {
    if (typeof str !== "string") return str;
    return str.replace(/^"(.*)"$/s, "$1").replace(/\\/g, "").replace(/"/g, "'");
  };
  const formatDescription = str => {
    const s = sanitize(str);
    return (/[.!?]\)*$/).test(s) ? s : `${s}.`;
  };
  const {description, properties = {}, required: requiredProps = []} = schema;
  const visibleProps = useMemo(() => Object.entries(properties).filter(([, prop]) => !prop.hints?.includes("hidden")), [properties]);
  return <div>
      {description && <p>{formatDescription(description)}</p>}

      {visibleProps.map(([name, prop]) => {
    const isRequired = requiredProps.includes(name);
    const hasDefault = prop.default !== undefined;
    const rawDefault = prop.default;
    const isComplexDefault = hasDefault && (typeof rawDefault === "object" || typeof rawDefault === "string" && (rawDefault.length > 20 || rawDefault.includes('"')));
    const fieldProps = {
      key: name,
      body: prop.title || name,
      type: prop.type,
      ...prop.title && ({
        post: [<><span className="text-stone-400 dark:text-stone-500">API property: </span>{name}</>]
      }),
      ...isRequired && ({
        required: true
      }),
      ...!isComplexDefault && hasDefault ? {
        default: sanitize(String(rawDefault))
      } : {}
    };
    const isObject = prop.type === "object" && prop.properties;
    const isArrayOfObjects = prop.type === "array" && prop.items?.type === "object" && prop.items.properties;
    return <ParamField {...fieldProps}>
            {prop.description && <p>{formatDescription(prop.description)}</p>}

            {isComplexDefault && <div className="flex">
                <p>
                  <strong>Default:</strong>
                </p>
                <pre className="!my-0">
                  <code>
                    {JSON.stringify(rawDefault, null, 2)}
                  </code>
                </pre>
              </div>}

            {isArrayOfObjects && <div className="flex">
              <p>
                <strong>Object attributes:</strong>
              </p>
              <pre className="!my-0">
                <code>
                  {'{\n'}
                  {Object.entries(prop.items.properties).map(([iname, iprop]) => <>
                      {`  ${iname}`}
                      {prop.items?.required?.includes(iname) && <span style={{
      color: 'red'
    }}> required</span>}
                      {`: {\n    display name: ${sanitize(iprop.title || '')}\n    type: ${iprop.type}\n  }\n`}
                    </>)}
                  {'}'}
                </code>
              </pre>
              </div>}

            {isObject && <Expandable title="properties">
                <SchemaParamFields schema={{
      properties: prop.properties,
      required: prop.required
    }} />
              </Expandable>}
          </ParamField>;
  })}
    </div>;
};

export const LwTemplate = ({title = "Key questions to get you started", icon = "sparkles", cta = "Powered by Agent Studio", linkHref = "https://lucidworks.com/demo/?utm_source=docs&utm_medium=referral&utm_campaign=docs_cta_ai"}) => {
  const [isLoaded, setIsLoaded] = useState(false);
  useEffect(() => {
    const timer = setTimeout(() => {
      setIsLoaded(true);
    }, 500);
    return () => clearTimeout(timer);
  }, []);
  return <div className="lw-template-container">
      <Card title={title} icon={icon}>
        {isLoaded && <span dangerouslySetInnerHTML={{
    __html: `<lw-template id="a029c1a9-28be-427e-b0e1-5d918920246a"></lw-template
            >`
  }} />}
        <Link href={linkHref} className="agent-studio-link text-left text-gray-600 gap-2 dark:text-gray-400 text-sm font-medium flex flex-row items-center hover:text-primary dark:hover:text-primary-light group-hover:text-primary group-hover:dark:text-primary-light">Powered by Lucidworks Agent Studio</Link>
      </Card>
    </div>;
};

[localhost link]: http://localhost:3000/docs/fusion-connectors/connectors/sharepoint-v2-optimized

[mintlify link]: https://doc.lucidworks.com/docs/fusion-connectors/connectors/sharepoint-v2-optimized

[old doc.lw link]: https://doc.lucidworks.com/fusion-connectors/3qqudu

<Callout icon="plug" color="#A4C6F7" iconType="solid">
  * **Latest version:** v2.1.0
  * **Compatible with Fusion version:** 5.9.1 and later
</Callout>

The SharePoint Optimized V2 connector supports fine-grained scoping and filtering, so teams can include only the content that matters. Security trimming ensures that users see only content they are authorized to access, which protects sensitive data and enforces compliance. This enables a secure, unified search experience across SharePoint and other enterprise systems.

This article provides an in-depth look at the SharePoint Optimized V2 connector, including business context, setup, use cases, and troubleshooting. It also includes the configuration specification, which fully describes the connector object for use with API operations.

<Warning>
  Microsoft is phasing out the Azure Access Control Service (ACS) authentication method, which uses the Client ID and Client Secret. This authentication method will stop working on April 2, 2026.

  If you are currently using the App-only (OAuth protocol) authentication method, you must take the following steps before April 2, 2026 to ensure your datasource configuration continues to work without interruption:

  1. Create a new app registration in the Azure Portal using Microsoft Entra ID authentication.
  2. Update your SharePoint connector configuration to use the App-only with private key (certificate-based) authentication method.

  For more information, see Microsoft's [Granting access using SharePoint App-Only](https://learn.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azureacs) documentation.
</Warning>

<LwTemplate />

## Prerequisites

* Access to a Fusion instance with the appropriate permissions to configure a data source.
* Supported SharePoint deployment (2010, 2013, 2016, 2019, or Online).
* A service account with site collection administrator rights for on-premises SharePoint.
* An app registration with the `Sites.FullControl.All` permission for SharePoint Online.
* Azure Active Directory app registration with required permissions (for SharePoint Online).

For details about required permissions, see the [Permissions](#required-sharepoint-permissions) section.

<Note>
  Verify your connector version

  This connector depends on specific Fusion versions. See the following table for the required versions:

  | Fusion version         | Connector version                                                                     | Notes                                                                                                         |
  | ---------------------- | ------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------- |
  | Fusion 5.9.1 and later | v2.0.0 and later                                                                      | Supports LDAP ACLs integrations and security trimming.                                                        |
  | Fusion 5.9.0           | v1.6.0 and later. Lucidworks recommends using the latest supported connector version. | Fusion 5.9.0 supports the v2.0.0 connector, but does not support LDAP ACLs integrations or security trimming. |
  | Fusion 5.6.1 and later | v1.1.0 through v1.6.0                                                                 | -                                                                                                             |
</Note>

## Business context

SharePoint is widely adopted for internal content collaboration, knowledge sharing, and structured document management. The SharePoint Optimized V2 connector supports use cases across knowledge management and business environments by making SharePoint content discoverable in Fusion.

### Knowledge management

Organizations use SharePoint as a central platform for storing and organizing internal knowledge, such as policies, training materials, and procedural documentation. With structured libraries, metadata tagging, and version control, teams can maintain accurate, searchable content. The connector brings this content into Fusion to support enterprise search, self-service portals, and role-based access to knowledge resources.

### B2B

In business-to-business contexts, SharePoint supports cross-functional collaboration, secure partner portals, and project documentation workflows. Companies use it to share content with clients, vendors, and internal stakeholders while maintaining strict access controls. The connector indexes this content for a unified search experience across departments or applications, enabling faster access to contracts, technical documents, or onboarding materials.

### B2C

SharePoint is not typically used for direct customer-facing experiences. However, B2C organizations often use it internally to support customer service, compliance, or product support operations. With the connector, teams can expose curated SharePoint content such as FAQs, internal product specifications, or support documentation through public or authenticated search interfaces managed in Fusion.

## How it works

The SharePoint Optimized V2 connector crawls and indexes structured content from SharePoint using its object model. SharePoint organizes data into a hierarchical structure that begins with a web application and includes site collections, sites, lists, folders, and list items. For an overview of this structure, see the [SharePoint object model](https://learn.microsoft.com/en-us/sharepoint/dev/sp-add-ins/get-a-quick-overview-of-the-sharepoint-object-model).

<img src="https://mintcdn.com/lucidworks/S4K1ej9-5L4WZcZ9/assets/images/5.11/spo-data-types.png?fit=max&auto=format&n=S4K1ej9-5L4WZcZ9&q=85&s=9c67635ed91162c40164a2007956f19e" alt="SharePoint data types" width="535" height="380" data-path="assets/images/5.11/spo-data-types.png" />

Each level of this hierarchy stores both metadata and content. For example:

* A **site collection** can contain multiple subsites, each with its own permissions and content.
* A **list** can store structured data like announcements or documents, with fields such as title, status, and date.
* A **list item** or **document** may contain file content and metadata, such as the file type, size, author, and version.

The connector uses this model to identify and extract documents and metadata during a crawl. It starts at a configured entry point such as a web application URL or specific site collection and traverses the hierarchy to gather content.

Access to SharePoint content is controlled by user-based permissions at each level of the hierarchy. SharePoint uses Access Control Lists (ACLs) to define which users or groups can view or manage specific content. These permissions may be inherited or explicitly set at the site, list, or item level.

The connector retrieves ACLs during the crawl and stores them with the indexed documents. When security trimming is enabled in Fusion, these permissions are enforced at query time to ensure users can only see documents they are authorized to access.

Content is stored in SharePoint databases, not directly exposed to external systems. The connector accesses this content through SharePoint APIs or Microsoft Graph, depending on configuration and authentication method. Retrieved data is sent to Fusion, where it is indexed and made searchable alongside other enterprise content sources.

## Set up

To index SharePoint content with Fusion, you must configure both the SharePoint environment and the connector. SharePoint must be accessible and properly permissioned, and the connector must be configured to authenticate, crawl, and index the desired content.

### Required SharePoint permissions

The SharePoint Optimized V2 connector requires specific permissions to index content across SharePoint sites effectively. These permissions must be granted before the connector can perform operations such as reading site data, accessing files, or collecting audit logs.

The following table lists the required permissions, along with detailed descriptions and use cases for each. Full indexing functionality, including support for all site collections and audit data, depends on granting the appropriate elevated permissions.

| Permission             | Description                                                                                  | Use case                                                                                                                      |
| ---------------------- | -------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------- |
| **Sites.Read.All**     | Grants read-only access to all SharePoint site collections and their content.                | Used by applications that need to enumerate sites, retrieve metadata, list items, or download files across all sites.         |
| **Sites.Manage.All**   | Provides full control over all site collections, excluding permission management.            | Enables applications to create, edit, and delete content such as list items and documents across all sites.                   |
| **Files.Read.All**     | Allows read-only access to all files stored in SharePoint and OneDrive document libraries.   | Used to access and download documents, attachments, and other file content across the organization.                           |
| **AuditLog.Read.All**  | Enables access to SharePoint audit logs for monitoring user and system activities.           | Used to analyze actions such as file edits, deletions, and permission changes for compliance and security auditing.           |
| **Sites.Selected**     | Allows access only to specific site collections explicitly granted by an administrator.      | Used to restrict application access to approved SharePoint sites, providing fine-grained control over data exposure.          |
| **User.Read**          | Permits access to basic profile information of the signed-in user, including name and email. | Used to personalize the user experience or perform operations on behalf of the authenticated user.                            |
| **Directory.Read.All** | Grants read access to the full directory of users, groups, and other directory objects.      | Used to look up user and group information for features like permissions mapping, people pickers, or organizational insights. |

<Danger>
  **FAQ**

  Why are Full Control permissions required?

  Full Control allows the connector to discover all site collections and content in SharePoint. Without it, the connector can only access content where it already has permission and may miss sites or documents.

  Granting Full Control does not allow the SharePoint Optimized V2 connector to take destructive actions such as deleting or modifying content. The permission is used strictly for discovery and indexing.

  For environments with data transfer security concerns, the SharePoint Optimized V2 connector can be deployed as a remote connector. This enables Fusion to index content stored behind firewalls without opening firewall ports or exposing internal systems.
</Danger>

### Prepare SharePoint

Before you configure the SharePoint Optimized V2 connector in Fusion, you must prepare your SharePoint environment. This section explains how to select an authentication method, assign the required permissions, and ensure access to the SharePoint content you intend to index.

### Configure the connector in Fusion

In Fusion, configure the SharePoint Optimized V2 connector to define the crawl scope, select an authentication method, and apply indexing settings. This setup enables Fusion to connect to SharePoint and index content securely and efficiently.

<Note>
  This section applies to the latest version of the SharePoint Optimized V2 connector. If you are using an earlier version, some settings may have different names, appear in different sections, or may not be available.
</Note>

### Core configurations

Use the following parameters to configure what the connector crawls, how it authenticates, and how it handles content updates. Parameters are grouped by category for clarity.

For full configuration options, see [Configuration specifications](#configuration).

#### Scope

These settings define what SharePoint content the connector includes in the crawl. You can configure it to crawl all site collections or only specific sites, lists, folders, or items.

To begin, specify the **Web Application URL**. This is the base URL of your SharePoint web application. All paths to site collections or items must be relative to this URL.

<img src="https://mintcdn.com/lucidworks/pcVooZE8fTjtTbXE/assets/images/connectors/sp-optimized-v2-web-app-config.png?fit=max&auto=format&n=pcVooZE8fTjtTbXE&q=85&s=54ba3064b5b6cb7f61b9aebe29ca1839" alt="SharePoint Optimized V2 Web application URL" width="1545" height="177" data-path="assets/images/connectors/sp-optimized-v2-web-app-config.png" />

By default, the connector discovers and crawls site collections under the specified web application. This requires administrative permissions.

<Note>
  In earlier versions of the SharePoint Optimized V2 connector, you had to enable **Fetch all site collections** to crawl all site collections. This setting was removed in v2.0.0 and later. If you are using an older version and see this option in your configuration, enable it to ensure all site collections are crawled.
</Note>

To crawl only a subset of content:

1. In the **Site Collection List**, provide a single site collection path.

   <img src="https://mintcdn.com/lucidworks/pcVooZE8fTjtTbXE/assets/images/connectors/sp-optimized-v2-site-colllection-list.png?fit=max&auto=format&n=pcVooZE8fTjtTbXE&q=85&s=a9f115b96316ab940a1b9be85f96cfc5" alt="SharePoint Optimized V2 site collection list" width="1545" height="270" data-path="assets/images/connectors/sp-optimized-v2-site-colllection-list.png" />
2. In **Restrict to specific SharePoint items**, enter one or more SharePoint URLs. You can copy these URLs directly from your browser.

The connector converts the specified URLs into inclusive regular expressions. Only matching content is included in the crawl.

#### Authentication

These settings define how the connector authenticates with SharePoint.

For on-premises SharePoint, use NTLM authentication.

<img src="https://mintcdn.com/lucidworks/pcVooZE8fTjtTbXE/assets/images/connectors/sp-optimized-v2-ntlm-auth-settings.png?fit=max&auto=format&n=pcVooZE8fTjtTbXE&q=85&s=9890c28099258c4ec4c55940c8e9c28b" alt="SharePoint Optimized V2 NTLM authentication" width="1545" height="207" data-path="assets/images/connectors/sp-optimized-v2-ntlm-auth-settings.png" />

For SharePoint Online, use app-only authentication with a private key, or assign a Site Collection Administrator who has sufficient crawl permissions.

#### Crawl behavior

These settings control how the connector detects content changes and whether it performs incremental or full crawls.

After the first successful full crawl, the connector uses incremental crawls by default. It relies on the SharePoint Changes API to detect and index added, updated, and deleted content. The connector tracks changes using a change token and removes deleted site collections.

To support incremental crawling, required fields prefixed with `lw` must remain in the indexed documents.

To force a full crawl, enable the **Force Full Crawl** setting. This disables incremental crawling and reindexes all content from scratch. It also clears any previous crawl state. This option is useful when resetting the crawl due to major changes.

Incremental crawling requires **Force Full Crawl** to remain disabled.

## Use cases

The SharePoint Optimized V2 connector supports a range of use cases for securely indexing and searching SharePoint content. This section highlights common deployment scenarios and configurations that help organizations meet security, compliance, and infrastructure requirements.

### Protect documents with security trimming

Security trimming ensures that users only see the content they are authorized to access when querying your SharePoint Optimized V2 datasource. It uses user roles and permissions to control document visibility. This feature requires the SharePoint Optimized V2 datasource to be used alongside an LDAP ACLs V2 datasource and a Graph Security Trimming query stage within the same app and collection.

Benefits of using security trimming include:

* Ensuring users only see documents they are authorized to access, maintaining data confidentiality.
* Reducing irrelevant search results by filtering content based on user permissions.
* Enhancing compliance with organizational security policies through integrated role-based access control.

Starting in Fusion 5.18.0, you can use a sidecar collection to store ACL documents separately from your content collection.

<Accordion title="Configure security trimming for SharePoint Optimized V2">
  {/* // https://lucidworks.atlassian.net/wiki/spaces/FPO/pages/2218524965/How+to+use+the+Graph+Security+Trimming#Use-the-Security-Trimming: */}

  You can configure the SharePoint Optimized V2 connector to use security trimming so that query results are filtered based on the roles and permissions assigned to the user.

  To configure security trimming, you need to set up and run a SharePoint Optimized V2 datasource, an LDAP ACLs V2 datasource, and a Graph Security Trimming query stage in the same app and collection.

  When a crawl is run, the SharePoint Optimized V2 and LDAP ACLs V2 datasources must index the content documents and ACL documents to the same collection.

  * **ACL documents**: Users, Groups, and their Role Assignments.
  * **Content documents**: The SharePoint objects with metadata and content (Sites, Lists, Items). These documents have `_lw_acl_ss` fields which determines who can see the docs when searching.

  ## Set up the SharePoint datasource

  1. Navigate to **Indexing > Datasources**.
  2. Install the datasource connector if not already installed.
  3. Click **Add** and select **SharePoint Optimized V2**.
  4. Fill in all required fields.
  5. Configure only one authentication method. Enable **NLTM Authentication Settings** or **SharePoint Online Authentication** and configure the fields as explained below.

  ### NTLM Authentication

  This method connects to SharePoint on-premises server instances, such as SharePoint Server 2013, 2016, and 2019.
  When using this authentication method, the connector will index `contentDocuments` and the following `aclDocuments`: `sharepointGroups`, `siteAdmins`, `roleDefinition`, and `roleAssignment`.

  To use this authentication method, in your **SharePoint Optimized V2** datasource, select the **NTLM Authentication Settings** checkbox and configure the following fields:

  * **User**
  * **Password**
  * **Domain**
  * **Workstation**

  ### SharePoint Online Authentication

  These methods connect to SharePoint Online server instances. When using one of these methods, the connector will index `contentDocuments` and the following `aclDocuments`: `sharepointGroups`, `siteAdmins`, `roleDefinition`, `roleAssignment` and `sharepointUsers` in which `loginName` ends with `onmicrosoft.com`.

  <Warning>
    Microsoft is phasing out the Azure Access Control Service (ACS) authentication method, which uses Client ID and Client Secret. This authentication method will stop working on April 2, 2026.

    If you are currently using the App-only (OAuth protocol) authentication method, you must take the following steps before April 2, 2026 to ensure your datasource configuration continues to work without interruption:

    1. Create a new app registration in the Azure Portal using Microsoft Entra ID authentication.
    2. Update your SharePoint connector configuration to use the App-only with private key (certificate-based) authentication method.

    For more information, see Microsoft's [Granting access using SharePoint App-Only](https://learn.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azureacs) documentation.
  </Warning>

  #### Basic

  To use this authentication method, in your **SharePoint Optimized V2** datasource, select the **SharePoint Online Authentication** checkbox and configure the following fields:

  * **SharePoint online account**
  * **Password**

  #### App only (OAuth protocol)

  <Warning>
    This authentication method uses Azure Access Control Service (ACS), which will stop working on April 2, 2026. Use **App-only with private key** (certificate-based authentication) instead.
  </Warning>

  To use this authentication method, in your **SharePoint Optimized V2** datasource, select the **SharePoint Online Authentication** checkbox and configure the following fields:

  * **Azure AD client ID**
  * **Azure AD tenant**
  * **Azure AD Client Secret**
  * **Azure AD login endpoint (advanced)**
  * **Azure AD Refresh Token (advanced)**

  #### App only with private key

  To use this authentication method, in your **SharePoint Optimized V2** datasource, select the **SharePoint Online Authentication** checkbox and configure the following fields:

  * **Azure AD client ID**
  * **Azure AD tenant**
  * **Azure AD login endpoint**
  * **Azure AD PKCS12 Base64 Keystore**
  * **Azure AD PKCS12 Keystore Password**

  ## Set up the LDAP datasource

  1. Navigate to **Indexing > Datasources**.
  2. Install the datasource connector if not already installed.
  3. Click **Add** and select **LDAP and Azure ACLs Connector (V2)**.
  4. Fill in all required fields.
  5. Configure authentication methods. Enter LDAP login credentials and/or enable **Azure AD Properties** and configure the fields as explained below.

  ### LDAP Authentication

  This method connects to an LDAP AD server. When using this method, the connector will index the following `aclDocuments`: `ldapUsers`, and `ldapGroups`.

  To use this authentication method, in your **LDAP and Azure ACLs Connector (V2)** datasource, configure the following fields:

  * **Login User Principal**
  * **Login Password**

  ### Azure AD Authentication

  This method connects to an Azure AD server. When using this method, the connector will index the following `aclDocuments`: `azureUsers`, and `azureGroups`

  To use this authentication method, in your **LDAP and Azure ACLs Connector (V2)** datasource, select the **Azure AD Properties** checkbox and configure the following fields:

  * **Azure AD Tenant ID**
  * **Azure AD Client ID**
  * **Azure AD Client Secret**

  ## Supported authentication methods for security trimming

  |                            | LDAP AD                                     | Azure AD                                                                |
  | -------------------------- | ------------------------------------------- | ----------------------------------------------------------------------- |
  | **SharePoint On-Premises** | NTLM Authentication and LDAP Authentication | NTLM Authentication and Azure AD Authentication                         |
  | **SharePoint Online**      | N/A                                         | Any SharePoint Online authentication method and Azure AD Authentication |

  {/* // Configure the [SharePoint Optimized V2 connector](/fusion-connectors/3qqudu/share-point-optimized-v-2) to send the access-control documents to the content collection (not to the acl-collection). The SharePoint Optimized V2 connector relies on the [LDAP ACLs V2 connector](/fusion-connectors/4selgx/ldap-ac-ls-v-2) to crawl LDAP Active Directory/Azure Active Directory. The SharePoint connector does not crawl active directory user/groups. */}

  {/* // Configure the [LDAP ACLs V2 connector](/fusion-connectors/4selgx/ldap-ac-ls-v-2) to only include the field `_lw_acl_ss` when the acl-collection is the same as the app collection. */}

  {/* // The LDAP ACLs V2 connector populates the solr_collection (the same used to index the SharePoint documents) that will be used in Graph Security Trimming queries. */}

  ## Configure ACL collection

  By default, SharePoint Optimized V2 and LDAP ACLs V2 datasources index the content documents and ACL documents to the same collection. Ensure both datasources use the same value, `contentCollection`, for the field **ACL Collection ID**.

  If you are using Fusion 5.18.0 or later, you may store ACL documents in a sidecar collection. You must also use SharePoint Optimized V2 and LDAP-ACLs V2 versions 2.0.0 or later to use a separate sidecar collection. Use a separate sidecar collection if you need to manage ACL data independently of the rest of your content.

  #### If using SharePoint-Optimized and LDAP-ACLs \< v2.0.0

  If you are using SharePoint Optimized V2 and LDAP-ACLs V2 versions before 2.0.0, you must store the content documents and ACL documents in the same collection. Update the **ACL Collection Id** in the datasource configuration.

  The SharePoint-Optimized and LDAP-ACLs datasources must index their `content_documents` and `acl_documents` to the same collection. Make sure the property **Security** -> **ACL Collection**  in both datasources have the same value. In both datasources, SharePoint-Optimized and LDAP-ACLs, check the property **Security** -> **ACL Collection Id** and make sure it points to the same content-collection.

  1. Navigate to **Indexing > Datasources**.
  2. Open your SharePoint Optimized V2 or LDAP ACLs V2 datasource.
  3. Under **Security**, update the configuration to use `contentCollection` as the **ACL Collection ID**.

       <img src="https://mintcdn.com/lucidworks/VKnUHJXP6sWH55ak/assets/images/5.8/sharepointConfigGraphSec.png?fit=max&auto=format&n=VKnUHJXP6sWH55ak&q=85&s=ad02d6bef7e2b7465f2a747caf0b5c82" alt="Datasource config for Fusion 5.8 with Graph Security Trimming" width="1944" height="980" data-path="assets/images/5.8/sharepointConfigGraphSec.png" />

     <Tip>   The **Security** checkbox must be checked for this field to appear.</Tip>
  4. Save the configuration.

  Repeat this process for all required datasources.

  #### If using SharePoint-Optimized and LDAP-ACLs >= v2.0.0 with the same collection

  Recreate or update the datasources. If only updated, it is not possible to go back to the configuration of a previous plugin version.

  By default, the LDAP-ACLs and SharePoint-Optimized V2 datasources index the `content_documents` and `acl_documents` to the same collection.

  1. Navigate to **Indexing > Datasources**.
  2. Open your SharePoint Optimized V2 or LDAP ACLs V2 datasource.
  3. Under **Graph Security Filtering Configuration**, select **Enable security trimming**.

  Repeat this process for all required datasources.

  #### If using SharePoint-Optimized and LDAP-ACLs >= v2.0.0 with a sidecar collection

  <Note>
    Using a sidecar collection for ACL documents requires Fusion 5.18.0 or later.
  </Note>

  Recreate or update the datasources. If only updated, it is not possible to go back to the configuration of a previous plugin version.

  1. Create a dedicated ACL collection (for example, `acl_collection`).
  2. Navigate to **Indexing > Datasources**.
  3. Open your SharePoint Optimized V2 or LDAP ACLs datasource.
  4. Under **Security**, set **ACL Collection ID** to your ACL collection name (for example, `acl_collection`).
  5. Under **Graph Security Filtering Configuration**, select **Enable security trimming**.
  6. Save your changes.

  If you are transitioning from using the same collection to creating a sidecar collection for ACLs, you must run a full recrawl of your datasource so the ACLs route to the sidecar collection. ACL documents stored in the content collection from before the migration remain in the content collection unless the collection is reindexed or manually cleaned.

  After configuring your datasource, you must reference the ACL collection in the graph security trimming query stage.

  ## Set up Graph Security Trimming

  A [Graph Security Trimming stage](/docs/5/fusion/reference/config-ref/pipeline-stages/query-stages/security-trimming-graph-query-stage) is used to pull all nested groups for a user. Then the Solr join query takes those ACL IDs found in the graph query and filters out everything that does not match one of the ACLs.

  1. Navigate to **Querying** > **Query Pipelines**.

  2. Open the query pipeline associated with your SharePoint Optimized V2 or LDAP ACLs V2 data.

  3. Click **Add a new pipeline stage** and select **Graph Security Trimming**.

  4. Configure the stage with the following settings:

     |                    |                                   |
     | ------------------ | --------------------------------- |
     | Field              | Value                             |
     | **User ID source** | `query_param` or `header`         |
     | **User ID key**    | The key that contains the User ID |

  5. If you are using Fusion 5.9.3 or earlier, configure the following additional fields, which were removed in Fusion 5.9.4:

  | Field                   | Value               |
  | ----------------------- | ------------------- |
  | **ACL solr collection** | `contentCollection` |
  | **Join method**         | `topLevelDV`        |
  | **Join Field**          | `_lw_acl_ss`        |

  6. If you are using a sidecar collection in Fusion 5.18.0 or later that contains your access control lists, configure the following additional fields, replacing `acl_collection` with the name of your dedicated ACL collection:

  | Field                   | Value             |
  | ----------------------- | ----------------- |
  | **ACL solr collection** | `acl_collection`  |
  | **Join method**         | `crossCollection` |
  | **Join Field**          | `id`              |

  7. Save your changes.

  ## Test the configuration

  To confirm that security trimming works as configured, run the following test:

  1. First, run the SharePoint Optimized V2 and LDAP ACLs V2 datasources.
  2. Run a series of queries to test user permissions are working as intended:
     1. Run a query using a User ID key with no permissions. You should see no search results.
     2. Run a query using a User ID key that has access to some documents. You should see some search results.
     3. Run a query using a User ID key that has access to all documents. You should see all documents.

        <Note>      Facet by `_lw_document_type_s: contentDocument` to see only the SharePoint docs, otherwise aclDocuments will be also shown.</Note>
</Accordion>

### Index data behind firewalls

You can configure the SharePoint Optimized V2 Connector v2.0.0 and later to run remotely.

This setup lets Fusion index content stored behind firewalls without exposing internal systems or opening firewall ports. It helps protect sensitive data, supports compliance, and enables unified search across cloud and on-premises sources.

Fusion uses gRPC over HTTP/2 to connect on-premises remote connectors to Fusion clusters.

For more information, see [Remote V2 connectors](/docs/fusion-connectors/developers/remote-v2-connectors).

<Accordion title="Configure remote V2 connectors" icon="star" iconType="solid" color="#0000FF">
  If you need to index data from behind a firewall, you can configure a V2 connector to run remotely on-premises using TLS-enabled gRPC.

  ## Prerequisites

  Before you can set up an on-prem V2 connector, you must configure the egress from your network to allow HTTP/2 communication into the Fusion cloud. You can use a [forward proxy server](#egress-and-proxy-server-configuration) to act as an intermediary between the connector and Fusion.

  The following is required to run V2 connectors remotely:

  * The [plugin zip file and the connector-plugin-standalone JAR](https://plugins.lucidworks.com/).
  * A configured connector backend gRPC endpoint.
  * Username and password of a user with a `remote-connectors` or `admin` role.
  * If the host where the remote connector is running is not configured to trust the server’s TLS certificate, you must configure the file path of the trust certificate collection.

  <Note>If your version of Fusion doesn’t have the `remote-connectors` role by default, you can create one. No API or UI permissions are required for the role.</Note>

  ## Connector compatibility

  Only V2 connectors are able to run remotely on-premises.
  You also need the remote connector client JAR file that matches your Fusion version.
  You can download the latest files at [V2 Connectors Downloads](/docs/fusion-connectors/downloads/v2-connectors-downloads).

  <Note>Whenever you upgrade Fusion, you must also update your remote connectors to match the new version of Fusion.</Note>

  The gRPC connector backend is not supported in Fusion environments deployed on AWS.

  ## System requirements

  The following is required for the on-prem host of the remote connector:

  * (Fusion 5.9.0-5.9.10) JVM version 11
  * (Fusion 5.9.11) JVM version 17
  * Minimum of 2 CPUs
  * 4GB Memory

  Note that memory requirements depend on the number and size of ingested documents.

  ## Enable backend ingress

  In your `values.yaml` file, configure this section as needed:

  ```yaml theme={"dark"}
  ingress:
    enabled: false
    pathtype: "Prefix"
    path: "/"
    #host: "ingress.example.com"
    ingressClassName: "nginx"   # Fusion 5.9.6 only
    tls:
      enabled: false
      certificateArn: ""
      # Enable the annotations field to override the default annotations
      #annotations: ""
  ```

  * Set `enabled` to `true` to enable the backend ingress.
  * Set `pathtype` to `Prefix` or `Exact`.
  * Set `path` to the path where the backend will be available.
  * Set `host` to the host where the backend will be available.
  * In Fusion 5.9.6 *only*, you can set `ingressClassName` to one of the following:
    * `nginx` for Nginx Ingress Controller
    * `alb` for AWS Application Load Balancer (ALB)
  * Configure TLS and certificates according to your CA’s procedures and policies.

    <Note>  TLS must be enabled in order to use AWS ALB for ingress.</Note>

  ## Connector configuration example

  ```yaml theme={"dark"}
  kafka-bridge:
    target: mynamespace-connectors-backend.lucidworkstest.com:443 # mandatory
    plain-text: false # optional, false by default.  
      proxy-server: # optional - needed when a forward proxy server is used to provide outbound access to the standalone connector
      host: host
      port: some-port
      user: user # optional
      password: password # optional
    trust: # optional - needed when the client's system doesn't trust the server's certificate
      cert-collection-filepath: path1

  proxy: # mandatory fusion-proxy
    user: admin
    password: password123
    url: https://fusiontest.com/ # needed only when the connector plugin requires blob store access

  plugin: # mandatory
    path: ./fs.zip
    type: #optional - the suffix is added to the connector id
      suffix: remote
  ```

  ### Minimal example

  ```yaml theme={"dark"}
  kafka-bridge:
    target: mynamespace-connectors-backend.lucidworkstest.com:443

  proxy:
    user: admin
    password: "password123"

  plugin:
    path: ./testplugin.zip
  ```

  ### Logback XML configuration file example

  ```xml theme={"dark"}
  <configuration>
      <appender name="CONSOLE" class="ch.qos.logback.core.ConsoleAppender">
          <encoder class="com.lucidworks.logging.logback.classic.LucidworksPatternLayoutEncoder">
              <pattern>%d - %-5p [%t:%C{3.}@%L] - %m{nolookups}%n</pattern>
              <charset>utf8</charset>
          </encoder>
      </appender>

      <appender name="FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
          <file>${LOGDIR:-.}/connector.log</file>
          <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
              <!-- rollover daily -->
              <fileNamePattern>${LOGDIR:-.}/connector-%d{yyyy-MM-dd}.%i.log.gz</fileNamePattern>
              <maxFileSize>50MB</maxFileSize>
              <totalSizeCap>10GB</totalSizeCap>
          </rollingPolicy>
          <encoder class="com.lucidworks.logging.logback.classic.LucidworksPatternLayoutEncoder">
              <pattern>%d - %-5p [%t:%C{3.}@%L] - %m{nolookups}%n</pattern>
              <charset>utf8</charset>
          </encoder>
      </appender>

      <root level="INFO">
          <appender-ref ref="CONSOLE"/>
          <appender-ref ref="FILE"/>
      </root>
  </configuration>
  ```

  ## Run the remote connector

  ```java theme={"dark"}
  java [-Dlogging.config=[LOGBACK_XML_FILE]] \
    -jar connector-plugin-client-standalone.jar [YAML_CONFIG_FILE]
  ```

  The `logging.config` property is optional. If not set, logging messages are sent to the console.

  ## Test communication

  You can run the connector in communication testing mode. This mode tests the communication with the backend without running the plugin, reports the result, and exits.

  ```java theme={"dark"}
  java -Dstandalone.connector.connectivity.test=true -jar connector-plugin-client-standalone.jar [YAML_CONFIG_FILE]
  ```

  ## Encryption

  In a deployment, communication to the connector’s backend server is encrypted using TLS. You should only run this configuration without TLS in a testing scenario. To disable TLS, set `plain-text` to `true`.

  ## Egress and proxy server configuration

  One of the methods you can use to allow outbound communication from behind a firewall is a proxy server. You can configure a proxy server to allow certain communication traffic while blocking unauthorized communication. If you use a proxy server at the site where the connector is running, you must configure the following properties:

  * **Host.** The hosts where the proxy server is running.
  * **Port.** The port the proxy server is listening to for communication requests.
  * **Credentials.** Optional proxy server user and password.

  When you configure egress, it is important to disable any connection or activity timeouts because the connector uses long running gRPC calls.

  ## Password encryption

  If you use a login name and password in your configuration, run the following utility to encrypt the password:

  1. Enter a user name and password in the [connector configuration YAML](#configuration).

  2. Run the standalone JAR with this property:

     ```java theme={"dark"}
     -Dstandalone.connector.encrypt.password=true
     ```

  3. Retrieve the encrypted passwords from the log that is created.

  4. Replace the clear password in the configuration YAML with the encrypted password.

  ## Connector restart (5.7 and earlier)

  The connector will shut down automatically whenever the connection to the server is disrupted, to prevent it from getting into a bad state. Communication disruption can happen, for example, when the server running in the `connectors-backend` pod shuts down and is replaced by a new pod. Once the connector shuts down, connector configuration and job execution are disabled. To prevent that from happening, you should restart the connector as soon as possible.

  You can use Linux scripts and utilities to restart the connector automatically, such as [Monit](https://mmonit.com/monit/).

  ## Recoverable bridge (5.8 and later)

  If communication to the remote connector is disrupted, the connector will try to recover communication and gRPC calls. By default, six attempts will be made to recover each gRPC call. The number of attempts can be configured with the `max-grpc-retries` bridge parameters.

  ## Job expiration duration (5.9.5 only)

  The timeout value for irresponsive backend jobs can be configured with the `job-expiration-duration-seconds` parameter. The default value is `120` seconds.

  ## Use the remote connector

  Once the connector is running, it is available in the Datasources dropdown. If the standalone connector terminates, it disappears from the list of available connectors. Once it is re-run, it is available again and configured connector instances will not get lost.

  ## Enable asynchronous parsing (5.9 and later)

  To separate document crawling from document parsing, enable Tika Asynchronous Parsing on remote V2 connectors.
</Accordion>

### API operations

This section provides a simple example of how to use the Connectors API to list available connector plugins, demonstrating how to interact with the API to discover which datasources are supported.

For more detailed examples, including full request and response payloads and the configuration specification used with the SharePoint Optimized V2 connector, see the [Connector APIs documentation](/api-reference/datasource-configuration-v2-api/list-all-v2-datasources).

#### Get all available connectors

**Request**

```bash wrap  theme={"dark"}
curl -u USERNAME:PASSWORD https://FUSION_HOST:FUSION_PORT/api/connectors/plugins
```

**Response**

```json wrap  expandable  theme={"dark"}
[{
  "type": "lucidworks.rest",
  "state": "DEPLOYED"
}, {
  "type": "lucidworks.web-v2",
  "state": "DEPLOYED"
}, {
  "type": "lucidworks.kaltura",
  "state": "DEPLOYED"
}, {
  "type": "lucidworks.gcs",
  "state": "DEPLOYED"
}, {
  "type": "lucidworks.sharepoint-optimized",
  "state": "DEPLOYED"
}, {
  "type": "lucidworks.file-upload",
  "state": "DEPLOYED"
}, {
  "type": "lucidworks.ldap-acls",
  "state": "DEPLOYED"
}, {
  "type": "lucid.servicenow",
  "state": "DEPLOYED"
}, {
  "type": "lucid.fileupload",
  "state": "DEPLOYED"
}, {
  "type": "lucid.web",
  "state": "DEPLOYED"
}]
```

## Troubleshooting

This section describes known limitations and configuration requirements for the SharePoint Optimized V2 Connector. Each issue includes the observed behavior, the expected behavior, and the impact to users.

### Connector runs on multiple pods

The SharePoint Optimized V2 Connector does not support running on more than one pod. If multiple instances run at the same time, they may try to index the same content, which can cause duplication, crawl errors, or inconsistent results. The connector is designed to run as a single instance. To ensure reliable indexing, deploy the connector on only one pod.

This means you should only run one copy of the connector. Keeping it to one copy helps everything work correctly.

### Connector version compatibility

If you use the SharePoint Optimized V2 Connector with an ACL connector, make sure the versions are compatible. Incompatible versions can prevent document-level access controls from being applied correctly. This can result in users seeing content they shouldn’t or missing content they should be able to access. To avoid access issues, use only supported combinations of the SharePoint and ACL connectors.

Check version compatibility in [Prerequisites](#connector-version-compatibility).

For details about crawls and incremental crawls see [Crawl using the SharePoint Optimized V2 connector](#more-resources).

### Avoid throttling and rate limiting in SharePoint Online

SharePoint Online enforces rate limits to protect its APIs. When that happens, it tells the connector to slow down by sending error messages. When the connector sends too many requests in parallel, SharePoint may respond with `429 Too Many Requests` or `503 Server Too Busy` errors. These indicate that the service is temporarily rejecting traffic due to overload.

To avoid these errors, reduce the number of concurrent requests. In the connector configuration, go to **Core Properties > Fetch Settings** and lower the **Fetch Threads** value. Also consider reducing the number of connector jobs running at the same time.

<img src="https://mintcdn.com/lucidworks/pcVooZE8fTjtTbXE/assets/images/connectors/sp-optimized-v2-fetch-settings.png?fit=max&auto=format&n=pcVooZE8fTjtTbXE&q=85&s=7ddba7e93184bedd42ececce97eab548" alt="SharePoint Optimized V2 Fetch settings" width="1545" height="511" data-path="assets/images/connectors/sp-optimized-v2-fetch-settings.png" />

The connector includes an automatic retry mechanism with exponential backoff to help recover from throttling. You can adjust this behavior in the **Retry Options** section by modifying settings such as **Maximum Retries**, **Delay Factor**, **Retry Delay**, and **Maximum Delay Time**.

<img src="https://mintcdn.com/lucidworks/pcVooZE8fTjtTbXE/assets/images/connectors/sp-optimized-v2-retry-options.png?fit=max&auto=format&n=pcVooZE8fTjtTbXE&q=85&s=558d0946934e58456e0c7e623d2150f6" alt="SharePoint Optimized V2 retry options" width="1545" height="322" data-path="assets/images/connectors/sp-optimized-v2-retry-options.png" />

<Note>
  Retries help with occasional limits, but persistent `429` or `503` errors mean you’re sending too much traffic. Reduce request volume first. Only use retries to improve resilience, not to bypass throttling.
</Note>

## More resources

For more information on how to plan, install, and configure the SharePoint Optimized V2 connector:

* [Overview of SharePoint and SharePoint Online connectors](/docs/fusion-connectors/concepts/sharepoint). Learn about the available SharePoint connectors and how they compare.
* [Download Connectors](/docs/fusion-connectors/downloads/v2-connectors-downloads). Get the latest version of the SharePoint Optimized V2 connector package.
* **Install or update a connector**. Follow step-by-step instructions to install a connector into Fusion.
* **Crawl using the SharePoint Optimized V2 connector**. Configure and run crawls using scoped collections, inclusion filters, and other crawl settings.

<AccordionGroup>
  <Accordion title="Install or update a connector">
    When you create a new datasource that requires an uninstalled connector, Fusion releases 5.2 and later automatically download and install the connector using the [Datasources dropdown](#install-a-connector-using-the-datasources-dropdown). You can also update the connector using the [Blob Store UI](#install-or-update-a-connector-using-the-blob-store-ui) or via the [Connector API](#install-or-update-a-connector-using-the-connector-api).

    ## Install a connector using the Datasources dropdown

    1. In your Fusion app, navigate to **Indexing** > **Datasources**.
    2. Click **Add**.
    3. In the list of connectors, scroll down to the connectors marked **Not Installed** and select the one you want to install.\
       Fusion automatically downloads it and moves it to the list of installed connectors.

    After you install a connector, you can Configure a New Datasource.

    <Tip>You can view and download all current and previous V2 connector releases at [Download Connectors](/docs/fusion-connectors/downloads/v2-connectors-downloads).</Tip>

    ## Install or update a connector using the Blob Store UI

    1. Download the connector zip file from [Download V2 connectors](/docs/fusion-connectors/downloads/v2-connectors-downloads).
       <Note>   Do not expand the archive; Fusion consumes it as-is.</Note>
    2. In your Fusion app, navigate to **System** > **Blobs**.
    3. Click **Add**.
    4. Select **Connector Plugin**.
           <img src="https://mintcdn.com/lucidworks/5yWZ-KtZuBe4Y_Fg/assets/images/4.0/blobs-add-connector.png?fit=max&auto=format&n=5yWZ-KtZuBe4Y_Fg&q=85&s=c021b250a83011d5f0af0dacd2d9a2fb" alt="Add a connector" width="2448" height="1042" data-path="assets/images/4.0/blobs-add-connector.png" />
       The "New Connector Plugin Upload" panel appears.
    5. Click **Choose File** and select the downloaded zip file from your file system.
           <img src="https://mintcdn.com/lucidworks/5yWZ-KtZuBe4Y_Fg/assets/images/4.0/blobs-connector-upload.png?fit=max&auto=format&n=5yWZ-KtZuBe4Y_Fg&q=85&s=8088bf62ac29e56ec5d67192a9a5b474" alt="Upload a connector" width="2454" height="1029" data-path="assets/images/4.0/blobs-connector-upload.png" />
    6. Click **Upload**.
       The new connector’s blob manifest appears.
           <img src="https://mintcdn.com/lucidworks/5yWZ-KtZuBe4Y_Fg/assets/images/4.0/blobs-edit.png?fit=max&auto=format&n=5yWZ-KtZuBe4Y_Fg&q=85&s=3e9922a16d5c702f2efa9cb8be63cb0e" alt="Uploaded connector" width="2454" height="1030" data-path="assets/images/4.0/blobs-edit.png" />
       From this screen you can also delete or replace the connector.

    <Warning>
      Wait several minutes for the connector to finish uploading to the blob store before installing the connector using the [Datasources dropdown](#install-a-connector-using-the-datasources-dropdown).
    </Warning>

    ## Install or update a connector using the Connector API

    1. Download the connector zip file from [Download V2 connectors](/docs/fusion-connectors/downloads/v2-connectors-downloads).

       <Note>   Do not expand the archive; Fusion consumes it as-is.</Note>
    2. Upload the connector zip file to Fusion’s plugins.
       Specify a `pluginId` as in this example:
       ```
       curl -H 'content-type:application/zip' -u USERNAME:PASSWORD -X PUT 'https://FUSION_HOST:FUSION_PORT/api/connectors/plugins?id=lucidworks.{pluginId}' --data-binary @{plugin_path}.zip
       ```
       Fusion automatically publishes the event to the cluster, and the listeners perform the connector installation process on each node.
           <Tip>
             If the `pluginId` is identical to an existing one, the old connector will be uninstalled and the new connector will be installed in its place. To get the list of existing plugin IDs, run: `curl -u USERNAME:PASSWORD https://FUSION_HOST:FUSION_PORT/api/connectors/plugins`
           </Tip>
    3. Look in `https://FUSION_HOST:FUSION_PORT/apps/connectors/plugins/` to verify the new connector is installed.

    ## Reinstall a connector

    To reinstall a connector for any reason, first delete the connector then use the preceding steps to install it again. This may take a few minutes to complete depending on how quickly the pods are deleted and recreated.
  </Accordion>

  <Accordion title="Crawl using the SharePoint Optimized V2 connector">
    ## Decide what you need to crawl

    First understand the different types of objects in SharePoint.

    [Get a quick overview of the SharePoint object model](link:https://learn.microsoft.com/en-us/sharepoint/dev/sp-add-ins/get-a-quick-overview-of-the-sharepoint-object-model)

    You have to choose what you want to crawl.

    <img src="https://mintcdn.com/lucidworks/S4K1ej9-5L4WZcZ9/assets/images/5.11/spo-data-types.png?fit=max&auto=format&n=S4K1ej9-5L4WZcZ9&q=85&s=9c67635ed91162c40164a2007956f19e" alt="SharePoint data types" width="535" height="380" data-path="assets/images/5.11/spo-data-types.png" />

    ### Crawl all site collections

    <Note>This option is only available if you crawl with administrative permissions as listing all site collections in the web application requires administrative access.</Note>

    In the Fusion UI, specify the **Web Application URL** to your SharePoint web application and check **Fetch all site collections**.

    This will now list all site collections and crawl them one at a time.

    ### Crawl a subset of site collections

    Do not check the **Fetch all site collections** checkbox and list each site collection you wish to crawl.

    Specify each site collection relative to the **Web Application URL**.

    ### Crawl a subset of sites, lists, or list items (URLs)

    You can also limit your crawl to only crawl specific sites, lists, folders, files, or list items.

    You will specify a single site collection in the Site Collection List as in the previous example.

    Then you can **Restrict to specific SharePoint items**. Copy and paste the URL of the resource from the browser into this list of items.

    When crawling, the connector will convert the URLs specified into inclusive regular expressions.

    ## Decide how you would like to authenticate

    With SharePoint, there are multiple options when it comes to authenticating.

    ### On-premise - NTLM

    Specify using the **NTLM Authentication Settings** in the Fusion UI.

    ### SharePoint Online authentication options

    When using the SharePoint Online connector, several options exist for authenticating.

    #### SharePoint Site Collection Administrator

    <Warning>Using a SharePoint service account is not recommended as the account type confers several configurable permissions which are too powerful and broad for the scope of a crawl.</Warning>

    You can create and promote a user to Site Collection Administrator for a specific site. Promoting a user to Site Collection Administrator grants all necessary permissions for a crawl, without granting broader administrative control over the entirety of the SharePoint environment. Administrators can be monitored and have their access revoked through the SharePoint Admin Center, mitigating potential security risks.

    For more information on SharePoint site administration, see the [SharePoint documentation](https://learn.microsoft.com/en-us/sharepoint/manage-site-collection-administrators).

    #### App-only authentication - Azure AD with private key

    This method of authentication is the most commonly used. It requires giving the application key **Full Control** permission, otherwise you get security authorization errors while crawling.

    <Note>The `username` field is mandatory. If using app-only authentication, you can use a fake value in this field, for example `xxx@lucidworks.com`.</Note>

    Enter in the UI:

    * Client ID
    * PFX key (in base 64 format)
    * PFX key password
    * Tenant

    #### App-only authentication - Azure AD with OAuth

    <Warning>
      This authentication method uses Azure Access Control Service (ACS), which will stop working on April 2, 2026. Use the app-only with private key method (certificate-based authentication) instead.
    </Warning>

    This method of authentication is also commonly used. It requires giving the application key **Full Control** permission, otherwise you get security authorization errors while crawling.

    <Note>The `username` field is mandatory. If using app-only authentication, you can use a fake value in this field, for example `xxx@lucidworks.com`.</Note>

    Enter in the UI:

    * Client ID
    * Client Secret
    * Tenant

    ## Understanding incremental crawls

    After you have performed your first successful full crawl (no blocking errors), all subsequent crawls are incremental crawls.

    Incremental crawls use SharePoint’s Changes API to do the following:

    * For each site collection, use the change token (timestamp) to get all changes since the full crawl was started:
      * Additions
      * Updates
      * Deletions

    If you are crawling with **Fetch all site collections** checked, the incremental crawl also detects when a site collection itself was deleted and removes it from your index.

    <Note>During incremental crawl, all fields with the *lw* prefix must remain in the content documents. Failure to do so results in incremental crawls not working as expected. If you are going to filter on fields, leave the *lw* fields as-is.</Note>

    ## Force full crawl

    To perform incremental crawls, the **Force Full Crawl** property must be disabled, which it is by default

    If a crawl starts, and **Force Full Crawl** is enabled, incremental crawl behavior is skipped and instead a full crawl is performed:

    * MapDb tables are recreated and previously persisted data is deleted.
    * The plugin performs the requests of all SharePoint objects just like the first crawl.
    * All sharepoint-items are reindexed.
    * Given incremental crawl is skipped, changes with `delete` are not detected and documents deleted from the SharePoint server are not removed from the index, resulting in orphaned documents.

    Be aware for SharePoint Optimized V2 connector \<v2.0.0:

    * After a first crawl, MapDb information is persisted in PVC if configured, otherwise it is saved in the `/tmp` path.
    * If PVC is configured in the environment and you need to perform full-crawls from scratch:
      * Clear the datasource as it also removes MapDb.
    * If PVC is not configured and it is needed to perform full crawls from scratch:
      * Clearing the datasource does not remove the MapDb saved in the `/tmp` path from a previous crawl.
      * Enable the **Force Full Crawl** property, as this forces MapDb files to be removed.

    Since SharePoint Optimized V2 connector v2.0.0, to perform full-crawls from scratch:

    * Clear the datasource and enable the full-crawl property.
    * It does not matter if PVC is configured or not, as MapDb information is not persisted by the plugin.

    ## Crawl or incremental crawl and MapDb

    At crawl time, MapDb is used to persist:

    * SharePoint objects metadata (sites, lists, items, and attachments). The plugin reads the metadata saved and builds the documents to send to the connector server.
    * siteCollections checkpoints.
    * Permissions inheritance (list of all SharePoint objects and permissions associated).
    * Site-collection taxonomy terms (if property is enabled).
    * List of siteCollections.
    * Folders fetched.

    <Note>Since SharePoint Optimized V2 connector v1.5.0, SharePoint objects metadata is not persisted as the metadata is removed when the crawl finishes.</Note>

    When the incremental crawl is performed, SharePoint Optimized V2 connector \<v2.0.0 uses the persisted information saved in previous crawls:

    * siteCollections checkpoints to know where to start a subsequent crawl (incremental crawl).
    * Information related to permissions inheritance to know which permissions and documents to update.
    * Information related to the list of siteCollections to perform siteCollection deletion.
    * Information related to the list of folders to update folders/nested folders.
    * Taxonomy terms to perform incremental crawl of this feature.

    When mapDb is persisted between crawls, this information needs to be deleted to perform a full recrawl.

    <Note>Since SharePoint Optimized V2 connector v2.0.0, the plugin does not need to persist the information mentioned above: site collection checkpoints, list of site collections, folders, or permissions. Only taxonomy terms requires mapDb usage and is needed only at crawl time.</Note>
  </Accordion>
</AccordionGroup>

<Card title="Connectors 101" class="note-image" href="https://academy.lucidworks.com/connectors-101" cta="Take this course on the LucidAcademy." icon="graduation-cap" iconType="duotone">
  The microlearning for **Connectors 101** focuses on Learn how connectors work to get data into Fusion.
</Card>

## Configuration

To change the number of items to retrieve per page, set the value of `apiQueryRowLimit`. The default value is `5000`.

To change the number of change events to retrieve per page, set the value of `changeApiQueryRowLimit`. The default value is `2000`.

<Tip>
  When entering configuration values in the UI, use *unescaped* characters, such as `\t` for the tab character. When entering configuration values in the API, use *escaped* characters, such as `\\t` for the tab character.
</Tip>

<SchemaParamFields schema={schema} />
