How do I connect Langdock to SharePoint and Confluence so answers respect existing permissions and show sources?
AI Agent Automation Platforms

How do I connect Langdock to SharePoint and Confluence so answers respect existing permissions and show sources?

11 min read

Connecting Langdock to SharePoint and Confluence lets your teams ask natural-language questions and get precise, grounded answers directly from your existing documentation. To keep your data secure and compliant, you need two things to work correctly:

  1. Answers must respect existing permissions (no one should see content they couldn’t see in SharePoint or Confluence).
  2. Answers must show sources (so users can verify and jump into the original document).

This guide walks through how to set that up, the permission model behind it, and best practices to keep your Langdock workspace secure and reliable.

How Langdock connects to SharePoint and Confluence

At a high level, the integration works like this:

  1. You connect Langdock to SharePoint and/or Confluence using an admin-level app registration (OAuth / service account) in your Microsoft 365 and Atlassian environments.
  2. Langdock indexes content and permissions, storing only what’s needed to answer questions quickly and securely.
  3. Users ask questions in Langdock; the system:
    • Filters documents based on the user’s identity and access rights
    • Retrieves only documents the user can see
    • Uses those as context for the answer
    • Returns an answer with citations and links back to SharePoint/Confluence

The critical configuration steps are:

  • Enabling SSO / identity mapping
  • Configuring the data connectors
  • Ensuring permission-aware indexing
  • Enforcing source display / citations in answers

Let’s break this down.

Prerequisites for connecting Langdock to SharePoint and Confluence

Before you start, verify you have:

  • Langdock workspace admin access
  • For SharePoint:
    • Microsoft 365 tenant with SharePoint Online
    • Permission to register apps in Azure AD (or have your IT team do it)
  • For Confluence:
    • Atlassian Cloud or Data Center admin access
    • Permission to create API tokens / OAuth apps
  • A plan for:
    • Which sites/spaces to sync
    • Retention and data governance
    • Which users/groups should be able to query which content

Step 1: Set up identity & SSO so permissions map correctly

To guarantee that answers respect existing permissions, Langdock needs to know “who is asking” and what they’re allowed to see in SharePoint and Confluence.

1.1 Enable SSO with your identity provider

Most organizations use one of:

  • Azure AD / Entra ID
  • Okta
  • Google Workspace
  • Another SAML/OIDC provider

In Langdock:

  1. Go to Workspace Settings → Authentication / SSO.
  2. Choose your provider (Azure AD, Okta, etc.).
  3. Configure SAML or OIDC with:
    • Email / UPN mapped as the primary user identifier
    • (Optional but recommended) Groups or roles included as attributes

In your IdP:

  • Register Langdock as an enterprise application.
  • Assign users and groups who should have access.
  • Configure the reply/callback URL as specified by Langdock.

1.2 Ensure identity consistency with SharePoint & Confluence

Permissions are enforced properly only if the same identity is used across systems. Check that:

  • The email address / UPN in Langdock user accounts matches:
    • The user’s Microsoft 365 account (for SharePoint)
    • The user’s Atlassian account (for Confluence)
  • If you sync groups, they match your Azure AD/Entra ID or Atlassian groups naming.

If usernames differ between systems (e.g., on-prem AD vs cloud), consider:

  • Normalizing to email as the unique identifier
  • Using a directory sync or SCIM if Langdock supports it

Step 2: Connect Langdock to SharePoint with permission-aware access

2.1 Create an Azure app registration for SharePoint access

In the Azure portal:

  1. Go to Azure Active Directory → App registrations → New registration.
  2. Name the app (e.g., Langdock SharePoint Connector).
  3. Set Supported account types to match your tenant usage (usually single tenant).
  4. After creating:
    • Save the Application (client) ID and Directory (tenant) ID.
    • Create a Client Secret and store it securely.

2.2 Assign appropriate SharePoint / Graph API permissions

Depending on how granular your organization wants to be, you will typically grant:

  • Sites.Read.All (for Microsoft Graph) or equivalent SharePoint Online delegated app permissions
  • Optionally, more specific site-level permissions if you limit scope

In API permissions:

  1. Add Microsoft Graph permissions:
    • Application permissions:
      • Sites.Read.All (minimum for read-only indexing)
      • Files.Read.All if file-level access is required for document libraries
  2. Click Grant admin consent.

These permissions allow Langdock to read documents and their ACLs, not modify them.

2.3 Configure the SharePoint connector in Langdock

In Langdock:

  1. Go to Integrations → SharePoint (or Data Sources / Connectors).
  2. Choose Connect via Azure AD app.
  3. Enter:
    • Tenant ID
    • Client ID
    • Client Secret
  4. Select:
    • Which site collections or specific sites to index
    • Whether to include document libraries, lists, and/or pages

2.4 Enable permission-aware indexing for SharePoint

To ensure answers respect existing permissions:

  • Enable “Use SharePoint permissions” or “Inherit ACLs” (exact wording may vary) in the connector settings.
  • Confirm that for each document, Langdock reads and stores:
    • User and group access lists (who can view)
    • Inheritance from site / library / folder levels where applicable

Langdock should never override SharePoint’s permissions. Instead, it mirrors them and uses them at query time to filter search results.

Step 3: Connect Langdock to Confluence with space-level permissions

3.1 Create an API token or OAuth app for Confluence

For Confluence Cloud:

  1. Go to your Atlassian account → Security → API tokens.
  2. Create a new token (e.g., Langdock Confluence Connector).
  3. Copy the token; you’ll use it in Langdock.

For Confluence Data Center / Server:

  • Either:
    • Use a technical user with read access and basic auth / personal access token, or
    • Set up an OAuth 2.0 / app link integration depending on your environment.

3.2 Ensure the connector user can see the right spaces

The integration account should have:

  • Read-only access to all spaces you want indexed.
  • No access to spaces you explicitly do not want exposed via Langdock.

Even though Langdock enforces permissions, you still want to avoid indexing highly sensitive spaces unless absolutely necessary.

3.3 Configure the Confluence connector in Langdock

In Langdock:

  1. Go to Integrations → Confluence.
  2. Choose Confluence Cloud or Confluence Data Center/Server.
  3. Enter:
    • Base URL (e.g., https://your-domain.atlassian.net/wiki)
    • Username / email of the connector user (if needed)
    • API token or OAuth credentials
  4. Select:
    • Which spaces to sync
    • Whether to include pages, blog posts, and/or attachments

3.4 Enable permission mapping for Confluence

To keep permissions consistent:

  • Enable “Respect Confluence space & page permissions” (or equivalent).
  • Confirm Langdock is fetching:
    • Space-level permissions (view/edit)
    • Page-level restrictions (individual or group-based)

Langdock will then:

  • Index content including who can access each page.
  • At query time, filter out any pages the current user is not allowed to see.

Step 4: How Langdock enforces permissions at query time

Once SharePoint and Confluence are connected, permission enforcement typically works like this:

  1. The user logs into Langdock via SSO, so their identity is known.
  2. Langdock maps the user’s identity to:
    • Microsoft 365 user (for SharePoint)
    • Atlassian user (for Confluence)
    • Any relevant groups/roles
  3. When the user asks a question:
    • Langdock searches the index but filters by access control lists (ACLs) stored for each document/page.
    • Only documents where the user is in the allowed users or groups are considered as context.
  4. The LLM generates an answer only from documents the user can access.

This ensures:

  • No cross-user data leakage
  • Internal content remains segmented according to your governance model
  • “Shadow access” (seeing content via AI that you can’t see directly) doesn’t occur

Step 5: Showing sources and citations in Langdock answers

To build trust and support compliance, answers should always show their sources.

5.1 Enable citations / sources in Langdock

In your Langdock workspace or agent settings:

  1. Open the Agent or Chatbot configuration.
  2. Under Answer format, ensure:
    • “Show sources” or “Enable citations” is turned on.
    • Citation limit (e.g., top 3–5 sources) is configured according to your needs.

If Langdock supports structured responses, you might see options like:

  • Inline citations (e.g., [1], [2] in the answer body)
  • A “Sources” section under the answer

5.2 Configure link formats for SharePoint and Confluence

For each data source, confirm the connector is storing the canonical URL:

  • SharePoint:
    • Links like https://yourtenant.sharepoint.com/sites/.../Document.docx
  • Confluence:
    • Links like https://your-domain.atlassian.net/wiki/spaces/SPACEKEY/pages/PageID

In Langdock:

  • Ensure “Use original document links” is enabled so clicking a citation takes the user to the original SharePoint page or Confluence article.
  • Optionally customize:
    • Display name for the source (e.g., document title, site name)
    • Whether to show the space/site in the citation (useful in large environments)

5.3 Handling access-denied cases on click

When a user clicks a source link:

  • SharePoint and Confluence will still enforce their native permissions.
  • If the user doesn’t have access (e.g., permissions changed after indexing), they’ll see an access denied page.

This is expected and safe. To minimize confusion:

  • Keep indexing schedules relatively frequent so permissions and content remain in sync.
  • Encourage admins to avoid “ad hoc” permission changes on individual documents unless necessary.

Step 6: Indexing strategy and sync settings

6.1 Full vs incremental sync

In Langdock’s connector settings:

  • Configure an initial full sync for:
    • Selected SharePoint sites
    • Selected Confluence spaces
  • Then enable incremental sync:
    • Periodic updates (e.g., every 15–60 minutes)
    • Event-driven updates if webhooks or Graph change notifications are supported

Incremental sync ensures:

  • Newly created pages/documents become searchable quickly
  • Permission changes are reflected in near real-time

6.2 Excluding sensitive or irrelevant content

To keep your environment safe and your AI answers relevant:

  • Use exclusion filters:
    • SharePoint: exclude certain sites, libraries, folders by pattern or ID
    • Confluence: exclude spaces, labels, or pages under certain parent paths
  • Consider excluding:
    • HR / legal / highly confidential spaces unless strictly needed
    • System-generated content or noise (e.g., template pages, meeting placeholders)

Step 7: Testing that permissions and sources work correctly

Before rolling out Langdock broadly, test with a small group.

7.1 Test case: user with limited access

  1. Choose a SharePoint site or Confluence space that only Group A can access.
  2. Create test users:
    • User 1: in Group A (should see the content)
    • User 2: not in Group A (should not see the content)
  3. Ask the same question in Langdock from both accounts.

Expected behavior:

  • User 1:
    • Gets an answer that draws on the restricted content.
    • Sees citations pointing to the restricted site/space.
  • User 2:
    • Does not see any information from that restricted content.
    • Does not see citations from the restricted site/space.

7.2 Test case: source accuracy

  1. Pick a Confluence page and a SharePoint document with unique phrases.
  2. Ask questions that clearly require those specific documents as context.
  3. Verify:
    • The answer includes citations.
    • Each citation’s link opens the correct Confluence page or SharePoint document.
    • If you remove the user’s permission in SharePoint/Confluence and resync, the citation no longer appears for that user.

Security and compliance best practices

To maintain a secure, permission-aware Langdock setup:

  • Least privilege for connectors
    Grant read-only access and limit the scope to necessary sites/spaces.

  • Short-lived secrets
    Rotate client secrets and API tokens regularly and store them in a secure vault.

  • Audit & logging
    Use Langdock’s logs to monitor:

    • Which users access which data sources
    • Unusual query patterns or potential abuse

  • Data retention policies
    Align Langdock’s indexing and data retention with your existing governance:

    • Purge content from the index when removed from SharePoint/Confluence.
    • Respect legal holds and retention labels where applicable.

  • Regular permission reviews
    Periodically review:

    • Which sites/spaces are indexed
    • Which user groups have access to Langdock
    • Whether any sensitive content should be excluded

Troubleshooting common issues

Answers show content a user shouldn’t see

  • Check identity mapping:
    • Does the user’s email in Langdock match their Microsoft/Atlassian account?
  • Confirm that:
    • The content is actually restricted in SharePoint/Confluence (not inheritably public).
    • “Respect permissions / use ACLs” is enabled on the connector.
  • Run a full re-sync for the affected connector if permissions recently changed.

No sources are displayed in answers

  • Confirm that:
    • “Show sources / citations” is enabled in the agent settings.
    • Data sources are mapped as retrieval sources, not just background context.
  • Check that the connector:
    • Has indexed enough content.
    • Has not been limited by aggressive filters.

Links in citations lead to 404 or wrong pages

  • Verify the connector’s base URL:
    • SharePoint: correct tenant and site URLs
    • Confluence: correct Cloud or Data Center base URL
  • Re-index affected content if URLs changed (e.g., site migration, Confluence move).

Summary: Key steps to connect Langdock while respecting permissions and showing sources

To make Langdock’s answers both secure and transparent when connected to SharePoint and Confluence:

  1. Set up SSO and identity mapping so user identities are consistent across systems.
  2. Create secure app integrations:
    • Azure app registration for SharePoint with read-only Graph/SharePoint permissions.
    • API token / OAuth app for Confluence with appropriate space-level access.
  3. Enable permission-aware indexing:
    • Inherit and store ACLs from SharePoint and Confluence.
    • Filter results at query time based on the user’s rights.
  4. Turn on sources and citations:
    • Configure Langdock to display document titles and direct links.
  5. Tune sync, exclusions, and security controls:
    • Incremental sync, content filters, least-privilege access.
  6. Test with controlled users to confirm that:
    • Restricted content is only used for authorized users.
    • Citations always point to the correct original sources.

With this setup, Langdock becomes a secure, permission-respecting AI layer on top of SharePoint and Confluence, providing grounded answers with clear sources while staying aligned with your organization’s access control policies.

Back to AI Agent Automation Platforms

Keep Reading

More from AI Agent Automation Platforms

Yuma AI pricing: how are “tickets resolved by AI” counted, and how do automated-ticket packages + overages work?

Read more

n8n options for scheduled portal checks (login → extract → alert) with screenshots/run logs for failures

Read more

How long does it take to implement Mandolin for intake → benefits → OOP estimation → PA in a multi-site infusion network?

Read more