Microsoft SharePoint

Tip

Download Mountain Duck to access in Finder on macOS & Windows Explorer.

SharePoint Online

OAuth 2.0

Microsoft SharePoint uses a OAuth 2.0 authorization code flow to grant access.

Microsoft SharePoint Connection Profile

Connect to SharePoint Online with the bundled Microsoft SharePoint connection profile. Follow these steps to connect to your SharePoint Online libraries:

1. Choose Open Connection… or add a New Bookmark to save the connection settings and select the Microsoft SharePoint connection profile.

2. No credentials must be entered for opening a connection, but instead after choosing Connect you need to log in to login.microsoftonline.com with your onmicrosoft.com account in your web browser.

3. Grant permission to Cyberduck to access your SharePoint library.

4. Allow to “Open Cyberduck” in your web browser to submit the authorization code used to retrieve the access token for authenticating with Microsoft SharePoint. Subsequent connections will not require authorization, unless the refresh token expired due to inactivity.

5. You are now able to access all sites, subsites, and document libraries thereof as well as all groups you are a member of.

Microsoft SharePoint Site Connection Profile

In case you are trying to access a site that is not listed when connecting with the Microsoft SharePoint connection profile, you can try to access the missing site with help of the Microsoft SharePoint Site connection profile. When using the Microsoft SharePoint Site connection profile, you are required to enter the SharePoint hostname (such as contoso.sharepoint.com) and the URL prefix path configured for your SharePoint site.

Note

You can’t mount a specific directory with this method as the Path field is used for the URL prefix path.

SharePoint Hybrid

If you have your own SharePoint Server but opted in to enable Microsoft Graph-connectivity to your SharePoint Server, you may be able to use the built-in Microsoft SharePoint-Profile.

Please refer to the official documentation from Microsoft for detailed setup guides.

• Hybrid for SharePoint Server

• Plan SharePoint Server hybrid

Administrator Consent Required

Administrator-consent may be required in certain situations. Depending on the setup of your Azure Active Directory (AAD) you may need to perform several steps in order for you to be able to access your SharePoint Online. Please get in contact with your domain administrator for following steps.

Manually Adding Cyberduck

Copy the link that corresponds to your used version, and send it to your domain administrator, this will add Cyberduck to the domain and all users are allowed to access Cyberduck in the future.

• Cyberduck 7.8 & Mountain Duck 4.4 or later.

• Cyberduck 6.9 & Mountain Duck 2.7 or older.

Automatically Allow Users to add Apps to the Domain

If applicable and trusted you may set Users can consent to apps accessing company data on their behalf to Yes at the Azure Active Directory Portal. This will allow users in the future to add apps without Admin-consent.

Admin Consent Requests (Preview)

There is a preview method of review application consent through the Azure Active Directory (AAD) Portal. Please enable Users can request admin consent to apps they are unable to consent to to Yes in the Enterprise applications - User settings. The domain administrator may now review all consents centrally at Admin consent requests (Preview).

SharePoint Server

To connect to a SharePoint Server, choose WebDAV for the connection type. This is available to

• SharePoint Server 2013

• SharePoint Server 2016

• SharePoint Server 2019

Available Authentication Methods

Basic Authentication

Basic Authentication should only be used when using secured connection over TLS (HTTPS).

NTLM Authentication

NTLM authentication may additionally require the name of the computer (NTLM Workstation) and network domain name (NTLM Domain). The optional domain name can be customized as part of the username in the format REALM\username in the Username input field when adding a bookmark.

• The default domain used when not specified can be set by using the hidden configuration option

  webdav.ntlm.domain=MYDOMAIN
  

• The default workstation can be set using the hidden configuration option

  webdav.ntlm.workstation=MYWORKSTATION
  

Windows

Alternatively, you can set the hidden configuration option webdav.ntlm.environment=true to read the domain and workstation for NTLM authentication from the Windows environment.

Configuration

You may review your SharePoint authentication methods via SharePoint Central Administration → Security → Specify authentication providers → Select zone.

Unavailable Authentication Methods

You may not connect to a SharePoint enabled site through WebDAV if any of these authentication methods is required:

• Kerberos (Issue #133)

• Forms Based Authentication

• Trusted Identity Provider

Versioning

A list of file versions can be viewed in the Versions tab of the Info window.

Limitations

Top Level folder

It is not possible to create a top level folder in Mountain Duck or Cyberduck. Instead, the following virtual top level folders are displayed which cannot be moved or renamed:

Folder Name
Default
Drives
Groups
Sites

Quota

Quota reporting is only supported for the Drives folder within their respective site folder.