For IT Administrators

Connect your firm's SharePoint to Punchitect

Four steps, around 10 minutes. No code required beyond copy-pasting the PowerShell below. Your data never leaves your Microsoft 365 tenant — Punchitect never stores files on its own servers.

01
Grant admin consent

Tell Microsoft that Punchitect's enterprise app is allowed to request sign-in from users in your organization. This is a one-time action for your whole tenant — individual users don't need to do anything extra.

The app requests two delegated permissions, meaning they only activate when a user is actively signed in:

User.Read Read the signed-in user's name and email address for display purposes.
Sites.Selected Access only to specific SharePoint sites you explicitly approve in Step 2 — not your entire SharePoint.
Grant Admin Consent for My Organization
02
Grant access to a specific SharePoint site

Sites.Selected means Punchitect can only touch sites you explicitly approve — nothing else in your SharePoint. Run this PowerShell as a SharePoint admin to grant access to one site.

Prerequisites: SharePoint admin role in your Microsoft 365 tenant, and PowerShell on your machine.
PowerShell 
# Install PnP PowerShell module (one-time, skip if already installed)
Install-Module "PnP.PowerShell" -Force

# Connect to the SharePoint site you want to approve
Connect-PnPOnline -Url "https://YOURTENANT.sharepoint.com/sites/YOURSITE" -Interactive

# Grant Punchitect write access to this site only
Grant-PnPAzureADAppSitePermission `
  -AppId "loading…" `
  -DisplayName "Punchitect Enterprise" `
  -Permissions Write

Replace YOURTENANT with your SharePoint tenant name and YOURSITE with the site path.

03
Find your site, drive, and folder IDs

Your users enter three IDs when they first sign in with SharePoint Enterprise. Run the commands below to retrieve them, then share the values with your team.

Site ID and Drive ID — run in the same PowerShell session from Step 2:

PowerShell 
# Site ID (copy the full Id value)
Get-PnPSite -Includes Id | Select-Object Url, Id

# Drive ID — look for your document library (usually "Documents")
Get-PnPList -Includes Id | Where-Object { $_.BaseTemplate -eq 101 } | Select-Object Title, Id

Folder item ID — use Graph Explorer (sign in as an admin) and call:

Graph API 
GET https://graph.microsoft.com/v1.0/sites/{siteId}/drives/{driveId}/root:/{FolderName}

The id field in the response is the folder item ID. If you want Punchitect to save to the root of the library, omit :/FolderName and use the id from GET .../drives/{driveId}/root instead.

04
Share the details with your team

Sign in to punchitect.com yourself first using Sign in with SharePoint Enterprise. As the first person from your tenant, you'll be prompted to enter the three IDs from Step 3 — that registers your firm's workspace.

Once you've done that, send your team to punchitect.com and have them click Sign in with SharePoint Enterprise. They'll go straight into the app — no IDs, no setup screen. Each person signs in under their own Microsoft identity, and Punchitect reads and writes files as that user with no data stored outside your tenant.