Sharepoint Knowledge Management - Best Practices and FAQs

If your IT team wants to understand the Zoom Marketplace connector for Sharepoint and Zoom Virtual Agent, below you will find common questions and best practices. 

Link the to connector is here.

1. How Authentication and Permissions Work

When you connect SharePoint as a knowledge base source in Zoom Virtual Agent, the integration uses OAuth authentication. This means:

• The SharePoint account used during authentication authorizes the connection between Zoom and Microsoft 365.

• The Virtual Agent does not gain elevated or independent permissions — it can only access content that the authenticated account has permission to view.

• In other words, the Virtual Agent “inherits” the same access rights as the SharePoint account used to establish the connection.

This design ensures that SharePoint’s native access controls remain fully enforced. If a document or site is restricted for that account, the Virtual Agent will not be able to retrieve or surface it.

2. Restricting Access to Specific Sites or Libraries

You can scope and limit access on both sides:

On the SharePoint side

• Create or use a dedicated service account for the integration.

• Grant that account read-only access to the specific SharePoint site(s) or document library(ies) you want the Virtual Agent to use.

• Do not grant tenant-wide or full administrative permissions unless required.

• SharePoint’s Azure Information Rights Management (IRM) and Unified Classification Labels continue to apply, so any document-level restrictions or encryption policies remain enforced.

3. On the Zoom side

• Within Zoom Virtual Agent’s Knowledge Base configuration, you can specify which SharePoint site or library to connect to. *the account you use to authenticate will be shown to ZVA for the site/library selection. 

• The Virtual Agent will only index and retrieve content from that defined scope. It can not update sites/library/artifacts.

• Access to the knowledge base itself within Zoom is governed by Zoom’s role-based access control (RBAC) framework, which limits who can view, edit, or manage the integration. The integration is governed by the permission set of the authenticated Sharepoint user. 

Recommended Best Practices

• Use a dedicated service account for the integration rather than a personal user account. - ensure this account can only see the Sharepoint sites/library that you want Zoom Virtual Agent to see. ZVA can not edit the site/library. This dedicated service account is usually a specific account for ZVA-only, that is untied from an individual user.