Admin Setup

SharePoint Admin Setup Guide

Deploy and configure the Ask Sage Chat Widget on your SharePoint sites.

About This Guide

This guide walks SharePoint site administrators and owners through the complete process of deploying and configuring the Ask Sage chatbot widget on their SharePoint sites.

Estimated Time: 15-20 minutes to complete the full setup.
Agency Security Note: Depending on your organization's security requirements, you may need to request and obtain approval on a per-page basis before deploying the widget to a specific SharePoint page. Check with your agency's security team or SharePoint governance office to confirm any approval workflows that apply before proceeding.
Table of Contents
  1. Prerequisites
  2. Step 1: Upload to App Catalog
  3. Step 2: Add Web Part to a Page
  4. Step 3: Configure API Connection
  5. Step 4: Configure Dataset Access
  6. Step 5: Configure Access Control (Optional)
  7. Step 6: Publish and Test
  8. Troubleshooting
  9. Security Considerations
  10. Monitoring Recommendations
  11. Setup Checklist
  12. Additional Resources

Prerequisites

Before You Begin

Ensure you have the following before starting:

SharePoint Admin Access

Permissions to access the SharePoint App Catalog

The Package File

asksage-chatbot.sppkg file provided to you

Ask Sage API Key

Obtained from your Ask Sage representative

Network Access

Your SharePoint environment can reach https://api.asksage.ai

Step 1: Upload to App Catalog

Upload to App Catalog

1.1 Navigate to App Catalog

1

Go to your SharePoint Admin Center

2

Navigate to More features > Apps > Open

3

Click App Catalog. If you don't have one, you'll need to create an App Catalog first.

SharePoint Admin Center showing the path to App Catalog

1.2 Upload the Package

1

In the App Catalog, go to Apps for SharePoint

2

Click Upload or drag and drop the asksage-chatbot.sppkg file

3

A dialog will appear asking you to deploy the solution

Apps for SharePoint library with Upload button

1.3 Deploy the Solution

1

Check the box: "Make this solution available to all sites in the organization". This allows the web part to be used on any site. You can control access later using the built-in whitelist feature.

2

Click Deploy and wait for deployment to complete (usually 1-2 minutes)

Done: The Ask Sage chatbot is now available to add to any SharePoint page in your organization.

Step 2: Add Web Part to a Page

Add the Web Part

1

Go to the SharePoint site and page where you want to add the chatbot

2

Click Edit in the top-right corner of the page

3

Click See all web parts and search for "Ask Sage" or "AskSageChat"

4

Click on the Ask Sage Chat web part to add it to the page. It will appear as a blue icon in the bottom right corner with "Initialize Chat" displayed.

SharePoint page in edit mode showing the web part search
Tip: You can place the web part anywhere on the page. It will always render as a floating button in the bottom right corner regardless of placement.

Step 3: Configure API Connection

API Connection

3.1 Open the Property Pane

Click the Properties button on the right side after selecting the web part. The property pane will open on the right side of the screen.

Web part with property pane open

3.2 Configure API Settings

Setting What to Enter Required
API Key Your organization's Ask Sage API key Yes
API Base URL Default: https://api.asksage.ai/server. Change only if using a proxy. No
1

Enter your API Key in the provided field

2

(Optional) Change the API Base URL if using a custom proxy or different endpoint

3

Click the "Refresh Datasets" button to load your available knowledge bases

API Configuration section with API Key field and Refresh Datasets button
Troubleshooting: If the datasets don't load, verify your API key is correct and your network allows connections to api.asksage.ai.

Step 4: Configure Dataset Access

Dataset Configuration

Datasets are the knowledge bases that the chatbot can search. You can control which datasets users can access and which are selected by default.

4.1 Filter Available Datasets (Optional)

Purpose: Limit which datasets users can choose from in the chatbot interface.

1

In the "Dataset Configuration" section, find "STEP 1: Filter which datasets users can select"

2

Choose one of the following:
- Leave empty -- Users can see and select from all datasets
- Select specific datasets -- Use the dropdown to choose which datasets should be available

3

Use "Select All" to add all datasets or "Clear All" to remove all selections

Dataset Configuration section showing filtered datasets selection
Example: A Sales team site might only show sales-related datasets. A public-facing page might restrict access to general FAQ datasets only.

4.2 Set Default Datasets

Purpose: Pre-select which datasets are active when users first open the chatbot.

1

Find "STEP 2: Set default pre-selected datasets" in the same section

2

Use the dropdown to select dataset(s). You can only select from datasets in the filtered list (if you configured one).

3

Use "Copy from Filtered Datasets" to quickly set all filtered datasets as defaults, or "Clear All" to remove defaults.

Default datasets configuration
Example Configuration:
  • Filtered Datasets: sales-docs, product-catalog, pricing-guide
  • Default Datasets: sales-docs, product-catalog
  • Result: Users see three datasets but two are already selected when they open the chat

Step 5: Configure Access Control (Optional)

Site Collection Whitelist

The Site Collection Whitelist restricts which SharePoint sites can use this web part instance.

Understanding the Whitelist

  • Empty whitelist = Web part works on all sites (default)
  • Populated whitelist = Web part only works on matching sites
  • Supports wildcard patterns (*) for flexible matching

Add Site Restrictions

Expand the "Access Control" section in the property pane and enter URL patterns in the "Site Collection Whitelist" field (one per line):

# Allow all sites on your tenant
*.contoso.com

# Allow only HR and IT sites
https://contoso.sharepoint.com/sites/HR/*
https://contoso.sharepoint.com/sites/IT/*

# Allow a specific page
https://contoso.sharepoint.com/sites/Intranet/SitePages/Home.aspx
Access Control section with Site Collection Whitelist

Pattern Matching Rules

Pattern Matches
https://contoso.sharepoint.com/sites/HR Only this exact site
*.sharepoint.com/sites/IT Any subdomain with this path
https://contoso.sharepoint.com/* Any path under this domain
*/sites/Sales/* Any domain with /sites/Sales/ in the path

Lines starting with # are treated as comments.

Important: This is a client-side governance feature, not a security boundary. For true access control, use SharePoint page permissions or implement server-side validation. See Security Considerations.

Step 6: Publish and Test

Publish and Test

6.1 Save and Publish

1

Review all your settings in the property pane, then close it (settings are saved automatically)

2

Click "Republish" or "Publish" in the top-right corner to make the chatbot live

6.2 Test the Chatbot

View the published page and verify the following:

  • The chatbot widget appears and shows "Connected" status (no "Connecting..." message)
  • Click to open the chat interface
  • Verify the correct datasets are pre-selected
  • Send a test question and receive a response
  • Try selecting different datasets (if multiple are available)
  • Verify the chat history persists during your session
Ask Sage Chat Widget full view showing a conversation

Troubleshooting

Common Issues

"Connecting..." Badge Won't Disappear

Solutions:

  • Verify the API key in the property pane is correct
  • Check that your firewall/proxy allows access to api.asksage.ai
  • Open browser Developer Tools (F12) and check the Console tab for errors
  • Contact Ask Sage support if the issue persists
Datasets Not Loading

Solutions:

  • Ensure you've entered the API key in the property pane
  • Click "Refresh Datasets" after entering the key
  • Verify your Ask Sage account has datasets configured
  • Check browser console for error messages
"Access to this web part is restricted on this site"

Solutions:

  • Edit the page and open the web part property pane
  • Go to "Access Control" section
  • Add the current site URL to the whitelist, or clear the whitelist entirely
  • Republish the page
"Rate limit exceeded" Message

Solutions:

  • Wait 60 seconds for the rate limit to reset
  • The message will automatically clear when the rate limit resets
  • This is a normal protection mechanism to prevent abuse
Chatbot Displays But Doesn't Respond

Solutions:

  • Ensure at least one dataset is selected in the chat interface
  • Try selecting different datasets
  • Verify the datasets contain content in your Ask Sage admin panel
  • Check browser console for error messages

Security Considerations

Security Considerations

API Key Protection

Current Limitation: The API key is stored in the SharePoint property pane and is visible to anyone who can edit the page.

Mitigation Steps:

  • Restrict page editing permissions to trusted administrators only
  • Monitor API usage regularly through your Ask Sage dashboard
  • Rotate API keys periodically (quarterly recommended)
  • Set up usage alerts in your Ask Sage account

Rate Limiting

The current client-side rate limiting (30 requests per minute) can be bypassed by technical users. For stronger enforcement, implement server-side rate limiting in your API proxy.

Site Collection Whitelist

This is a client-side governance feature, NOT a security control. For true access control:

  • Use SharePoint page permissions
  • Implement Azure AD group-based authorization
  • Add server-side validation in your API proxy
  • Use tenant-level IP restrictions

Data Security

  • User Messages: Stored temporarily in browser memory only. Cleared when user closes the chat. Maximum 10 messages retained.
  • API Communication: All communication uses HTTPS encryption.
  • HTML Content: All AI responses are sanitized to prevent XSS attacks using DOMPurify.

Monitoring Recommendations

Ongoing Monitoring

Weekly

Review API usage in Ask Sage dashboard

Monthly

Audit which sites have the web part deployed

Quarterly

Rotate API keys and review dataset access configurations

Set Up Alerts For:
  • Unusual spikes in API usage
  • Multiple failed authentication attempts
  • Rate limit violations

Setup Checklist

Completion Checklist

  • Package deployed to App Catalog
  • Solution made available to all sites
  • Web part added to target page
  • API key configured and datasets refreshed
  • Dataset filtering configured (if needed)
  • Default datasets set (if desired)
  • Site collection whitelist configured (if needed)
  • Page published and tested
  • Test question sent and response received
  • API usage monitoring set up
  • API key documented in secure location
  • Quarterly API key rotation scheduled

Additional Resources

Resources

Have Questions? Contact your Ask Sage representative or reach out at support@asksage.ai

Back to top

Copyright © 2026 Ask Sage Inc. All Rights Reserved.