Configuring Microsoft OneDrive for Business with user based access - simplified guide

To configure OneDrive with user-based access, the following steps are needed.

  • Register new application in Microsoft Azure.

  • Create a new client secret.

  • Update configuration in the management interface.

Steps are described in more detail in the chapters below.

In case you have any troubles, please refer to the troubleshooting section of the edit connector documentation.

For more information on registering applications, see https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app.

Registering new application

  1. Go to the Microsoft Azure portal https://portal.azure.com/

  2. Login with Microsoft account that will be used for application registration.

  3. If you have logged into the Microsoft Azure portal for the first time, you will need to configure your subscription first.

  4. Click on the Azure Active Directory.

    images/download/attachments/284930786/image2021-11-26_11-56-51-version-1-modificationdate-1645089701577-api-v2.png

  5. In the Azure Active Directory, we can see Tenant ID – this ID will be later used on the Configuration page in the management interface. Save this ID for later and proceed to the App registration.

    images/download/attachments/284930786/image2021-11-26_13-25-1-version-1-modificationdate-1645089701370-api-v2.png



  6. Create new registration.

    images/download/attachments/284930786/image2021-11-26_11-43-34-version-1-modificationdate-1645089701633-api-v2.png

  7. Fill in

    • Application name e.g. "OneDrive Scanning"

    • Supported account types select an option according to customer needs. If the application is created only for one customer, the first option is enough.

    • Redirect URI select Web and in the text box fill in the address where the application requesting the authorization is accessible e.g. https://< Management Service URL> /login/oauth2/code/oidc. Ensure the Management Service URL is accessible.

    • Click Register

    images/download/attachments/284930786/image2021-11-26_11-52-29-version-1-modificationdate-1645089701567-api-v2.png

  8. A new application will be created. On the Overview page, we can see Application (client) ID, save this value for later. Application (client) ID will be used on the Configuration page in the management interface.

    images/download/attachments/284930786/image2021-11-26_11-58-6-version-1-modificationdate-1645089701560-api-v2.png

Creating client secret

Prerequisite: Follow instructions for Registering new application.

  1. Make sure you are in the correct application.

  2. Navigate to the Certificates & secrets using the sidebar menu.

  3. Click on New client secret.

    images/download/attachments/284930786/image2021-11-26_12-8-56-version-1-modificationdate-1645089701513-api-v2.png

  4. Fill in

    • Description e.g. OneDrive

    • Expires select expiration time of the secret

    • Click Add

    images/download/attachments/284930786/image2021-11-26_12-12-4-version-1-modificationdate-1645089701503-api-v2.png

  5. A new client secret will be created. Copy your secret value to some temporary file as you will be not able to view it after you leave this page. Client secret will be later filled on the Configuration page in the management interface.

    images/download/attachments/284930786/image2021-11-26_12-13-48-version-1-modificationdate-1645089701497-api-v2.png

Updating the configuration in the management interface

Prerequisite: Follow instructions for Registering new application, Creating client secret

  1. Log in to the management interface using an account with administrator rights.

  2. Navigate to System > Configuration.

  3. Change the settings level to EXPERT.

  4. Configure "managementServiceUrl", Management Service URL needs to match the URI filled in Azure Application registration

    images/download/attachments/284930786/image2021-11-26_12-49-17-version-1-modificationdate-1645089701450-api-v2.png

  5. Search for "webAuthenticationMethod" and select "OpenID Connect"

    images/download/attachments/284930786/image2021-11-26_12-50-1-version-1-modificationdate-1645089701440-api-v2.png

  6. Fill in "openIdConnectClientId" configuration with Application (client) ID obtained from application registration

    images/download/attachments/284930786/image2021-11-26_12-56-28-version-1-modificationdate-1645089701433-api-v2.png

  7. Fill in "openIdConnectClientSecret" configuration with Client secret obtained from creating client secret

    images/download/attachments/284930786/image2021-11-26_12-59-28-version-1-modificationdate-1645089701427-api-v2.png

  8. Add "https://graph.microsoft.com/Files.ReadWrite" to the "openIdConnectAdditionalScopes" configuration

    images/download/attachments/284930786/image2021-11-26_13-2-38-version-1-modificationdate-1645089701417-api-v2.png

  9. Update OpenID Connect provider issuer location "openIdConnectIssuerLocation" with combination of issuer address and Tenant Id "https://login.microsoftonline.com/<Tenant ID>/v2.0"

    images/download/attachments/284930786/image2021-11-26_13-20-16-version-1-modificationdate-1645089701377-api-v2.png

  10. Finally disable Redirect to OpenID Connect authorization server "openIdConnectDirectlyRedirectToProviderLoginPage" configuration if SSO is not used

    images/download/attachments/284930786/image2021-11-26_13-12-2-version-1-modificationdate-1645089701397-api-v2.png