To configure OneDrive with user-based access, the following steps are needed.

  • Register new application in Microsoft Azure. 
  • Create a new client secret. 
  • Update configuration in the management interface.

Steps are described in more detail in the chapters below.

In case you have any troubles, please refer to the troubleshooting section of the edit connector documentation.

For more information on registering applications, see https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app.

Registering new application

  1. Go to the Microsoft Azure portal https://portal.azure.com/
  2. Login with Microsoft account that will be used for application registration.
  3. If you have logged into the Microsoft Azure portal for the first time, you will need to configure your subscription first. 
  4. Click on the Azure Active Directory.

  5. In the Azure Active Directory, we can see Tenant ID – this ID will be later used on the Configuration page in the management interface. Save this ID for later and proceed to the App registration.


  6. Create new registration.
  7. Fill in 
    • Application name e.g. "OneDrive Scanning"
    • Supported account types select an option according to customer needs. If the application is created only for one customer, the first option is enough.
    • Redirect URI select Web and in the text box fill in the address where the application requesting the authorization is accessible e.g. https://<Management Service URL>/login/oauth2/code/oidc. Ensure the Management Service URL is accessible. 
    • Click  Register



  8. A new application will be created. On the Overview page, we can see Application (client) ID, save this value for later. Application (client) ID will be used on the Configuration page in the management interface.

Creating client secret

Prerequisite: Follow instructions for Registering new application.

  1. Make sure you are in the correct application.
  2. Navigate to the Certificates & secrets using the sidebar menu.
  3. Click on New client secret.

  4. Fill in
    • Description e.g. OneDrive
    • Expires select expiration time of the secret
    • Click Add


  5. A new client secret will be created. Copy your secret value to some temporary file as you will be not able to view it after you leave this page. Client secret will be later filled on the Configuration page in the management interface.

Updating the configuration in the management interface

Prerequisite: Follow instructions for Registering new application, Creating client secret

  1. Log in to the management interface using an account with administrator rights.
  2. Navigate to System > Configuration.
  3. Change the settings level to EXPERT.
  4. Configure "managementServiceUrl", Management Service URL needs to match the URI filled in Azure Application registration
  5. Search for "webAuthenticationMethod" and select "OpenID Connect"
  6. Fill in "openIdConnectClientId" configuration with Application (client) ID obtained from application registration
  7. Fill in "openIdConnectClientSecret" configuration with Client secret obtained from creating client secret
  8. Add "https://graph.microsoft.com/Files.ReadWrite" to the "openIdConnectAdditionalScopes" configuration
  9. Update OpenID Connect provider issuer location "openIdConnectIssuerLocation" with combination of issuer address and Tenant Id "https://login.microsoftonline.com/<Tenant ID>/v2.0"
  10. Finally disable Redirect to OpenID Connect authorization server "openIdConnectDirectlyRedirectToProviderLoginPage" configuration if SSO is not used