About OneDrive Scan to and Print from Folder OAuth
OAuth (Open Authorization) is known as an authorization protocol. It consists of a set of rules that allows a third-party website or application to access a user’s data without login credentials. This open-source protocol enables users to share their data and resources stored on one site with another site using a token-based authorization method.
Administrators can implement OAuth at the folder level by applying this protocol to the Scan to Folder and/or Print from Folder device button properties. This implementation is for OneDrive folders only. Users can authenticate via the WebApps Client or device in order to access their designated folders.
Note: Device authentication is not required if a user has previously authenticated via the WebApps Client.
Before you begin
You must have your groups, devices, and folders set up before you can implement OAuth at the folder/button level.
Setting up OAuth
You can set up OAuth at the folder/button level by using the Device Group Properties dialog box.
To set up OAuth
- Start the Server Administrator.
- Expand Devices on the Server Administrator tree.
- Right-click the appropriate device and select Properties. The Device Group Properties dialog box appears.
- Select the Buttons tab.
- Select the appropriate button; for example, Scan to Folder or Print from Folder. The Button Properties > General dialog box appears.
- Ensure the Options > Require authentication check box is selected.
Note: The Capture user password and Always prompt user for a password options are optional.
- Select the Options tab.
- Ensure the appropriate Display options and folders are selected.
- Below the For Folders that support OAuth Authorization heading, select the Use OAuth Device Code Flow Authorization check box.
- Click OK.
See the Button Properties > Options dialog box example below.
Note: Users will get an OAuth Authorization Failure message at the device if the Use OAuth Device Code Flow Authorization option is not selected.
How it works
Users must authenticate at a device for the first time after the OAuth setup is complete.
Note: Authorization expires after 40 days and users must reauthorize if the device was not used at least once during the 40-day token lifetime.
For users with OAuth enabled
Users will get the following message when the Scan to or Print from Folder button is selected. See example below.
Example: Device button message
“Your OneDrive Account has never been authorized or has expired. To authorize OneDrive from your mobile device, go to:
https://microsoft.com/devicelogin
Then enter the following code when prompted
XXXXXXXXX
This code will expire in 5 minutes.”
Note: The code used in the example above is for illustrative purposes and is not a valid code.
To authorize the OneDrive Account
- Type https://microsoft.com/devicelogin in the browser and press Enter. The Microsoft Enter code dialog box appears.
- Enter the code and follow the instructions provided by Microsoft to continue.
Users will get access to their designated folders after the OneDrive account has been authorized.
Note: The code expires if the user does not authorize the OneDrive account within the allotted time frame and will have to start over.
For users without OAuth enabled
Users will get the following OAuth Authorization Failure message at the device if the Use OAuth Device Code Flow Authorization option is not enabled during setup. Users must follow the instructions indicated in the message. See example below.
Example: OAuth Authorization Failure message
“Your OneDrive account is not authorized to work with
/FolderAuthorizations
Alternatively, select the Email button to email instructions to yourself.”