OneDrive Username/Password-Based Authentication

The OneDrive connectorregisters as an Azure AD An identity and access management solution from Microsoft that helps organizations secure and manage identities for hybrid and multicloud environments. applicationwithuser name authentication.

Application Permissions

The Azure application must be granted the following SharePoint  Delegated API permission (see the topic below):

• • AllSites.FullControl
    Have full control of all site collections
    Note: This permission is the minimum required as this is the only permission which lets the SharePoint API caller fetch security permissions set on sites.

The Azure application must be granted the following Graph API Delegated permissions:

• • Member.Read.Hidden
    Read all hidden memberships
  • GroupMember.Read.All
    Read all groups
  • Directory.Read.All
    Read all group memberships
  • User.Read.All
    Read all users' full profiles

User Permissions

• Tenant admin permissions are needed for Autofetch.
  • Autofetch is used when a site collection filter is not specified or when a site collection filter containing the wildcard (*) symbol is specified.
• Edit permissions are needed on the site collections that will be crawled.

Register the Azure Application

1. Go to https://portal.azure.com/ and login with Azure Global Admin user credentials.
   
   
2. Click Azure Active Directory An identity and access management solution from Microsoft that helps organizations secure and manage identities for hybrid and multicloud environments. andclick on the desired directory.
   
   
3. From the menu select App Registrations.
   
   
   
   
4. Click New registration to register a new app.
   
   
   
   
5. Name: Enter a name for your app.
   
   
6. Application type: Select Web app/API app.
   
   
   
   
7. Redirect URI: Enter a URI of your choosing. (The URI is not used in the SharePoint Online Authorization mechanism)
   
   
8. Click Register at the bottom of the page.
   
   
9. Go to Authentication.
   
   
10. Set "Allow Public Client Flows" to "Yes"
    
    
    
11. Within the app, go to API Permissions.
    
    
    
    
12. Under API Permissions >  Add a permission > Sharepoint.
    
    
    
    
13. Delegated permission > "AllSites.FullControl"
    
    
    
    
14. Click the Add Permissions button at the bottom of the screen.
    
    
15. Repeat this process (Steps 9 through 12) for each of the following Microsoft Graph APIs - Delegated permissions:
    
    
    
    
16. Back in the "Configured permissions" menu, select all permission and click the Grant admin consent.. button to grant the selected permissions (requires admin rights).

Grant Access to the Connector

The connector accesses the SharePoint Online API via the public client flow mechanism.

To enable this mechanism:

1. Go to the Authentication tab for the app registration you just created.
   
   
2. Under Advanced Settings, select Yes for the option "Enable the following mobile and desktop flows."
   
   
3. Click Save to apply your changes.