OneDrive & Office 365 Integration (Automated Account Linking)

Posted on 26th September 2017

Foldr appliance update 4.4 introduces support for the Microsoft Graph API which enables Foldr to automatically link local Active Directory users with their corresponding Office 365 account and in turn automatically present the account’s OneDrive storage.  Note that SharePoint is not currently accessible via the this integration, however support for SharePoint will be available in a system update scheduled for early November 2017.

Integration Method 1 – Using Office 365 Portal / Azure AD Admin Center

1.  Log into the Microsoft Office Portal at using your administrative Office 365 account.

2.  Select Admin from the welcome screen

3. From the Office 365 Admin Center select Admin >> Azure AD

This will take you to the Azure Active Directory Admin Center.

4. Click Enterprise applications on the left-hand panel >> All applications >> + New application

5. Click All >> Application you’re developing

Finally select ‘Ok, take me to App Registrations to register my new application’

6. Click ‘New application registration’

7.  Give the application a suitable name, leave application type as web app / API and finally enter the public URL of the Foldr installation.

8.  Click Create.  You should receive a success / confirmation message within a few seconds.

Now find your new application in the App Registrations Panel and select it.

9.  Select Required Permissions in the Settings panel.

10.  Select + Add in the Required Permissions panel.

11.Click ‘Select an API

12. From within the Select an API screen, click Microsoft Graph and click the Select button.

13. Within the Graph API, enable the Application Permission ‘Read and write files in all site collections

The ‘Require Permissions’ panel will now show the updated delegated permissions

14.  Click the button labelled ‘Grant Permissions

15.  Click ‘Yes‘ to the following dialog to grant permissions to all accounts in the directory.

16. On the App Registration main screen, make a note of the Application ID, this will be used later when creating the Microsoft service account in Foldr Settings.

17. The Application Key must now be created.  To do this click on the Keys item in the Settings panel.

18. In the Keys panel, enter a description, select an expiration and finally click Save at the top of the panel.

The application key is now displayed and must be noted (saved elsewhere) as it will not be accessible again.  The key will be required later when creating the Microsoft service account in Foldr Settings.  You are able to create additional replacements keys later, if required.

Integration Method 2 – Using the Azure Portal

1. Log into the Microsoft Azure Portal at using your administrative Microsoft account.

2. Select Azure Active Directory from the left hand panel.

3. Click Application Registrations >> New Application and from here you follow step 7 onwards from Integration Method 1.

Creating the Microsoft Service Account

The Microsoft service account must now be created within General >> Service Accounts >> Microsoft >> Application Key

The Application ID for the Foldr app registration shown in the Azure portal should be copied into the Client ID field.

The API Key shown in the Azure portal should be copied into Foldr Settings >> General >> Service Accounts >> Microsoft >> Application Key.

The Tenant ID is mandatory should be obtained within the Azure portal, by clicking on the main Properties menu item for Azure Active Directory and copying the Directory ID.

Creating the Microsoft Office 365 service account

You must finally select the Active Directory User Attribute to match against the corresponding Office 365 account.  Typically, either the user’s UPN or email address will match the Office 365 email address used to identify their account.  If neither of these attributes match, you can select the ‘custom’ ption to build your own matching rule, such as

Click SAVE

Enable the OneDrive intergration & Change Background Account Access

Navigate to Foldr Settings >> Services >> OneDrive / Office 365

Enable OneDrive integration and select the service account.  Please note, as we are not using manual linking, you do NOT need to complete the Application ID or Key fields here

Enable OneDrive integration and select the Microsoft service account.

Please note, as we are not using manual linking, you do NOT need to complete the Application ID or Key fields here:

Adding the Global Share for OneDrive

A new Share should now be created for OneDrive under Foldr Settings >> Shares using the share path %onedrive% to present the users OneDrive storage  within the Foldr interface.  Give the share a suitable name, icon and any other options that are required.

Select the Microsoft service account on the OneDrive share configuration screen.

Do NOT enable the setting ‘Use service account for all access – Note – this has been moved to the ‘Advanced’ tab.’

Finally, Click SAVE.

The integration steps for automatic account linking and presenting OneDrive to users is now complete.  When a user signs into Foldr, their corresponding OneDrive storage should be presented to the user automatically.  SharePoint support for automatic linking is coming in the next appliance update.

Troubleshooting  – HTTPS / SSL inspection

Please ensure the following domains are excluded from HTTPS / SSL man-in-the-middle inspection on your firewall / web filter, as this will cause issues between the Foldr and OneDrive / SharePoint Online:



Need more help?

Get in touch with our friendly help desk who will be happy to assist you,