OneDrive & Office 365 Integration (Automated Account Linking)
Foldr appliance update 4.4 introduces support for the Microsoft Graph API which enables Foldr to automatically link local Active Directory users with their corresponding Office 365 account and in turn automatically present the account’s OneDrive storage. Note that SharePoint is not currently accessible via the this integration, however support for SharePoint will be available in a system update scheduled for early November 2017.
Integration Method 1 – Using Office 365 Portal / Azure AD Admin Center
1. Log into the Microsoft Office Portal at https://portal.office.com using your administrative Office 365 account.
2. Select Admin from the welcome screen
3. From the Office 365 Admin Center select Admin >> Azure AD
This will take you to the Azure Active Directory Admin Center.
4. Click Enterprise applications on the left-hand panel >> All applications >> + New application
5. Click All >> Application you’re developing
Finally select ‘Ok, take me to App Registrations to register my new application’
6. Click ‘New application registration’
7. Give the application a suitable name, leave application type as web app / API and finally enter the public URL of the Foldr installation.
8. Click Create. You should receive a success / confirmation message within a few seconds.
Now find your new application in the App Registrations Panel and select it.
9. Select Required Permissions in the Settings panel.
10. Select + Add in the Required Permissions panel.
11.Click ‘Select an API‘
12. From within the Select an API screen, click Microsoft Graph and click the Select button.
13. Within the Graph API, enable the Application Permission ‘Read and write files in all site collections‘
The ‘Require Permissions’ panel will now show the updated delegated permissions
14. Click the button labelled ‘Grant Permissions‘
15. Click ‘Yes‘ to the following dialog to grant permissions to all accounts in the directory.
16. On the App Registration main screen, make a note of the Application ID, this will be used later when creating the Microsoft service account in Foldr Settings.
17. The Application Key must now be created. To do this click on the Keys item in the Settings panel.
18. In the Keys panel, enter a description, select an expiration and finally click Save at the top of the panel.
The application key is now displayed and must be noted (saved elsewhere) as it will not be accessible again. The key will be required later when creating the Microsoft service account in Foldr Settings. You are able to create additional replacements keys later, if required.
Integration Method 2 – Using the Azure Portal
1. Log into the Microsoft Azure Portal at https://portal.azure.com using your administrative Microsoft account.
2. Select Azure Active Directory from the left hand panel.
3. Click Application Registrations >> New Application and from here you follow step 7 onwards from Integration Method 1.
Creating the Microsoft Service Account
The Microsoft service account must now be created within General >> Service Accounts >> Microsoft >> Application Key
The Application ID for the Foldr app registration shown in the Azure portal should be copied into the Client ID field.
The API Key shown in the Azure portal should be copied into Foldr Settings >> General >> Service Accounts >> Microsoft >> Application Key.
The Tenant ID is mandatory should be obtained within the Azure portal, by clicking on the main Properties menu item for Azure Active Directory and copying the Directory ID.
Creating the Microsoft Office 365 service account
You must finally select the Active Directory User Attribute to match against the corresponding Office 365 account. Typically, either the user’s UPN or email address will match the Office 365 email address used to identify their account. If neither of these attributes match, you can select the ‘custom’ ption to build your own matching rule, such as %firstname.lastname@example.org
Enable the OneDrive intergration & Change Background Account Access
Navigate to Foldr Settings >> Services >> OneDrive / Office 365
Enable OneDrive integration and select the service account. Please note, as we are not using manual linking, you do NOT need to complete the Application ID or Key fields here
Enable OneDrive integration and select the Microsoft service account.
Please note, as we are not using manual linking, you do NOT need to complete the Application ID or Key fields here:
A new Share should now be created for OneDrive under Foldr Settings >> Shares using the share path %onedrive% to present the users OneDrive storage within the Foldr interface. Give the share a suitable name, icon and any other options that are required.
Select the Microsoft service account on the OneDrive share configuration screen.
Do NOT enable the setting ‘Use service account for all access – Note – this has been moved to the ‘Advanced’ tab.’
Finally, Click SAVE.
The integration steps for automatic account linking and presenting OneDrive to users is now complete. When a user signs into Foldr, their corresponding OneDrive storage should be presented to the user automatically. SharePoint support for automatic linking is coming in the next appliance update.
Troubleshooting – HTTPS / SSL inspection
Please ensure the following domains are excluded from HTTPS / SSL man-in-the-middle inspection on your firewall / web filter, as this will cause issues between the Foldr and OneDrive / SharePoint Online: