OneDrive & Office 365 Integration (Manual Account Linking)

Introduction

Foldr provides integration with Office 365 to allow OneDrive for Business and SharePoint Online sites to be presented in the Foldr interface.  Foldr can also provide access to the document storage locations that are available to users through Office 365 Teams.

Active Directory accounts may be automatically linked to Office 365 accounts and the corresponding OneDrive &/or SharePoint sites can be presented in the Foldr interface.  Users can alternatively link a Microsoft Office 365 accounts manually.  Manual linking will present a pop-up dialog requesting the user’s Microsoft account credentials the first time they try to access OneDrive, SharePoint Online or a Teams share in Foldr.

Once an Office 365 account is linked in Foldr, a user can edit any on-premise or cloud hosted Office files in Office Online (web-based versions of Word, Excel & PowerPoint).  Collaborative editing is also possible through Office Online with SharePoint Online.

Manual or Automatic Account Linking?

The administrator should decide which method of account linking is to be used in the deployment as there are benefits to both methods.  Automated account linking uses a service account to provide immediate access to user’s OneDrive and SharePoint sites with no additional effort from the user. However, the connection always uses service account credentials, rather than those of the individual user. Only the manual account linking method can respect the granular Office 365 user’s permissions for sites and nested sub-folders in SharePoint.

Essentially, if only OneDrive is being presented to users through Foldr, then automated linking would provide a smoother user experience and remove the need to enter the Office 365 credentials the first time it was accessed.  If you intend you present SharePoint sites, then it would be recommended to use manual linking, unless the security permissions in place in Office 365 are flat across the organisation, with no granular access permissions.

Regardless of the account linking method used, the administrator can still control visibility of all storage locations (OneDrive, SharePoint libraries, Teams) using permissions in Foldr Settings >> Shares, specifying read/write access by user or group.

Integration Steps – Manual Account Linking

Creating the App Registration in Azure

1.  Log into the Microsoft Azure Portal at https://portal.azure.com using your administrative Microsoft account.

2.  Select Azure Active Directory from the left-hand panel.

3.  Click App Registrations.

4.  Click New registration.

5.  Give the application a suitable name, and click REGISTER.  In most cases the supported account type can be left as default (top radio button)

6.  The app summary / configuration screen will be show.  Click Authentication.

7.  Add a Redirect URI  (Reply URL) using the format:

https://address-of-foldr/services/microsoft/connect

The Redirect URI / Reply URL must be the public address of the Foldr installation appended with /services/microsoft/connect as shown in the example below

8.  Click SAVE.

9.  Click Certificates & secrets > New client secret.

10.  Enter a description, select a suitable expiration lifetime (never is recommended), and finally click ADD.

11.  The new client secret will be displayed.

IMPORTANT – You should take a copy of the key at this point as you cannot retrieve it again later, however new keys can be generated later, if required.

12.  Click  API Permissions > Add a permission

13.  Select Microsoft Graph

14.  Click Delegated Permissions.

15.  Select the following permissions from the Directory and Files sections:

Directory.Read.All
Files.ReadWrite
Files.ReadWrite.All

16.  Click Add Permissions at the bottom of the screen.

17.  The permission summary will now be shown showing the new delegated permissions.

18.  Click the GRANT ADMIN CONSENT button at the bottom of the screen.

19.  Click Yes on the confirmation prompt.

20.  A success message will then be shown

21.  Click on Overview and take a copy of the Application (client) ID and Directory (tenant) ID.  These will be required later when enabling the integration on the Foldr appliance.

Enabling the Office 365 integration in Foldr

The Office 365 integration should now be enabled and the Application ID, Client secret and Directory ID, should be copied into the relevant the fields within:

Foldr Settings >> Services >> OneDrive / Office365 >> Client ID | Application Key | Tenant ID

Client ID = Application (client) ID in Azure

Application Key = Client secret in Azure

Tenant ID = Directory (tenant) ID in Azure

Example settings shown below for Office 365 Manual Account linking.

Finally, Click SAVE CHANGES.

Adding the Share for OneDrive

A new share should be created for OneDrive under Foldr Settings >> Shares using the Share URI %onedrive%

Select a suitable icon and click SAVE.

Presenting SharePoint sites to Users

A new share should be created for each SharePoint site under Foldr Settings >> Shares using the Share URI:

%sharepoint%(tenant.sharepoint.com/sites/site-name)

Note if /sites/ is not in the SharePoint URL when viewed through O365 directly, it can be removed from the Share URI

To present the organisation’s root/default SharePoint site, using the Share URI %sharepoint%

Presenting Teams storage to Users

A new share can be created for Teams under Foldr Settings >> Shares using the Share URI %teams%

Presenting Shared Office 365 items to Users

Foldr is able to present items that have been shared with them using the native sharing tools in Office 365. Shared items can be displayed in a dedicated share/storage item within My Files or alternatively a ‘Shared with Me’ directory can be displayed inside a user’s OneDrive and all shared items will be availabe inside.

To create a dedicated share for Office 365 shared items, create a new share within Foldr Settings > Shares and set the Share URI to %onedriveshared%

To present a users OneDrive with a ‘Shared with Me’ folder in the root of OneDrive, create a share and set the Share URI to %onedrivewithshared%

 

Note – OneDrive, SharePoint & Teams storage icons will be visible to users immediately in the web app before they link their account.  Once they click on the storage icon, they will be prompted to enter their Office 365 credentials.

i.e.  The user clicks the OneDrive item and is prompted as below to authenticate with Office 365 in a new tab.

The account is then linked, and OneDrive storage should be browsable in any of the Foldr apps and all Office documents can be edited in Office Online.

Alternatively, a user can link and unlink their Microsoft accounts when logged into the Foldr web app using the menu item ‘Me’ > Services.  This is available top right menu of the interface or the left hand panel.

Click Services >> OneDrive/Office 365

Click ‘LINK ACCOUNT’ and you will be prompted to sign in.

The account is then linked, and OneDrive storage should be available in any of the Foldr apps and Office documents can be edited in Office Online from on-premise shares or OneDrive / SharePoint.  Users can unlink their Microsoft Account at any time from the Services menu shown above.

The integration for Office 365 is now complete.

Need more help?

Get in touch and we'll be happy to assist you, [email protected]

© Minnow IT. Registered in England and Wales with company number 07970411.

Made with in Bristol, UK

<