⚠️ OneCloud provides the following setup and configuration to help expedite use of the OneCloud Microsoft OneDrive BizApp using a default deployment. Actual screens may vary depending on your Microsoft Azure deployment or security access. If you uncover any differences in this configuration guide or input to enhance this guide, please contact us at firstname.lastname@example.org
Register an Application
Start by navigating to your Microsoft Azure portal:
Navigate into your Azure Active Directory services:
Navigate to App Registrations and click on New registration:
Provide a desired Application Name and then press Register:
Configure Application Authentication
From the main list of App Registrations click it to drill down to specify Application Authentications:
From the Manage panel click on Authentication:
Set the Default Tenant Type to Public=Yes and then Click Add a Platform:
Under the Add a Platform select Web:
Under the Redirect URI enter the following:
Make sure to check the box for MultiTenant under Supported Account Types:
📓 See additional details below about MultiTenant configurations.
Setting up Certificates and Secrets
Click on the Certificates & Secrets in the Manage panel:
Click New Client Secret at the bottom of the page:
After providing a brief Description and Expiry date a Client Secret will be displayed. This will need to be stored for safe keeping and entry into OneCloud.
Setting up API Permissions
Click on API Permissions in the Manage panel then Add a Permission:
Choose Microsoft Graph under Microsoft APIs:
Choose Delegate Permissions as the Request Type:
From the list of permissions you will need:
Everything under FILES
Once done, click Grant Admin Consent:
OneCloud BizApp Scope
Use the following scope inside of OneCloud:
Files.ReadWrite.Selected Files.ReadWrite.AppFolder Files.ReadWrite.All Files.ReadWrite Files.Read.Selected Files.Read.All Files.Read offline_access
As the OneCloud BizApp requires the MultiTenant option to be enabled it is up to the Azure Administrators to ensure applications are correctly configured for security compliance. This option, when correctly used with Azure security, does not open up the application to everyone. Below are suggestions on additional steps that can be taken.
Review the documentation from Microsoft related to MultiTenant setup.
Enable security on the individual application.
Assign/allow users access to the application.
Navigate to Active Directory.
Click on Enterprise Applications under Manage.
Select your application from the list to start the edit process. If your application is not listed by default, click on All Applications under Manage.
Click on Properties under Manage.
On the properties screen set the following properties:
Enabled for users to sign-in? = Yes
User assignment required? = Yes
(Optional) Visible to users? = No
This allows only specific users access to the application. In the next configuration you can assign the specific users that will be used for the OAUTH authentication in the BizApp.
Resuming from the steps above click on Users and Groups under Manage.
Through standard Azure AD processes, add your users as necessary.
If after following these instructions, you were unable to properly create a sample application or are experiencing issues, please contact us at email@example.com. We are here to assist.