OneDrive is a cloud-based storage service for organizations of all sizes, with a focus on Microsoft 365 (formerly known as Office 365) document storage and collaboration. Create, store, share and automatically synchonize documents across your organization. The OneDrive connector provided with Workplace Search automatically captures, syncs and indexes the following items:
Including ID, File Metadata, File Content, Updated by, and timestamps
When configured after November 8, 2020, the OneDrive connector must be connected by an Azure AD admin user. Therefore, private sources are not supported. Organization sources are supported when connected by an Azure AD admin user.
During configuration, you register an OAuth app in Azure AD that does not have a verified publisher. After November 8, 2020, these apps can be connected by Azure AD admin users only.
Configuring the OneDrive Connectoredit
Configuring the OneDrive connector is the first step prior to connecting the OneDrive service to Workplace Search, and requires that you create an OAuth App from the OneDrive platform. To get started, first log in to OneDrive and access your administrative dashboard:
Step 1. Sign in to https://portal.azure.com/, look up and click on Azure Active Directory under More services:
Step 2. Click App Registrations:
Step 3. Register the application
Give your app a name - like "Workplace Search", make it multitenant and click Register.
Leave the Redirect URIs blank for now. We will need two: one for organizational sources and the other for private sources. We’ll add this later in the process.
Setting the app to single tenant will result in a degraded experience, and the connector will not sync content.
Step 4. Retrieve and keep the Client ID handy - we’ll need it within Workplace Search.
Step 5. Next, click the Add a Redirect URI link in the header.
Step 6. Click Add a platform and then select Web from the sidebar
Step 7. Add the following URIs and Save the cofiguration:
Add the following two redirect URIs, substituting
<WS_BASE_URL> with the base URL at which Workplace Search is hosted (scheme + host, no path).
# Deployment using a custom domain name https://www.example.com/ws/org/sources/one_drive/create https://www.example.com/ws/sources/one_drive/create # Deployment using a default Elastic Cloud domain name https://c3397e558e404195a982cb68e84fbb42.ent-search.us-east-1.aws.found.io/ws/org/sources/one_drive/create https://c3397e558e404195a982cb68e84fbb42.ent-search.us-east-1.aws.found.io/ws/sources/one_drive/create # Unsecured local development environment http://localhost:3002/ws/org/sources/one_drive/create http://localhost:3002/ws/sources/one_drive/create
Step 8. Navigate to Certificates & Secrets and then click New client secret:
Step 9. Pick a name for your client secret (for example, Workplace Search). Select Never as the expiration date:
Step 10. Save the Client Secret value before leaving this screen.
Step 11. We must now set up the permissions the Application will request from the Admin. Navigate to API Permissions and click Add Permission. Click Microsoft Graph and add delegated permissions until the list resembles the following:
Step 12. Finally, Grant admin consent.
Step 13. From the Workplace Search administrative dashboard’s Sources area, locate OneDrive, click Configure and provide both the Client ID and Client Secret.
Voilà! The OneDrive connector is now configured, and ready to be used to synchronize content. In order to capture data, you must now connect a OneDrive instance with the adequate authentication credentials.
Connecting OneDrive to Workplace Searchedit
Once the OneDrive connector has been configured, you may connect a OneDrive instance to your organization.
Step 1. Head to your organization’s Workplace Search administrative dashboard, and locate the Sources tab.
Step 2. Click Add a new source.
Step 3. Select OneDrive in the Configured Sources list, and follow the OneDrive authentication flow as presented.
Step 4. Upon the successful authentication flow, you will be redirected to Workplace Search.
OneDrive content will now be captured and will be ready for search gradually as it is synced. Once successfully configured and connected, the OneDrive synchronization automatically occurs every 2 hours.
You can synchronize document access permissions between OneDrive and Workplace Search. This will ensure the right people see the right documents.
Visit Document-level permissions for Microsoft to learn more about OneDrive document-level permissions.