Connecting OneDrive

edit

Connecting OneDriveedit

OneDrive is a cloud-based storage service for organizations of all sizes, with a focus on Microsoft 365 (formerly known as Office 365) document storage and collaboration. Create, store, share and automatically synchonize documents across your organization. The OneDrive connector provided with Workplace Search automatically captures, syncs and indexes the following items:

Stored Files

Including ID, File Metadata, File Content, Updated by, and timestamps

Known issuesedit

  1. When configured after November 8, 2020, the OneDrive connector must be connected by an Azure AD admin user. Therefore, private sources are not supported. Organization sources are supported when connected by an Azure AD admin user.

    During configuration, you register an OAuth app in Azure AD that does not have a verified publisher. After November 8, 2020, these apps can be connected by Azure AD admin users only.

Configuring the OneDrive Connectoredit

Configuring the OneDrive connector is the first step prior to connecting the OneDrive service to Workplace Search, and requires that you create an OAuth App from the OneDrive platform. To get started, first log in to OneDrive and access your administrative dashboard:


Step 1. Sign in to https://portal.azure.com/, look up and click on Azure Active Directory under More services:

Figure 63. Connecting OneDrive

Step 2. Click App Registrations:

Figure 64. Connecting OneDrive

Step 3. Register the application

Give your app a name - like "Workplace Search", make it multitenant and click Register.

Leave the Redirect URIs blank for now. We will need two: one for organizational sources and the other for private sources. We’ll add this later in the process.

Click Register

Figure 65. Connecting OneDrive

Setting the app to single tenant will result in a degraded experience, and the connector will not sync content.


Step 4. Retrieve and keep the Client ID handy - we’ll need it within Workplace Search.


Step 5. Next, click the Add a Redirect URI link in the header.

Figure 66. Connecting OneDrive

Step 6. Click Add a platform and then select Web from the sidebar

Figure 67. Connecting OneDrive

Step 7. Add the appropriate redirect URIs and Save the cofiguration:

Figure 68. Connecting OneDrive

The redirect URIs required vary by which user interface you are using to manage Enterprise Search. Enterprise Search in Kibana and standalone Enterprise Search use different redirect URIs. See user interfaces for details on each UI.

When using standalone Enterprise Search, add the following two redirect URIs, substituting <WS_BASE_URL> with the base URL at which Workplace Search is hosted (scheme + host, no path).

<WS_BASE_URL>/ws/org/sources/one_drive/create
<WS_BASE_URL>/ws/sources/one_drive/create

Examples:

# Deployment using a custom domain name
https://www.example.com/ws/org/sources/one_drive/create
https://www.example.com/ws/sources/one_drive/create

# Deployment using a default Elastic Cloud domain name
https://c3397e558e404195a982cb68e84fbb42.ent-search.us-east-1.aws.found.io:443/ws/org/sources/one_drive/create
https://c3397e558e404195a982cb68e84fbb42.ent-search.us-east-1.aws.found.io:443/ws/sources/one_drive/create

# Unsecured local development environment
http://localhost:3002/ws/org/sources/one_drive/create
http://localhost:3002/ws/sources/one_drive/create

When using Enterprise Search in Kibana, use the following redirect URI, substituting <KIBANA_BASE_URL> with the base URL of your Kibana instance. This should correspond with the value of kibana.external_url in your enterprise-search.yml:

<KIBANA_BASE_URL>/app/enterprise_search/workplace_search/sources/added

Examples:

# Deployment using a custom domain name for Kibana
https://www.example.com/app/enterprise_search/workplace_search/sources/added

# Deployment using a default Elastic Cloud domain name for Kibana
https://c3397e558e404195a982cb68e84fbb42.kb.us-east-1.aws.found.io:443/app/enterprise_search/workplace_search/sources/added

# Unsecured local Kibana environment
http://localhost:5601/app/enterprise_search/workplace_search/sources/added

Step 8. Navigate to Certificates & Secrets and then click New client secret:

Figure 69. Connecting OneDrive

Step 9. Pick a name for your client secret (for example, Workplace Search). Select 24 months as the expiration date:

Figure 70. Connecting OneDrive

Step 10. Save the Client Secret value before leaving this screen.

Figure 71. Connecting OneDrive

Step 11. We must now set up the permissions the Application will request from the Admin. Navigate to API Permissions and click Add Permission. Click Microsoft Graph and add delegated permissions until the list resembles the following:

Figure 72. Connecting OneDrive

Step 12. Finally, Grant admin consent.


Step 13. From the Workplace Search administrative dashboard’s Sources area, locate OneDrive, click Configure and provide both the Client ID and Client Secret.

Voilà! The OneDrive connector is now configured, and ready to be used to synchronize content. In order to capture data, you must now connect a OneDrive instance with the adequate authentication credentials.

Connecting OneDrive to Workplace Searchedit

Once the OneDrive connector has been configured, you may connect a OneDrive instance to your organization.


Step 1. Head to your organization’s Workplace Search administrative dashboard, and locate the Sources tab.


Step 2. Click Add a new source.


Step 3. Select OneDrive in the Configured Sources list, and follow the OneDrive authentication flow as presented.


Step 4. Upon the successful authentication flow, you will be redirected to Workplace Search.

OneDrive content will now be captured and will be ready for search gradually as it is synced. Once successfully configured and connected, the OneDrive synchronization automatically occurs every 2 hours.

Document-level permissionsedit

You can synchronize document access permissions from OneDrive to Workplace Search. This will ensure the right people see the right documents.

See Document-level permissions for Microsoft.

Limiting the content to be indexededit

If you don’t need to index all the available content, you can specify the indexing rules via the API. This will help shorten indexing times and limit the size of the index. See Customizing indexing. For OneDrive, applicable rule types would be path_template and file_extension.

Synchronized fieldsedit

The following table lists the fields synchronized from the connected source to Workplace Search. The attributes in the table apply to the default search application, as follows:

  • Display name - The label used when displayed in the UI
  • Field name - The name of the underlying field attribute
  • Faceted filter - whether the field is a faceted filter by default, or can be enabled (see also: Customizing filters)
  • Automatic query refinement preceding phrases - The default list of phrases that must precede a value of this field in a search query in order to automatically trigger query refinement. If "None," a value from this field may trigger refinement regardless of where it is found in the query string. If '', a value from this field must be the first token(s) in the query string. If N.A., automatic query refinement is not available for this field by default. All fields that have a faceted filter (default or configurable) can also be configured for automatic query refinement; see also Update a content source, Get a content source’s automatic query refinement details and Customizing filters.
Display name Field name Faceted filter Automatic query refinement preceding phrases

Id

id

No

N.A.

URL

url

No

N.A.

Title

title

No

N.A.

Type

type

Default

None

Path

path

No

N.A.

Created by

created_by

Configurable

[creator is, created by, edited by, modified by]

Last updated

last_updated

No

N.A.

Updated by

updated_by

Configurable

[edited by, updated by, modified by]

Drive owner

drive_owner

Default

N.A.

Media type

mime_type

Default

None

Extension

extension

Default

None