OneDrive

OneDrive (opens new window) is a cloud storage and file hosting service by Microsoft, fully integrated with Microsoft Office. Workato's OneDrive connector enables you to seamlessly integrate and automate workflows between OneDrive and third-party applications, supporting a wide range of file processing use cases.

API version

The OneDrive connector uses the Microsoft Graph API v1.0 for OneDrive (opens new window).

How to connect to OneDrive

Workato supports the following types of connections to OneDrive:

• Authorization code grant authentication (OAuth 2.0)
• Client credentials-based authentication (OAuth 2.0): Only available for tenant-specific connections

Authorization code grant authentication (OAuth 2.0)

Authorization code grant authentication consists of the following steps:

1. Register the Workato App in Azure portal
2. Complete setup in Workato

This authentication method requires the following value for tenant-specific account types:

• Tenant ID/Domain

Register the Workato App in Azure portal

Complete the following steps to register the Workato app and assign it permissions for authorization code grant connections.

1

Register the Workato app in the Azure Portal

1

Sign in to the Azure portal (opens new window).

2

Select App registrations > + New registration, under Azure services.

3

Enter a unique name for the application and select a Supported account type.

4

Select Web from the Select a platform drop-down menu.

5

Enter https://www.workato.com/oauth/callback as the Redirect URI and select Register.

Register an app

2

Assign permissions to your app

1

Select Manage > API permissions in the navigation sidebar.

2

Click + Add a permission and select Microsoft Graph APIs.

3

Add the required permissions as outlined in the Permissions required to connect section. Depending on your connection type, you must assign Application or Delegated permissions.

Add permissions

4

Click Add permissions. If specific permissions require admin consent, refer to the Granting admin consent (opens new window) section for guidance.

3

Obtain the Directory (tenant ID) from the Azure portal

1

Go to the Overview > Essentials section.

App details

2

Copy the Directory (tenant) ID for use in Workato.

Complete setup in Workato

1

Click Create > Connection.

2

Search for and select OneDrive as your connection in the New connection page.

3

Provide a name for your connection in the Connection name field.

4

Use the Location drop-down menu to select the project where you plan to store the connection.

5

Use the Connection account type drop-down menu to select the type of account you plan to use. The available choices are Personal, Business, and Tenant-specific.

• Personal: This option allows you to sign in using a personal account that is not restricted to a specific organization (tenant).

Personal connections

• Business: This option allows you to sign in using a user account belonging to a company or organization.

Business connections

• Tenant specific: This option is specifically designed for users who belong to a particular organization (tenant).

Tenant specific connections

Provide the tenant ID of the Azure Active Directory (Azure AD) tenant (a GUID), or its tenant domain in the Tenant ID/Domain field. This ensures that you are accessing resources that are specifically configured for that tenant. Learn how to obtain this value.

6

Select Authorization code grant as the Authentication type.

7

Optional. By default, the connector requests a set of scopes required for all triggers and actions. You can use the Advanced settings section to manually configure permissions instead. The minimum permissions required to establish a connection are Files.Read and offline_access. Workato always requests these permissions by default, regardless of the permissions you select. Refer to the permissions section for more information.

8

Click Sign in with Microsoft.

Client credentials-based authentication (OAuth 2.0)

COMPATIBLE AUTHENTICATION

Client credentials-based authentication is only compatible with tenant-specific connections.

This authentication method consists of the following steps:

1. Register the Workato App in the Azure portal
2. Complete setup in Workato

This method requires the following fields:

• Tenant ID/Domain
• User ID
• Client ID
• Client Secret

Register the Workato App in the Azure Portal

Complete the following steps to register the Workato app and assign it permissions for client credentials-based connections.

1

Register the Workato App in the Azure Portal

1

Sign in to the Azure portal (opens new window).

2

Select App registrations > + New registration, under Azure services.

3

Enter a unique name for the application and select a Supported account type.

4

Select Web from the Select a platform drop-down menu.

5

Enter https://www.workato.com/oauth/callback as the Redirect URI and select Register.

Register an app

2

Assign permissions to your app

1

Select Manage > API permissions in the navigation sidebar.

2

Click + Add a permission and select Microsoft Graph APIs.

3

Add the required permissions as outlined in the Permissions required to connect section. Depending on your connection type, you must assign Application or Delegated permissions.

Add permissions

4

Click Add permissions. If specific permissions require admin consent, refer to the Granting admin consent (opens new window) section for guidance.

3

Generate an API key

1

Go to Manage > Certificates & Secrets > Client secrets and click + New client secret.

2

Provide a Description for the client secret and specify an expiry date.

3

Click Add. Copy and save this secret for use in Workato.

4

Obtain the Application (client) ID, Object ID, and Directory (tenant) ID from the Azure Portal

1

Go to the Overview > Essentials section.

App details

2

Copy the Application (client) ID, Object ID, and Directory (tenant) ID for use in Workato.

5

Obtain the User ID from the Azure Portal

1

Go to Home > Users to obtain the User ID.

Select users

2

Search for and select the default user you plan to use to perform operations. This user does not establish the connection but is required for performing certain operations that an app can't perform. It is also required in picklists to pull user data. For example the folder picklist populates folders belonging to the default user.

3

Copy the User principal name. Use this value as the User ID in Workato.

Return to Workato to finish setting up your connection.

Complete setup in Workato

1

Click Create > Connection.

2

Search for and select OneDrive as your connection in the New connection page.

3

Provide a name for your connection in the Connection name field.

4

Use the Location drop-down menu to select the project where you plan to store the connection.

5

Select Tenant specific as the Connection account type. This option supports accounts tied to a specific organization (tenant).

Tenant specific account connection type

6

Provide your Tenant ID/Domain. This is the Directory (tenant) ID for your app. Refer to the Register an app in Azure section to learn how to obtain this value.

7

Select Client credentials as the Authentication type.

8

Provide the User ID, Client ID, and Client secret for your app. Refer to the Register an app in Azure section to learn how to obtain these values.

9

Click Sign in with Microsoft.

Permissions required to connect

Permissions define the OneDrive connector's access level when interacting with OneDrive resources. This section outlines the default and minimum scopes required for authorization code grant and client credentials connections.

Default scopes for authorization code grant connections

By default, the OneDrive connector requests the following scopes for authorization code grant connections. These scopes are necessary to use all of this connector's triggers and actions. Additionally, you must assign these permissions to the Workato app as Delegated permissions in the Azure portal.

• Files.ReadWrite
• Group.Read.All
• Files.Read
• offline_access

Minimum scopes for authorization code grant connections

The following minimum scopes are required to establish a connection to OneDrive using authorization code grant authentication:

• Files.Read
• offline_access

Default scopes for client credential connections

We recommend the following scopes for client credentials connections. These scopes enable full access to all triggers and actions in the OneDrive connector. You must assign these permissions as Application permissions in the Azure portal:

• Files.Read.All
• Files.ReadWrite.All
• Group.Read.All
• Sites.ReadWrite.All

Minimum scopes for client credential connections

The following minimum scopes are required to establish a connection to OneDrive using client credentials-based authentication:

• Files.Read.All

Connect Microsoft Entra ID to the OneDrive connector

To connect to the OneDrive connector using a Microsoft Entra ID account, ensure that all the consent requests are granted by admins.

Complete the following steps to grant admin consent using an admin account:

1

Sign in to your Azure portal and navigate to Enterprise Applications > Activity > Admin consent requests.

2

Approve the necessary consent requests.