OneDrive
OneDrive is a cloud storage and file hosting service by Microsoft, fully integrated with Microsoft Office. Workato's OneDrive connector enables you to seamlessly integrate and automate workflows between OneDrive and third-party applications, supporting a wide range of file processing use cases.
FEATURE AVAILABILITY
The OneDrive connector isn't available to workspaces in the CN data center. This reflects local regulatory requirements and applies to our multi-tenant and Virtual Private Workato (VPW) offerings.
API version
The OneDrive connector uses the Microsoft Graph API v1.0 for OneDrive.
Connection setup
The OneDrive connector supports the following authentication types:
- Authorization code grant authentication (OAuth 2.0)
- Client credentials-based authentication (OAuth 2.0)
MICROSOFT MFA ENFORCEMENT
Microsoft is rolling out mandatory multifactor authentication (MFA) gradually to different applications and accounts in phases. This enforcement continues throughout 2025 and beyond. Refer to the Microsoft Mandatory multifactor authentication for Azure and admin portals documentation for more information.
We strongly recommend enabling MFA now for all Microsoft accounts used with Workato to avoid service disruptions from short-notice enforcement changes.
Complete the following steps to maintain uninterrupted service:
Enable MFA for your Microsoft organization following the Microsoft MFA setup guide. Refer to Set up multifactor authentication for Microsoft 365 for more information.
Reconnect your Microsoft connection in Workato.
Complete the OAuth flow with MFA when prompted.
Test your recipes to ensure they work with the updated connection.
Authorization code grant authentication (OAuth 2.0)
Use the Tenant ID/Domain value with tenant-specific account types.
Minimum and default scopes
The OneDrive connector requests the following scopes by default. These scopes support all triggers and actions. You must assign these as Delegated permissions in the Azure portal:
Files.ReadWriteGroup.Read.AllFiles.Readoffline_access
You must add the following minimum scopes to establish a connection to OneDrive with authorization code grant authentication:
Files.Readoffline_access
OneDrive setup for authorization code grant authentication
Complete the following steps to set up OneDrive for authorization code grant authentication:
- Register the Workato app in Azure portal
- Assign permissions to your app
- Obtain the Directory (tenant) ID from the Azure portal
Register the Workato App in Azure portal
View register the Workato app in the Azure portal steps
Complete the following steps to register the Workato app in the Azure portal:
Sign in to the Azure portal.
Select App registrations > + New registration.
Enter a unique name for the application.
Use the Supported account types drop-down menu to select an account type.
Select Web from the Select a platform drop-down menu.
Use the following URI for the Redirect URI:
https://www.workato.com/oauth/callbackSelect Register.
Assign permissions to your app
View assign permissions to your app steps
Complete the following steps to assign permissions to your app:
Go to your newly registered app and select Manage > API permissions in the navigation sidebar.
Click + Add a permission and select Microsoft Graph APIs.
Add the required permissions. Depending on your connection type, you must assign Application or Delegated permissions.
Add permissions
Click Add permissions. If specific permissions require admin consent, refer to Connect Microsoft Entra ID to the Outlook connector to learn more.
Obtain the Directory (tenant) ID from the Azure portal
View obtain the Directory (tenant) ID from the Azure portal steps
Complete the following steps to obtain the Directory (tenant) ID from the Azure portal:
Go to the Overview > Essentials section.
App details
Copy and save the Directory (tenant) ID for use in Workato.
Connect to OneDrive with authorization code grant authentication
View connect to OneDrive with authorization code grant authentication steps
Complete the following steps to set up a authorization code grant connection to OneDrive in Workato:
Click Create > Connection.
Search for OneDrive and select it as your app.
Enter a name for your connection in the Connection name field.
Use the Location drop-down menu to select the project where you plan to store the connection.
Use the Connection account type drop-down menu to select the type of account you plan to use. The available choices are Personal, Business, and Tenant-specific.
Personal connections
Business connections
Tenant specific connectionsUse the Authentication type drop-down menu to select Authorization code grant.
Optional. Go to the Advanced settings section to manually select the permissions. The minimum permissions required to establish a connection are Files.Read and offline_access. Workato always requests these permissions regardless of the permissions you select. Refer to Minimum and default scopes for more information.
Optional. Use the Custom OAuth profile drop-down menu to select a custom OAuth profile for your connection.
Click Sign in with Microsoft.
Client credentials-based authentication (OAuth 2.0)
This authentication type requires the following values:
- Tenant ID/Domain
- User ID
- Client ID
- Client secret
Minimum and default scopes
We recommend the following scopes for client credentials-based connections. These scopes support all triggers and actions. You must assign these as Application permissions in the Azure portal:
Files.Read.AllFiles.ReadWrite.AllGroup.Read.AllSites.ReadWrite.All
You must add the following minimum scopes to establish a connection to OneDrive with client credentials-based authentication:
Files.Read.All
OneDrive setup for client credentials-based authentication
Complete the following steps to set up OneDrive for client credentials-based authentication:
- Register the Workato app in the Azure portal
- Assign permissions to your app
- Generate a client secret
- Obtain the Application (client) ID, Object ID, and Directory (tenant) ID from the Azure portal
- Obtain the User ID from the Azure portal
COMPATIBLE AUTHENTICATION
Client credentials-based authentication is only compatible with tenant-specific connections.
Register the Workato App in the Azure portal
View register the Workato app in the Azure portal steps
Complete the following steps to register the Workato app in the Azure portal:
Sign in to the Azure portal.
Select App registrations > + New registration.
Enter a unique name for the application.
Use the Supported account types drop-down menu to select an account type.
Select Web from the Select a platform drop-down menu.
Use the following URI for the Redirect URI:
https://www.workato.com/oauth/callbackSelect Register.
Assign permissions to your app
View assign permissions to your app steps
Complete the following steps to assign permissions to your app:
Go to your newly registered app and select Manage > API permissions in the navigation sidebar.
Click + Add a permission and select Microsoft Graph APIs.
Add the required permissions. Depending on your connection type, you must assign Application or Delegated permissions.
Add permissions
Click Add permissions. If specific permissions require admin consent, refer to Connect Microsoft Entra ID to the Outlook connector to learn more.
Generate a client secret
View generate a client secret steps
Complete the following steps to generate a client secret:
Go to Manage > Certificates & Secrets > Client secrets.
Click + New client secret.
Provide a Description for the client secret and specify an Expires date.
Click Add.
Copy and save the client secret Value—not the Secret ID—for use in Workato.
Copy and save the client secret value
Obtain the Application (client) ID, Object ID, and Directory (tenant) ID from the Azure portal
View obtain the Application (client) ID, Object ID, and Directory (tenant) ID from the Azure portal steps
Complete the following steps to obtain the Application ID, Object ID, and Directory (tenant) ID from the Azure portal:
Go to the Overview > Essentials section.
App details
Copy and save the Application (client) ID, Object ID, and Directory (tenant) ID for use in Workato.
Obtain the User ID from the Azure portal
View obtain the User ID from the Azure portal steps
Complete the following steps to obtain the User ID from the Azure portal:
Go to Home > Users to obtain the User ID.
Select users
Search for and select the default user you plan to use to perform operations. This user doesn't establish the connection but is required for performing certain operations that an app can't perform. It's also required in picklists to pull user data. For example, the folder picklist populates folders belonging to the default user.
Copy and save the User principal name. Use this value as the User ID in Workato.
Connect to OneDrive with client credentials-based authentication
View connect to OneDrive with client credential-based authentication steps
Complete the following steps to set up a client credentials-based connection to OneDrive in Workato:
Click Create > Connection.
Search for OneDrive and select it as your app.
Enter a name for your connection in the Connection name field.
Use the Location drop-down menu to select the project where you plan to store the connection.
Select Tenant specific as the Connection account type. This option supports accounts tied to a specific organization (tenant).
Tenant specific account connection type
Provide your Tenant ID/Domain. This is the Directory (tenant) ID for your app. Refer to Obtain the Application (client) ID, Object ID, and Directory (tenant) ID from the Azure portal for more information.
Use the Authentication type drop-down menu to select Client credentials.
Provide the User ID, Client ID, and Client secret for your app. Refer to Obtain the Application (client) ID, Object ID, and Directory (tenant) ID from the Azure portal and Generate a client secret for more information.
Optional. Use the Custom OAuth profile drop-down menu to select a custom OAuth profile for your connection.
Click Sign in with Microsoft.
Connect Microsoft Entra ID to the OneDrive connector
View connect Microsoft Entra ID to the OneDrive connector steps
To connect to the OneDrive connector using a Microsoft Entra ID account, ensure that all the consent requests are granted by admins.
Complete the following steps to grant admin consent using an admin account:
Sign in to your Azure portal and navigate to Enterprise Applications > Activity > Admin consent requests.
Approve the necessary consent requests.
Last updated: