Authorization

When you add an OneDrive card to a flow for the first time, you'll be prompted to configure the connection. This helps you to connect your OneDrive account, save your account information, and reuse the connection for future OneDrive flows. Create a connection using an OneDrive admin account or an OneDrive user account. Okta recommend that you use an OneDrive admin account when creating a connection for the first time.

Note

Make sure that you have enabled supported scopes. See Guidance for OneDrive connector.

Note

For your convenience, Okta has created OneDrive OAuth applications:

  • Preview: OneDrive for Okta Preview.

  • Production: OneDrive for Okta Workflows.

Create a connection with an OneDrive admin account

  1. Click New Connection.

  2. Enter a Connection Nickname. This is useful if you plan to create multiple OneDrive connections to share with your team.

  3. Click Create.

  4. Log in to your OneDrive account to authorize the connection.

  5. Select one of the following options:

    1. As an admin you don’t want regular users to create connections. Click Accept and make sure that the Consent on behalf of your organization option is not selected.

    2. As an admin you want regular users also able to create connections. Click Accept and make sure that the Consent on behalf of your organization option is selected. All user accounts in your organization can create connections on their own.

Create a connection with an OneDrive user account

  1. Click New Connection.

  2. Enter a Connection Nickname. This is useful if you plan to create multiple OneDrive connections to share with your team.

  3. Click Create.

  4. Log in to your OneDrive account to authorize the connection.

  5. Select one of the following options:

    1. Can accept the permissions requested directly.By selecting this option, the admin allows regular user consent for this Okta app.

    2. Need admin approval. Contact your admin to grant you access to the application. See Consent for all apps or Grant tenant-wide admin consent

    3. Need to submit an approval request. Enter justification for requesting this app in the space provided. See Enable the admin consent workflow.

  6. Click Accept.

Admin app approval

Admins can grant Okta app access to regular user accounts. If an admin forgot to select the Consent on behalf of your organization option and then clicks Accept when configuring a connection, the authorization page might not display using the same admin account. This occurs because the connection was authorized by the Okta app and is remembered by the system.

The following information provides additional ways for an admin to grant Okta app access to regular user accounts.

Consent for all apps

Allow user consent for all apps, or for apps from verified publishers, for selected permissions. Configure permissions as Global Admin only. See Configure how users consent to applications.

  1. In the Azure Portal, select Azure Active Directory > Enterprise applications > Consent and permissions > User consent settings.

  2. Select one of the following permissions options:

    • Allow user consent for apps. This is a less secure option.

    • Allow user consent for apps from verified publishers. This is a secure option. Configure the permissions as low impact. See Guidance for OneDrive connector.

  3. From Enterprise applications go to the Admin consent requests page and review and grant access.

Grant tenant-wide admin consent

You can grant tenant-wide admin consent for an Okta app only if the Okta app is authorized by your admin account, or any other admin accounts. See Grant tenant-wide admin consent to an application.

  1. In your Azure Portal, go to Azure Active Directory > Enterprise applications.

  2. Select one of the following Okta apps:

    • OneDrive for Okta Preview

    • OneDrive for Okta Workflows.

  3. Select Permissions > Grant admin consent.

    All regular user accounts in your organization have been granted consent to the Okta app.

Enable the admin consent workflow

Enable regular users to request access to applications that require admin consent. Users won't be able to directly create connections until the request is approved by the admin. Configure permissions as Global Admin only. See Configure the admin consent workflow.

  1. In your Azure Portal, select Azure Active Directory > Enterprise applications.

  2. Under Manage, select User settings.

  3. Under Admin consent requests > Users can request admin consent to apps they are unable to consent to, select Yes. See Configure the admin consent workflow.

  4. From Enterprise applications go to the Admin consent requests page and review and grant access.

Prohibit users from creating new connections

Remove admin consent that was granted previously by deleting the Okta app in Enterprise applications and then re-authorize it. Deleting the app revokes the admin consent tenant-wide. Revoking individual user consent is not allowed.

All existing connections stop working after one hour. For previously configured admin connections that you want to keep active, manually re-authorize them and use the consent process to avoid connection failure.

  1. In your Azure Portal, select Azure Active Directory > Enterprise applications.

  2. Select one of the following Okta apps:

    • OneDrive for Okta Preview Workflows

    • OneDrive for Okta Workflows

  3. Select Delete.

Admin consents previously granted are revoked and regular users won’t be able to create new connections until admin consent is granted.

Re-authorize a connection

If you’ve used your account to create a connection successfully, you can use this account to create multiple connections. If you've already created connections you can re-authorize these connections as long as there are no configuration changes made by the admin.

Related topics

OneDrive connector

About the elements of Okta Workflows

Guidance for OneDrive connector

Microsoft Graph API documentation