Guidance for OneDrive connector

Read the following information for guidance and best practices when using the OneDrive connector in your flows.

Authentication

Create a connection using an admin or user OneDrive account. See Authorization.

Reauthorize a connection

If you’ve used your account to create a connection successfully, you should be able to use this account to create as many connections as you require. You can reauthorize the old connections if the admin hasn't made any configuration changes.

Types of accounts

Admins must have the following account permissions:

  • OneDrive admin account
  • OneDrive admin credentials
  • Delegated work or school account
  • Delegated personal Microsoft account

Permissions

Admins and users must have permissions to upload a file.

Admins

  • When attempting to access a user's drive through any of the OneDrive connector cards, that user's OneDrive must be shared with the Admin. This is true even for a Global Administrator.

  • Any group access is determined by the type of group and its access configuration.

Non-admins

  • Non-admins must be granted permission by admins to access files or drives that they don't own.

  • Any group access is determined by the type of group and its access configuration.

File and folder

  • If a user's OneDrive is shared with an Admin, then that Admin can access any of the user's files.

  • Non-admins can only access the files and folders of other users if the file has been shared with them.

  • Authenticated users can access their own drive.

Supported scopes

The following OAuth scopes must be enabled in your OneDrive environment:

  • email
  • openid
  • profile
  • offline_access
  • Files.ReadWrite.All
  • Group.ReadWrite.All

Supported drives

The OneDrive connector doesn't support transferring drive items between different drives.

Action card or event card-specific limitations

Create Organization Sharing Link

By default, you can't create an anonymous sharing link for a file or folder in a group. You can only create an anonymous sharing link for a file or folder in an organization.

Create Recipients Sharing Link

Create an anonymous or organization sharing link.

  • Anonymous: anyone with the link has access, without needing to sign in. This may include people outside of your organization. Anonymous link support may be disabled by an administrator.
  • Organization: anyone signed into your organization (tenant) can use the link to get access.

When the sharing link doesn't use anonymous settings, it can be sent to others outside the organization. Credentials may be needed to view the shared file or folder if the user isn't part of the organization.

By default, you can't create an anonymous sharing link for a file or folder in a group. You can only create an anonymous sharing link for a file or folder in an organization.

Delete Permission, List Permissions, Read File or Folder

Users must be part of the group or have direct access to the file to read permissions of a file in that group.

Admins must be a member of the group.

Download File

To obtain User ID, Group ID, Drive ID or User ID information in the flow, use another Workflows Office 365 Mail connector card such as Read User or Search User.

Admins can download files in another user's drive.

Users must be part of the group from which they're downloading a file.

Move File or Folder

Users who want to rename the file or folder that is being moved, specify the Name input field with the file extension if moving a file. Leave the Name input field empty if you aren't renaming the file or folder.

Items can't be moved between drives, users, or groups using this request. For example, if the source file or folder in Drive A is moved to a destination folder in Drive B, then the Source file or folder is added to the root directory of Drive A, not the intended folder in Drive B.

By default, users can't move a file or folder from a drive, users or group that belongs to another user.

Search Files or Folders

Users must be part of the group or have direct access to the file to read permissions of a file in that group.

Upload File

If the naming of the uploaded file conflicts with an existing file, the upload file replaces the existing file.

When uploading a file from a group, the user must be part of the group.

Admins can upload files that are in another OneDrive drive or group. In addition, admins can upload files for another user. Files created by the admin are shown as created by the admin.

Related topics

Azure Active Directory connector

Workflow elements

Guidance for Azure Active Directory connector

Azure Active Directory Management API overview