Guidance for OneDrive connector

Read the following information for guidance and best practices when using the OneDrive connector in your flows.

Authentication

Create a connection using an admin or user OneDrive account. See Authorization.

Re-authorize a connection

If you’ve used your account to create a connection successfully, you should be able to use this account to create as many connections as you want and re-authorize the old connections as long as no configuration is changed by the admin.

Types of accounts

Admins must have the following account permissions:

  • OneDrive admin account
  • OneDrive admin credentials

  • Delegated work or school account

  • Delegated personal Microsoft account.

Permissions

Admins and users must have permission to upload a file.

Admins

By default admins have permission to access all user drives. Group access is determined by the type of group and its access configuration.

Non-admins

  • Non-admins must be granted permission by admins to files or drives that is not their own.

  • Group access is determined by the type of group and its access configuration.

File and folder

  • Admins can access any user and their files.

  • Non-admins can only access files and folders of other users if the file has been shared with them.

  • Authenticated users can access their own drive.

Supported scopes

The following OAuth scopes must be enabled in your OneDrive environment:

  • email

  • openid

  • profile

  • offline_access

  • Files.ReadWrite.All

  • Group.ReadWrite.All

Supported drives

The OneDrive connector doesn't support transferring drive items between different drives.

Action card or event card-specific limitations

Create Organization Sharing Link

By default, you cannot create an anonymous type sharing link for a file or folder in a group. You can only create an anonymous sharing link of file or folder in an organization.

Create Recipients Sharing Link

Create an anonymous or organization sharing link.

  • Anonymous: anyone with the link has access, without needing to sign in. This may include people outside of your organization. Anonymous link support may be disabled by an administrator.

  • Organization: anyone signed into your organization (tenant) can use the link to get access.

When the sharing link doesn't use anonymous settings, it can be sent to others outside the organization. Credentials may be needed to view the shared file or folder if the user is not part of the organization.

By default, you cannot create an anonymous type sharing link for a file or folder in a group. You can only create an anonymous type sharing link of file or folder in an organization.

Delete Permission, List Permissions, Read File or Folder

Users must be part of the group or have direct access to the file to read permissions of a file in that group.

Admins must be a member of the group.

Download File

To obtain User ID, Group ID, Drive ID or User ID information in the flow, use another Workflows Office 365 Mail connector card such as Read User or Search User.

Admins can download files in another user's drive.

Users must be part of the group from which they are downloading a file.

Move File or Folder

Users who want to rename the file or folder that is being moved, specify the Name input field with the file extension if moving a file. Leave the Name input field empty if you are not renaming the file or folder.

Items cannot be moved between drives, users or groups using this request. For example, if the source file or folder in Drive A is moved to a destination folder in Drive B, then the Source file or folder is added to the root directory of Drive A, not the intended folder in Drive B.

By default, users cannot move a file or folder from a drive, users or group that belongs to another user.

Search Files or Folders

Users must be part of the group or have direct access to the file to read permissions of a file in that group.

Upload File

If the naming of the uploaded file conflicts with an existing file, the existing file will be replaced by the upload file.

When uploading a file from a group, the user must be part of the group.

Admins can upload files that are in another OneDrive drive or group. In addition, admins can upload files for another user. Files created by the admin are shown as created by the admin.

Related topics

Office 365 Admin connector

About the elements of Okta Workflows

Guidance for Office 365 Admin connector

Office 365 Admin Management API overview