OneDrive

To allow users to connect their OneDrive accounts and access them while running their applications, you must first configure a OneDrive app registration. This OneDrive app controls the permissions, branding, and routing for the OneDrive SSO.

Setup the OneDrive Application

  1. Follow the Microsoft docs to set up a OneDrive app registration.

  2. Add the following Redirect URLs:

    • https://{Web Service Root}/oauth/onedrive/callback/login

    OneDrive Application Registration Redirect URL

  3. Enable the following Delegated Permissions:

    • Files.ReadWrite.All
    • offline_access

    OneDrive Application Registration Permissions

Configure the Turbo Server

Next, Turbo Server must be configured to use the newly created OneDrive application. Once configured, users may connect their OneDrive account from the portal dashboard Files tab.

  1. Go to the Turbo Server Administration site Integrations > Storage Providers page.
  2. Click on Add.
  3. Select OneDrive as the storage type.
  4. Enter the OneDrive Application Id into the corresponding Client Id field.
  5. Enter the OneDrive Application Secret into the corresponding Secret field.
  6. Save your settings. Setting changes may take a couple minutes to take affect.

Troubleshooting

The following section contains solutions for issues with regards to setting up cloud storage.

Issue:

User sign in results in error message "[The Azure Application] is not configured as a multi-tenant application. Usage of the /common endpoint is not supported for such applications created after ‘[Some date]’. Use a tenant-specific endpoint of configure the application to be multi-tenant."

Solution:

The user is trying to log in with their external OneDrive account which requires a multi-tenant app registration. Ensure that the application registration is multi-tenant and separate from the application used for SSO.

Issue:

When the user is prompted to grant permission they’re warned about the domain being "unverified".

Solution:

This document explains how to resolve the unverified message:

How to: Configure an application's publisher domain

The setting is located in Azure Portal > App registrations > Branding > Publisher Domain

Issue:

User sign in results in error message "AADSTS50011: The reply url specified in the request does not match the reply urls configured for the application: '[Application ID]`."

Solution:

Ensure the correct Redirect URI is set. The setting is located in Azure Portal > App registrations > Authentication > Redirect URIs.

Issue:

User sign in results in error message "Need admin approval".

Solution:

Follow the instructions to grant admin consent for the Turbo OneDrive app registration for the entire tenant.

Alternatively if you would like each user to agree to consent, follow the instructions to configure how end-users consent to applications.

Questions? Talk to us.