File Director

Home 

OneDrive connector for home map points

Configure Azure Active Directory (Azure AD) and the File Director admin console to use OneDrive accounts as the storage location for user's home map points. File Director can then utilize the 1TB of storage, included free of charge, with each Office 365 for Business license. Once configured, users can update files on map points using File Director and OneDrive clients. All changes are synchronized with the File Director server so the files are up-to-date, regardless of the client used to edit or view them.

You can use multiple application IDs when connecting to the SharePoint Online API, so each node in a cluster can have its own application ID, which improves the efficiency of the connector.

Prerequisites

  • Your perimeter firewall must allow communication to <instancename>-my.sharepoint.com on port 443 and Microsoft supplied URLs detailed in this article.
  • You are an Office 365 administrator.
  • Your public domain is associated with your Azure AD instance.
  • You know your Azure tenant name - typically, this takes the form of: <customer name>.onmicrosoft.com.
  • Password replication is set up on your local AD.
    Note that Federated AD access is not supported - the local username UPN must match the one used to sign into Azure.

  • Each user’s ‘Personal Site’ (within the SharePoint Admin Portal) should correlate with the user’s UPN – note that in SharePoint special characters are replaced with underscores (_).
    Example: Username [email protected] would translate to /personal/john_doe_test_com

  • Users have an Office 365 license assigned to them from the Office 365 Admin Center.
  • Users have OneDrive storage provisioned.

    For further information about how to pre-provision OneDrive for Business for your users, see: https://technet.microsoft.com/en-us/library/dn800987.aspx.

    For further reading about integrating applications with Azure AD, see the Microsoft documentation.

Microsoft have published a list of invalid file names and file types for OneDrive. It is available here.

Step 1 - Create your Azure AD application and grant permission to access OneDrive storage

  1. Login to Azure AD Admin Center as Office 365 Administrator.
  2. In the sidebar menu click All Services > App Registrations.

  3. In the App registrations dashboard, click New registration.

    .

  4. Enter an appropriate name for the application, and accept the default supported account types: Accounts in this organizational directory only.
    Click Register at the bottom of the dialog.

  5. An application ID is generated and displayed.

    You will need to record the application ID as it is required for the next stage in the setup.

    Configure permissions for the appliance

    This determines what the application is allowed to do and what it can access.

1.Click API Permissions > Add a Permission.

2.In the Request API Permissions dialog, click the APIs my organization uses tab.
Enter office 365 into the search box to find Office 365 SharePoint Online.

3.Click Office 365 SharePoint Online > Application Permissions.

4.In the Request API permissions dialog, select the permissions required then click Add Permissions at the bottom of the dialog.
Note, the illustration shows the minimum permissions required to set up the OneDrive connector.

5.Having added the permissions, you need to provide Administrator consent for them.
In the Grant Consent section, click the button Grant admin consent for...
In the confirmation dialog displayed, click Yes.

This action permits access to OneDrive storage for your named application.

6.Confirmation of your consent is displayed:

Step 2 - Configuring File Director- Version 2019.1 SP1 or later

The next step is to go to the File Director console to generate a certificate that can be used to authenticate with OneDrive. Authentication uses public key infrastructure to generate a self-signed certificate in the server and uploads the public key to Azure.

One Drive Registration

1.In the File Director web admin console, select Configuration > Cloud Connectors.

2.If required, click OneDrive to expand the OneDrive dialog.

3.Enter the Tenant Name - this is the custom domain name configured in Azure AD.
Note, to update the tenant name, enter the name required and click Update. This updates the current configuration, retaining other details configured previously.

4.Click Add Application ID to display the Add Application ID dialog.

5. Enter the Application ID for the app - this is the application (client) ID you copied from Azure AD and click OK.

A new App must be created in Azure for each Application ID you want to use.

6.Repeat steps 3 and 4 until all app IDs have been added.

7.Select an Expiry period; 1 or 2 years.

8.Click Generate New Certificate.
The certificate is generated and a thumbprint is displayed.
If you have a number of certificates in use, the thumbprint can be a convenient identifier within the Azure portal and helps to ensure the correct certificate is selected.

9.Click Download Certificate.
The public certificate file is downloaded in PEM format. It will be named fdod4b_cert.pem.

10.In Azure AD, go to click Certificates & secrets in the sidebar menu then click the Upload certificate button.

11.In the Upload certificate dialog, click the folder icon to locate and select the .pem file you created earlier, click Open, then click Add.

12.The thumbprint of the certificate is now listed in your application.

Your cloud connector for OneDrive is complete. You can now create a OneDrive home map point and then assign an access policy for users as required. See Map Point Configuration.

When configured, users access their Home folder, and will save to their OneDrive storage - there is no impact on their File Director user experience.

OneDrive will display files that have been saved to the user's File Director home map point. A folder named _filedirector_ is also created in the root of user's OneDrive storage. This folder stores creation times, modified times, and other metadata.

Related topics


Was this article useful?