Application Configuration in Azure Portal for OAuth2 Account to use in OneDrive
In this Article
- 1 Overview
- 1.1 Prerequisites
- 1.2 Key Steps in the Workflow
- 1.3 Troubleshooting
- 1.4 FAQs
- 1.4.1 Related Content
Overview
Snaps in the Microsoft OneDrive Snap Pack require a Dynamic, User, or Application account to access the resources in Azure. For the accounts to authorize successfully, ensure to create and configure an application corresponding to the account as displayed in the workflow.
You must complete steps one to three in the Azure Portal and the remaining steps in the Snap account (SnapLogic®Platform).
Prerequisites
An Azure account with a free subscription to create the application.
Key Steps in the Workflow
Create an Application in the Azure Portal
Log in to the Microsoft Azure Portal.
Navigate to Azure services > Microsoft Entra ID.
Navigate to Add > App registration.
On the Register an application page, specify the name for registering the application and click Register. Learn more about creating an application at Quickstart: Register an app in the Microsoft identity platform - Microsoft identity platform.
To use an existing application, navigate to Portal Home > Azure Active Directory > App registrations > All applications. In the search box, specify the application name you want to use. The details of the registered application are displayed in the search list.
Define Permissions
The OneDrive Online Snap Pack supports the following three types of accounts:
The permissions for the registered application are either Delegated or Application permissions based on the account types. Select Delegated permissions for User Accounts and Application permissions for Application Accounts.
On the navigation panel, navigate to Manage, and select API permissions > Add a permission.
On the Request API permissions window, select Microsoft Graph > Delegated permissions for the User account and Application permissions for the OAuth2 Application Account.
Select the permissions from Files, Users, and Teams. Choose the minimum API permissions listed under Scopes and Permissions required for the Microsoft OneDrive.
Click Add Permissions. View all the permissions added under Configured permissions.
Â
Click Grant admin consent confirmation and select Yes.Â
Â
In the navigation panel, click Overview and select Add a Redirect URI. You will be redirected to the Platform configurations page.
Under Platform configurations, click Add a platform.
The Configure platforms window displays.
Â
Select Web and specify the Redirect URI in the following format:Â
https://<control-plane-name>.snaplogic.com/api/1/rest/admin/oauth2callback/<snap-pack-name>
where the<control-plane-name>
corresponds to the domain part of your SnapLogic URL—elastic (global control plane) or emea (EMEA control plane).
For example:https://emea.snaplogic.com/api/1/rest/admin/oauth2callback/onedrive
https://elastic.snaplogic.com/api/1/rest/admin/oauth2callback/onedrive
click Configure. A popup message displays indicating that the application is successfully updated.
7. On the Platform configurations page, click Save. The Redirect URIs are added to the application.
Locate the Application Credentials in the Azure Portal
To authorize your account in SnapLogic, you must have the following application credentials:
Application (Client) ID
Directory (Tenant) ID
Client secret value
On the application page, under Essentials, note the Application (client) ID and Directory (tenant) ID needed for the Snap account
2. In the left navigation panel, select Manage > Certificates & secrets.
3. On the Certificates & secrets page, click + New client secret.
4. In the Add a client secret window, enter the Description, select an option for Expires from the dropdown list, and click Add.Â
The Client secret value and ID are generated. This value and the ID are required to configure the OAuth2 account.
Scopes and Permissions Required for Microsoft OneDrive Snap pack
Application permissions | |||
---|---|---|---|
Permission | Display String | Description | Admin Consent Required? |
Directory.Read.All | Directory.Read.All | Allows the app to read and write data in your organization's directory, such as users, and groups, without a signed-in user. Does not allow user or group deletion. | Yes |
Directory.ReadWrite.All | Directory.ReadWrite.All | Allows the app to read and write data in your organization's directory, such as users, and groups, without a signed-in user. Does not allow user or group deletion. | Yes |
Specify the Credentials And Validate the Snap account
Navigate to the Snap of your choice and configure the OAuth2 account with the details from the Azure portal's registered application. Refer to Microsoft OneDrive Application Account or Microsoft OneDrive User Account for further account configuration.
Click Authorize. The Access and Refresh tokens are generated. You will be redirected to the sign-in page of the Azure Portal.
Sign in to Azure Portal with valid credentials to redirect to the Snap Edit account settings dialog. The Access and Refresh tokens are auto-populated but encrypted in the Account settings.
Validate the Snap Account.
Troubleshooting
Common Errors | Reason | Response |
---|---|---|
401 Error | Token is invalid | Provide a valid token and reauthorize the account. |
The redirect URI specified does not match the reply URI configured for the application. | Incorrect redirect URI specified by user. | Add the following redirect_uri: |
URL error when invoking the operation | Ensure the tenant domain name is correct. | Ensure that Directory (tenant) ID noted from the application is in the correct format. Example: 2060aafa-89d9-423d-9514-eac46338ec05 |
FAQs
Â
Related Content
Have feedback? Email documentation@snaplogic.com | Ask a question in the SnapLogic Community
© 2017-2024 SnapLogic, Inc.