| At line 1 added one line |
| \\ |
| At line 3 changed 4 lines |
| __Microsoft Graph REST API__ based integration. ([Link|https://learn.microsoft.com/en-us/graph/api/resources/onedrive?view=graph-rest-1.0])\\ |
| __!!! Proxy Configuration:__ If your server accesses the internet through a proxy, make sure to whitelist the following domains to allow authentication and Microsoft Graph API access:\\ |
| • login.microsoftonline.com\\ |
| • graph.microsoft.com\\ |
| __Microsoft Graph REST API__ based integration. ([Working with files in Microsoft Graph Link|https://learn.microsoft.com/en-us/graph/api/resources/onedrive?view=graph-rest-1.0])\\ |
| CrushFTP supports both __OneDrive Personal__ (Designed for individual users to store personal files, photos, and documents.) and __OneDrive for Business__ ([Microsoft OneDrive service description Link|https://learn.microsoft.com/en-us/office365/servicedescriptions/onedrive-for-business-service-description]) account types.\\ |
| At line 8 changed one line |
| Start at the __Microsoft Azure Portal__: [Link|https://azure.microsoft.com/en-us/features/azure-portal/]\\ |
| ---- |
| __⚠️ Proxy Configuration:__ If your server accesses the internet through a proxy, make sure to whitelist the following domains to allow authentication and Microsoft Graph API access:\\ |
| • __login.microsoftonline.com__\\ |
| • __graph.microsoft.com__\\ |
| ---- |
| At line 10 changed 2 lines |
| CrushFTP supports both __OneDrive Personal__ (Designed for individual users to store personal files, photos, and documents.) and __OneDrive for Business__ ([Link|https://learn.microsoft.com/en-us/office365/servicedescriptions/onedrive-for-business-service-description]) account types.\\ |
| \\ |
| Start at the __Microsoft Azure Portal__: [Link|https://azure.microsoft.com/en-us/features/azure-portal/]\\ |
| At line 16 changed 2 lines |
| The Redirect URL must end with __"register_microsoft_graph_api/"__.\\ |
| \\ |
| The Redirect URL must end with __register_microsoft_graph_api/__\\ |
| At line 22 added 2 lines |
| or |
| https://your.crushftp.domain.com/register_microsoft_graph_api/ |
| At line 23 removed 6 lines |
| or |
| {{{ |
| |
| https://your.crushftp.domain.com/register_microsoft_graph_api/ |
| |
| }}}\\ |
| At line 30 changed one line |
| __Secret key__: A new client secret must be created. Go to __Certificates & secrets__, and generate a new client secret by clicking on __New client secret__. Ensure you copy over the __value__ immediately!\\ |
| __Secret key__: A new client secret must be created. Go to __Certificates & secrets__, and generate a new client secret by clicking on __New client secret__. ⚠️ Ensure you copy over the __value__ immediately!\\ |
| At line 36 changed one line |
| !!!1. OneDrive Business Type\\ |
| !1. OneDrive Business Type\\ |
| At line 37 added 3 lines |
| __Permission: Files.ReadWrite.All (Application permission):__ Read and write files in all site collections. This permission allows the application to access and manage files across your entire organization’s OneDrive and SharePoint—even without a user being signed in. It’s used for background services or automated tasks (like syncing or backups) that need to run without user interaction.\\ |
| ⚠️ Because this permission grants broad access to all users’ files, it requires admin consent.\\ |
| \\ |
| At line 42 changed one line |
| __!!!__Grant __Admin consent__ for the newly added permission.\\ |
| __⚠️ Grant __Admin consent__ for the newly added permission.\\ |
| At line 50 changed one line |
| __OneDrive remote item settings:__\\ |
| __OneDrive Business Type remote connection settings:__\\ |
| At line 52 changed one line |
| __User name:__ Itt must start with __app_permission__, then the __Client ID__ separated with tilda.\\ |
| __Username:__ It must start with __app_permission__, followed by the __Client ID__:Azure portal -> App Registration -> Overview: Application (client) ID), separated by a tilde (~). |
| At line 56 changed 3 lines |
| __Password:__ Client Secret.\\ |
| __Tennant:__ The tenant id.\\ |
| __User id or User principal name:__ Provide the user's Id or the user's principal name.\\ |
| __Password:__ Client Secret. (See at App Registration -> Manage -> Certificates & secrets)\\ |
| __Tennant:__ Tenant Id. (See at App Registration -> Overview -> Directory (tenant) ID)\\ |
| __User id or User principal name:__ Provide the user's ID or the user principal name (UPN).\\ |
| At line 62 changed one line |
| !!!2 Ondrive Personal Type\\ |
| !2. Ondrive Personal Type\\ |
| At line 64 changed 2 lines |
| __!!!Constraint:__ Microsoft Graph REST API does not support stream upload. In order to integrate with CrushFTP the files are temporarily stored as a local file (CrushFTP install folder/onedrive/) during the upload. It has a 10 MB upload limit.\\ |
| About __Microsoft Graph Permission__ see more details at [https://learn.microsoft.com/en-us/graph/permissions-overview?tabs=http] (it explains Application Permission and Delegated Permission).\\ |
| __⚠️ Constraint:__ The __Microsoft Graph REST API__ does not support direct __stream uploads__. To integrate with CrushFTP, files are temporarily saved as local files in the __onedrive/__ folder within the CrushFTP installation directory during the upload process.\\ |
| At line 66 added 3 lines |
| __Permission: Files.ReadWrite.All (Delegated)__ : Have full access to all files user can access. This permission allows the application to view, edit, upload, and delete any files that you (the signed-in user) have access to in OneDrive or SharePoint.\\ |
| The application acts on your behalf, using your permissions—so it can only access the files you can normally access. ⚠️ It does not give the app access to files you don’t have access to.\\ |
| \\ |
| At line 75 changed one line |
| __OneDrive remote item settings:__\\ |
| __OneDrive Personal Type remote connection settings:__\\ |
| At line 77 changed one line |
| __!!! The CrushFTP admin page URL must match the redirect URL.__ In our example: http://localhost:9090\\ |
| __⚠️ Important__: To obtain the __Refresh Token__, the CrushFTP WebInterface’s host and port must match the __Redirect URL__ specified in the __Azure App Registration__. In our example, it was: http://localhost:9090 or https://your.crushftp.domain.com/\\ |
| At line 79 changed one line |
| Select the OneDrive item type and click on the "Get Refresh Token" button. Provide the Client ID, Client Secret, and Tenant. Tenant: See your App registration -> Overview -> EndPoints. Based on the App Registration Account type it can be an id, common, or consumer.\\ |
| Select the __OneDrive__ item type and click the __Get Refresh Token__ button. Provide the __Client ID__(See at App Registration -> Overview -> Application (client) ID), __Client Secret__(See at App Registration -> Manage -> Certificates & secrets), and __Tenant__(See at App Registration -> Overview -> Directory (tenant) ID).\\ |
| At line 83 changed one line |
| Click on the "OK" button, log in with your Azure credentials, and allow CrushFTP to have access to your OneDrive files. After that the form will disappear and the username and password will be filled. Done.\\ |
| Click the __OK__ button, sign in with your Azure credentials, and grant CrushFTP access to your __OneDrive__ files.\\ |
| __⚠️ Important__: Be sure to sign in with the __Microsoft Account__ that has the __necessary permissions__, as configured in the Azure App Registration mentioned above. |
| After authorization, the form will close, and the username and password fields will be automatically filled. You’re done!\\ |
