| At line 1 added one line |
| \\ |
| At line 3 changed one line |
| __Version 10 feature.__\\ |
| __Microsoft Graph REST API__ based integration. ([Working with files in Microsoft Graph Link|https://learn.microsoft.com/en-us/graph/api/resources/onedrive?view=graph-rest-1.0])\\ |
| CrushFTP supports both __OneDrive Personal__ (Designed for individual users to store personal files, photos, and documents.) and __OneDrive for Business__ ([Microsoft OneDrive service description Link|https://learn.microsoft.com/en-us/office365/servicedescriptions/onedrive-for-business-service-description]) account types.\\ |
| At line 5 changed one line |
| __Constraint__: Upload file max size limit: __10 MB__\\ |
| ---- |
| __⚠️ Proxy Configuration:__ If your server accesses the internet through a proxy, make sure to whitelist the following domains to allow authentication and Microsoft Graph API access:\\ |
| • __login.microsoftonline.com__\\ |
| • __graph.microsoft.com__\\ |
| ---- |
| At line 7 changed one line |
| It is Microsoft Graph REST API based integration.\\ |
| Start at the __Microsoft Azure Portal__: [Link|https://azure.microsoft.com/en-us/features/azure-portal/]\\ |
| __Application registration:__ Navigate to App registrations in the Azure Portal. Click on __New registration__ to create a new application.\\ |
| At line 9 changed 2 lines |
| You will start at the Microsoft azure portal:\\ |
| [https://azure.microsoft.com/en-us/features/azure-portal/]\\ |
| [SharePoint Integration/new_registration.png]\\ |
| At line 12 changed one line |
| __Application registration: __Go to the App registrations and click on New Registration:\\ |
| In the Redirect URI section, for Platform configuration, select __Web__. The Redirect URL must end with __register_microsoft_graph_api/__\\ |
| {{{ |
|
| http://localhost:9090/register_microsoft_graph_api/ |
| or |
| https://your.crushftp.domain.com/register_microsoft_graph_api/ |
|
| }}}\\ |
| At line 14 changed one line |
| [attachments|new_registration.png]\\ |
| __Secret key__: A new client secret must be created. Go to __Certificates & secrets__, and generate a new client secret by clicking on __New client secret__. ⚠️ Ensure you copy over the __value__ immediately!\\ |
| At line 16 changed one line |
| Name it. Select the Multitenant and personal Microsoft accounts type. The redirect url must ends with :custom_callback_onedrive/. The click on register.\\ |
| [SharePoint Integration/new_secret.png]\\ |
| At line 18 changed one line |
| [attachments|register_app.png] |
| [SharePoint Integration/secret_value.png]\\ |
| At line 20 changed one line |
| __API permission :__ You also need to provide permission for the Microsoft Graph. Go to the Api permission. Click on Add permission, select Microsoft Graph. Choose Delegated permission and add the "Files.ReadWrite.All" permission:\\ |
| !1. OneDrive Business Type\\ |
| At line 22 changed one line |
| [attachments|permission_microsoft_graph.png]\\ |
| About __Microsoft Graph Permission__ see more details at [Link|https://learn.microsoft.com/en-us/graph/permissions-overview?tabs=http]\\ |
| \\ |
| __Permission: Files.ReadWrite.All (Application permission):__ Read and write files in all site collections. This permission allows the application to access and manage files across your entire organization’s OneDrive and SharePoint—even without a user being signed in. It’s used for background services or automated tasks (like syncing or backups) that need to run without user interaction.\\ |
| ⚠️ Because this permission grants broad access to all users’ files, it requires admin consent.\\ |
| \\ |
| [attachments|ms_graph_app_permission.png]\\ |
| \\ |
| __⚠️ Grant __Admin consent__ for the newly added permission.\\ |
| \\ |
| [SharePoint Integration/app_permission_admin_consent.png]\\ |
| \\ |
| __Client Id : __ You can find it at Azure portal -> App Registration -> Overview: Application (client) ID)\\ |
| \\ |
| [attachments|client_id.png]\\ |
| \\ |
| __OneDrive Business Type remote connection settings:__\\ |
| \\ |
| __Username:__ It must start with __app_permission__, followed by the __Client ID__:Azure portal -> App Registration -> Overview: Application (client) ID), separated by a tilde (~). |
| {{{ |
| app_permission~<<Client ID>> |
| }}}\\ |
| __Password:__ Client Secret. (See at App Registration -> Manage -> Certificates & secrets)\\ |
| __Tennant:__ Tenant Id. (See at App Registration -> Overview -> Directory (tenant) ID)\\ |
| __User id or User principal name:__ Provide the user's ID or the user principal name (UPN).\\ |
| \\ |
| [attachments|remote_item_app_permission.png]\\ |
| \\ |
| !2. Ondrive Personal Type\\ |
| \\ |
| __⚠️ Constraint:__ The __Microsoft Graph REST API__ does not support direct __stream uploads__. To integrate with CrushFTP, files are temporarily saved as local files in the __onedrive/__ folder within the CrushFTP installation directory during the upload process.\\ |
| \\ |
| __Permission: Files.ReadWrite.All (Delegated)__ : Have full access to all files user can access. This permission allows the application to view, edit, upload, and delete any files that you (the signed-in user) have access to in OneDrive or SharePoint.\\ |
| The application acts on your behalf, using your permissions—so it can only access the files you can normally access. ⚠️ It does not give the app access to files you don’t have access to.\\ |
| \\ |
| [attachments|ms_graph_delegated.png]\\ |
| \\ |
| At line 29 changed one line |
| __Secret key :__ A new client secret needs to be created as well. Go to the "Certificate & secrets" and generate a new secret key. Click on New client secret:\\ |
| __OneDrive Personal Type remote connection settings:__\\ |
| At line 31 changed one line |
| [attachments|new_secret.png]\\ |
| __⚠️ Important__: To obtain the __Refresh Token__, the CrushFTP WebInterface’s host and port must match the __Redirect URL__ specified in the __Azure App Registration__. In our example, it was: http://localhost:9090 or https://your.crushftp.domain.com/\\ |
| At line 33 changed 2 lines |
| __OneDrive remote item settings:__\\ |
| Select OneDrive item type click on "Get Refresh Token" button. Provide the Client ID and Client Secret, and Tenant (in almost all case it is just :common) : \\ |
| Select the __OneDrive__ item type and click the __Get Refresh Token__ button. Provide the __Client ID__(See at App Registration -> Overview -> Application (client) ID), __Client Secret__(See at App Registration -> Manage -> Certificates & secrets), and __Tenant__: __consumers__ or __common__.\\ |
| At line 36 changed one line |
| [attachments|remote_item_settings.png] |
| [attachments|remote_item_settings.png]\\ |
| At line 85 added 6 lines |
| Click the __OK__ button, sign in with your Azure credentials, and grant CrushFTP access to your __OneDrive__ files.\\ |
| __⚠️ Important__: Be sure to sign in with the __Microsoft Account__ that has the __necessary permissions__, as configured in the Azure App Registration mentioned above. |
| After authorization, the form will close, and the username and password fields will be automatically filled. You’re done!\\ |
| \\ |
| [attachments|remote_item_done.png]\\ |
| \\ |
