Microsoft OneDrive
Connecting
Microsoft Graph, OneDrive, and SharePoint support using a standard OAuth2 authorization flow.
The OneDrive connection profile is bundled by default and connects to the endpoint https://graph.microsoft.com/v1.0/me. Login with your personal or business account to login.microsoftonline.com when prompted to grant access to Cyberduck.
- OneDrive uses OAuth 2 for authentication with
graph.microsoft.com. When opening a connection, a web browser window is opened to grant access to OneDrive for Cyberduck.
- The authorization code will be submitted to Cyberduck automatically. Subsequent connections will not require authorization, unless the refresh token itself is expired due to inactivity.
Tip - You can connect to multiple accounts at the same time. Create a new bookmark for every account and run through the OAuth flow. Make sure to log out of any account in web browser before triggering the OAuth flow for a new account.
Reset OAuth Tokens
If you have accidentally logged in with the wrong OneDrive Account or want to change the login of the OneDrive bookmark delete the current bookmark and create a new one to start a new authentication flow.
Alternatively, you can reset the OAuth token by deleting the entries related to duck:onedrive?user=(user) out of the Windows Credential Manager .
Expiry
All authentication codes expire after 90 days. If you get the error message Forbidden. The caller doesn't have permission to perform the action. [...] due to this known issue you need to reauthenticate by performing an OAuth Reset.
Available Connection Profiles
| Allows access to | Remarks | Bundled by default | |
|---|---|---|---|
| Microsoft OneDrive | Your Drive and shared files | Works with your Personal and Business OneDrive | Yes |
| Microsoft SharePoint | All sites document libraries and accessible group document libraries | Yes | |
| Microsoft SharePoint Site | A single SharePoint Site which isn't listed within the Microsoft SharePoint profile | Can't mount specific directories | Yes |
Administrator Consent Required
Depending on the setup of your AAD you may need to perform several steps in order for you to be able to access your OneDrive. Please get in contact with your domain administrator for following steps.
Manually Adding Glasswall Meteor Connect
Copy the link that corresponds to your used version, and send it to your domain administrator, this will add Glasswall Meteor Connect to the domain and all users are allowed to access the software in the future.
Automatically Allow Users to add Apps to the Domain
If applicable and trusted you may set Users can consent to apps accessing company data on their behalf to Yes at the AAD Portal. This will allow users in the future to add apps without Admin-consent.
Admin Consent Requests (Preview)
There is a preview method of review application consent through the AAD Portal. Please enable Users can request admin consent to apps they are unable to consent to to Yes in the Enterprise applications - User settings. The domain administrator may now review all consents centrally at Admin consent requests (Preview).
Top Level folder
It is not possible to create a top level folder in Glasswall Meteor Connect. Instead, the following virtual top level folders are displayed which cannot be moved or renamed:
| Folder Name | Contents |
|---|---|
| My Files | Personal files |
| Shared | Shared folders |