Search

How to Create a OneDriveConnector Multitenant Web Connection for FME Form

Safe Software Support Team Member
Safe Software Support Team Member
  • Updated

FME Version

Introduction

This article will walk through configuring a OneDriveConnector web connection in FME Form using a multitenant Azure app registration with delegated Graph API permissions. Delegated permissions applied to the Azure app registration require a user to authenticate the FME web connection with valid Microsoft credentials. This article is for Multitenant; for single tenant, please see How to Create a OneDriveConnector Single Tenant Web Connection for FME Form

Please note that Microsoft Azure Portal is subject to change at any time; the instructions and screenshots provided in this article may be slightly different from what other users see in their Azure Portal menus, but the concepts for configuring the Azure app registration described herein remain the same.

 

Requirements

Access to Microsoft Azure Portal with permissions required to create and manage an Azure app registration.

 

Step-by-step Instructions

Part 1: Create the Azure App Registration

Before creating a OneDriveConnector web connection in FME Form, you must create an app registration in Microsoft Azure Portal.

 

1. Create a New App Registration in Azure Portal

Login to Microsoft Azure Portal and access the App registrations view.

App Registration

Add a new registration.

New App Registration

 

Choose the option "Accounts in any organizational directory (Any Azure AD directory - Multitenant)’’. Leave the Redirect URI options blank, and click Register.

 

2. Obtain the Client ID value

On the new app registration's Overview page, take note of the displayed Application (client) ID value. This value will be used to configure the new FME web service in a later step.

You can confirm your app registration is multitenant by checking on the value of 'Supported account types'. Multitenant app registrations will display a value of 'Multiple organizations' for this setting.

 

3. Add the 'Moblie and Desktop application' Platform, with Custom Redirect URI

Click the Authentication option along the left-side menu, and then select 'Add a platform'. Choose the 'Mobile and Desktop applications' platform. 

 

 

Ensure you see the following redirect URI included in the displayed list of URLs:

https://login.microsoftonline.com/common/oauth2/nativeclient

If you do not see the above URL included, please add it as a Custom redirect URI. Then, click Configure at the bottom left. 

 

You should now see the Mobile and desktop applications platform enabled for your multitenant Azure app registration.

 

4. Add Delegated Graph API Permissions

Select the API Permissions option along the left-side menu, and then select 'Add a permission'.

Add API Permission

 

Choose Microsoft Graph from the Request API Permissions pane that opens at right.

Graph API Permissions

 

Click Delegated permissions, then search for and check off the Files.ReadWrite.All permission. Click Add Permissions.

 

ApplyAPIPermissions.jpg

 

Once added, you should see the delegated Microsoft Graph API Files.ReadWrite.All permission appear in the list of Configured permissions, as shown in the API Permissions view of your Azure app registration. Now your multitenant Azure app registration is complete.

APIPermissionsOverview.jpg

 

If you have the ability to do so, select 'Grant admin consent for <Tenancy Name>', just above the table of API permissions as shown in the API Permissions view of your Azure app registration. Granting admin consent to your Azure app registration from Azure Portal will remove the need to do so in FME Workbench.

 

Part 2: Configure the Web Service and Web Connection in FME Form

A OneDriveConnector web service must be configured before its web connection can be created. Please follow these steps to configure the required web service.

 

1. Access the Manage Web Services Menu in FME Workbench

In FME Workbench, navigate to Tools > Options > Web Connections > Manage Services

 

2. Create a New Web Service

From the Manage Web Services dialog that opens, select the plus (+) button below the list of web services at left, and then choose Create From > Microsoft OneDrive (Graph).

CreateFrom.jpg

 

Do not choose the Microsoft OneDrive web service option, sitting just above the Microsoft OneDrive (Graph) web service option. This secondary web service template is a legacy option, and will not function correctly with the current version of the OneDriveConnector.

3. Configure the New Web Service

Make sure you have the Application (client) ID value, obtained from Part 1 - Step 2 above, on hand. In the web service definition that appears in the right-side pane of the Manage Web Services dialog, please make the following adjustments:

  • Web Service Name: give the web service a unique name. It is recommended that the web service's name reflect it's purpose and tenancy (eg. OneDriveConnector - Multitenant service)
  • Client ID: enter your app registration's Application (client) ID value.
  • Client Secret: leave this blank, and ensure Optional / Not Required is checked at right
  • Redirect URI: leave this value as https://login.microsoftonline.com/common/oauth2/nativeclient
  • Authentication URL: verify that the following parameter is present in the URL 
    • ...&scope=offline access files.readwrite.all...

Click Apply at bottom right of the new web service definition to save it's configuration.

WebServiceConfig.jpg

If you have already granted admin consent to the Azure app registration in Azure Portal, or your Azure Admin has granted consent to the app registration, you can change the &prompt portion of the web service's Authorization URL to &prompt=select_account  or  &prompt=login  to avoid being prompted to grant consent in FME.

4. Test the New Web Service

Scroll down to the bottom of the new web service definition, and select Test (just above Apply). You will be prompted to enter your Microsoft user credentials in a pop-up browser window. If Microsoft prompts you to grant admin consent, select Accept.

If this web service test is successful, the following dialog will appear:

TestSucceeded.jpg

Once the web service is testing successfully, you can create a OneDriveConnector web connection. Close the Manage Web Services dialog to return to the Web Connections menu of FME Options.

The Microsoft user account used for authenticating the web service must have access to the target OneDrive resources you wish to work with in FME. If your Microsoft user account does not provide access to the target OneDrive resources, FME will not be able to access the resources.

5. Create the Web Connection

From the Web Connections menu, click the plus (+) button below the Connections table and choose to Add a new web connection.

 

Choose the web service that you just created and tested above, and give the web connection a unique name. Click OK in the Edit Web Connection dialog. You will be prompted again to authenticate with Microsoft. 

CreateConnection.jpg

 

After successfully authenticating, the new web connection will appear in the Connections table of the Web Connections menu. The new web connection is now ready for use in your FME Form integrations with Microsoft OneDrive.

NewConnectionInConnectionsTable.jpg

 

Related Resources

How to Create a OneDriveConnector Single Tenant Web Connection in FME Form

How to Create a OneDriveConnector Web Connection in FME Flow

 

Was this article helpful?

Comments

0 comments

Please sign in to leave a comment.