SurfSense/surfsense_web/content/docs/connectors/microsoft-onedrive.mdx

---
title: Microsoft OneDrive
description: Connect your Microsoft OneDrive to SurfSense
---

# Microsoft OneDrive OAuth Integration Setup Guide

This guide walks you through setting up a Microsoft OneDrive OAuth integration for SurfSense using Azure App Registration.

<Callout type="info">
  Microsoft OneDrive and [Microsoft Teams](/docs/connectors/microsoft-teams) share the same Azure App Registration. If you have already created an app for Teams, you can reuse the same Client ID and Client Secret. Just make sure both redirect URIs are added (see Step 3).
</Callout>

## Step 1: Access Azure App Registrations

1. Navigate to [portal.azure.com](https://portal.azure.com)
2. In the search bar, type **"app reg"**
3. Select **"App registrations"** from the Services results

## Step 2: Create New Registration

1. On the **App registrations** page, click **"+ New registration"**

## Step 3: Register the Application

Fill in the application details:

| Field | Value |
|-------|-------|
| **Name** | `SurfSense` |
| **Supported account types** | Select **"Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant) and personal Microsoft accounts"** |
| **Redirect URI** | Platform: `Web`, URI: `http://localhost:8000/api/v1/auth/onedrive/connector/callback` |

Click **"Register"**

After registration, add the Teams redirect URI as well (if you plan to use the Teams connector):

1. Go to **Authentication** in the left sidebar
2. Under **Platform configurations** > **Web** > **Redirect URIs**, click **Add URI**
3. Add: `http://localhost:8000/api/v1/auth/teams/connector/callback`
4. Click **Save**

## Step 4: Get Application (Client) ID

After registration, you will be taken to the app's **Overview** page. Here you will find:

1. Copy the **Application (client) ID** - this is your Client ID
2. Note the **Directory (tenant) ID** if needed

## Step 5: Create Client Secret

1. In the left sidebar under **Manage**, click **"Certificates & secrets"**
2. Select the **"Client secrets"** tab
3. Click **"+ New client secret"**
4. Enter a description (e.g., `SurfSense`) and select an expiration period
5. Click **"Add"**
6. **Important**: Copy the secret **Value** immediately. It will not be shown again!

<Callout type="warn">
  Never share your client secret publicly or include it in code repositories.
</Callout>

## Step 6: Configure API Permissions

1. In the left sidebar under **Manage**, click **"API permissions"**
2. Click **"+ Add a permission"**
3. Select **"Microsoft Graph"**
4. Select **"Delegated permissions"**
5. Add the following permissions:

| Permission | Type | Description | Admin Consent |
|------------|------|-------------|---------------|
| `Files.Read.All` | Delegated | Read all files the user can access | No |
| `Files.ReadWrite.All` | Delegated | Read and write all files the user can access | No |
| `offline_access` | Delegated | Maintain access to data you have given it access to | No |
| `User.Read` | Delegated | Sign in and read user profile | No |

6. Click **"Add permissions"**

<Callout type="warn">
  All four permissions listed above are required. The connector will not authenticate successfully if any are missing.
</Callout>

---

## Running SurfSense with Microsoft OneDrive Connector

Add the Microsoft OAuth credentials to your `.env` file (created during [Docker installation](/docs/docker-installation/docker-compose)):

```bash
MICROSOFT_CLIENT_ID=your_microsoft_client_id
MICROSOFT_CLIENT_SECRET=your_microsoft_client_secret
ONEDRIVE_REDIRECT_URI=http://localhost:8000/api/v1/auth/onedrive/connector/callback
```

<Callout type="info">
  The `MICROSOFT_CLIENT_ID` and `MICROSOFT_CLIENT_SECRET` are shared between the OneDrive and Teams connectors. You only need to set them once.
</Callout>

Then restart the services:

```bash
docker compose up -d
```