Microsoft OneDrive
Connect your Microsoft OneDrive to SurfSense
Microsoft OneDrive OAuth Integration Setup Guide
This guide walks you through setting up a Microsoft OneDrive OAuth integration for SurfSense using Azure App Registration.
Microsoft OneDrive and Microsoft Teams share the same Azure App Registration. If you have already created an app for Teams, you can reuse the same Client ID and Client Secret. Just make sure both redirect URIs are added (see Step 3).
Step 1: Access Azure App Registrations
- Navigate to portal.azure.com
- In the search bar, type "app reg"
- Select "App registrations" from the Services results
Step 2: Create New Registration
- On the App registrations page, click "+ New registration"
Step 3: Register the Application
Fill in the application details:
| Field | Value |
|---|---|
| Name | SurfSense |
| Supported account types | Select "Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant) and personal Microsoft accounts" |
| Redirect URI | Platform: Web, URI: http://localhost:8000/api/v1/auth/onedrive/connector/callback |
Click "Register"
After registration, add the Teams redirect URI as well (if you plan to use the Teams connector):
- Go to Authentication in the left sidebar
- Under Platform configurations > Web > Redirect URIs, click Add URI
- Add:
http://localhost:8000/api/v1/auth/teams/connector/callback - Click Save
Step 4: Get Application (Client) ID
After registration, you will be taken to the app's Overview page. Here you will find:
- Copy the Application (client) ID - this is your Client ID
- Note the Directory (tenant) ID if needed
Step 5: Create Client Secret
- In the left sidebar under Manage, click "Certificates & secrets"
- Select the "Client secrets" tab
- Click "+ New client secret"
- Enter a description (e.g.,
SurfSense) and select an expiration period - Click "Add"
- Important: Copy the secret Value immediately. It will not be shown again!
Never share your client secret publicly or include it in code repositories.
Step 6: Configure API Permissions
- In the left sidebar under Manage, click "API permissions"
- Click "+ Add a permission"
- Select "Microsoft Graph"
- Select "Delegated permissions"
- Add the following permissions:
| Permission | Type | Description | Admin Consent |
|---|---|---|---|
Files.Read.All | Delegated | Read all files the user can access | No |
Files.ReadWrite.All | Delegated | Read and write all files the user can access | No |
offline_access | Delegated | Maintain access to data you have given it access to | No |
User.Read | Delegated | Sign in and read user profile | No |
- Click "Add permissions"
All four permissions listed above are required. The connector will not authenticate successfully if any are missing.
Running SurfSense with Microsoft OneDrive Connector
Add the Microsoft OAuth credentials to your .env file (created during Docker installation):
MICROSOFT_CLIENT_ID=your_microsoft_client_id
MICROSOFT_CLIENT_SECRET=your_microsoft_client_secret
ONEDRIVE_REDIRECT_URI=http://localhost:8000/api/v1/auth/onedrive/connector/callbackThe MICROSOFT_CLIENT_ID and MICROSOFT_CLIENT_SECRET are shared between the OneDrive and Teams connectors. You only need to set them once.
Then restart the services:
docker compose up -d