Task: Add OneDrive folder access
Prerequisites
Azure environment.
OneDrive for Business.
PowerShell Azure SDK installed on the HelloID Agent
The following permissions are required:
Files.ReadWrite.All
Sites.ReadWrite.All
Microsoft Converged App for Microsoft Graph
Note: It is highly recommended to create this app under the administrator account.
To create this Converged App, Follow the steps at the link below: https://developer.microsoft.com/en-us/graph/docs/concepts/auth_register_app_v2
To configure permissions for Microsoft Graph for this Application, follow the link below:
https://developer.microsoft.com/en-us/graph/docs/concepts/auth_v2_service
Description
This task will grant a OneDrive user access to a OneDrive folder.
Only the roles ‘read’ and ‘write’ are applicable.
This task will only work for folders on a site drive, not for personal.
Variables
Name | Description | Type | Example | Comment |
|---|---|---|---|---|
Application id | The unique id of your Microsoft Converged Application for Microsoft Graph. | String | 341dd034-cc1b-4b7c-8df1-b1068c2a3f94 | The app-id, also be known as the Client-id can be found here: https://apps.dev.microsoft.com/#/appList. |
Tenant name | The tenant name for your OneDrive. This is the same as your SharePoint domain name. | String | {domain}.onmicrosoft.com | In most cases this is {domain}.onmicrosoft.com, it can only differ if you yourself have requested a change for the tenant name. |
Username | The username of the OneDrive user. If ‘Personal or Site’ is set to local the folder will be updated at the user’s personal OneDrive. | String | {username}@{domain} | If‘ Personal or Site’ is set to Site, the OneDrive user is required to have access to that site. To use the administrator account is recommended. |
Password | The password of the OneDrive user. | String | Password123! | |
Site URL | The URL of the site, on which the folder you wish to update is located. This site URL is the URL of a SharePoint site. | String | The site name can differ from the displayed name on the site. To avoid mix-ups, use the URL shown in the address bar. | |
Folder path | The full path of the folder. Do not enter a slash (/) in front, nor at the end. | String | Marketing/Planning | Only one folder can be updated at a time, so when specifying ‘Marketing/Planning’, the folder ‘Marketing’ already has to exist. If this exist, the folder ‘Planning’ under ‘Marketing’ will have the access role update. |
User | The username of the user. Recommended is to use the user’s email address. | String | {username} | When using this task to update a group’s access role, specify the full name of that group. |
Access role | The name of the access role. This can either be ‘read’ or ‘write’. | String | read | Write and read will overwrite each other. A user either has a read or write access role, not both. Please note: the owner role cannot be removed, nor added with this task. |
Send invitation | Specify whether to send an invitation to the user. | Boolean | True | True or false. When true an invitation will be send to the user’s primary email address. When false, no invitation will be send. |
Message | Custom message which will be shown in the invitation. | String | You have now been granted the read rights to the folder Marketing/Planning. |