Configure Application access mode

Application access mode allows accessing all user drives within the organization without delegations from users. Application permissions removes the need of setting up the application for each user one by one and authorizing access to their account one by one.

The configuration process is similar to that of the Delegation mode, but this access mode does not utilize Token Vault, so the configuration is slightly different.

Perform these steps at the Microsoft Identity Platform (Azure Active Directory) admin center.

  1. Navigate to https://portal.azure.com.

    Your organization may use a national cloud because of data residency or compliance requirements. In this case, navigate to the corresponding national cloud Azure AD portal endpoint instead.

  2. Log in with an existing Microsoft 365 account.
  3. Select Azure Active Directory in the left navigation pane
  4. Select App registrations.
    The App registrations page opens.
  5. Click the New registration button to register a new application.
    The Register an application page opens.
  6. Fill out the registration information of application:
    1. Specify a Name for the application. The authorization process will show this name when asking end users to grant permissions for the application to access their cloud resources, so it is advised to pick a meaningful name.
    2. Choose an account type under Supported account types.
  7. Click Register.
    The new application is created with the specified name and a generated Application (client) ID but the application does not have any certificate or secret yet.
  8. Copy the Application (client) ID for later use.

    This is required for the configuration of the component.

  9. Select Certificates & secrets in the menu on the left.
  10. Click the New client secret button in the panel on the right to generate a new client secret for the application.
  11. Specify a Description and select an appropriate expiry option.

    If the client secret expires, it must be renewed or replaced by the tenant administrator. This also requires changing the component configuration through the AutoStore Process Designer.

  12. Click the Add button.
  13. Copy the newly generated client secret value for later use.

    This is another required application property for registering and configuring a OneDrive component.

    You can ONLY copy the client secret at this point in the workflow. After you leave this page you are not able to retrieve it. If you leave this page without copying the client secret, you must repeat the corresponding steps above and create a new one.