Console
    Start free

    Microsoft OneDrive configuration

    This page describes how to set up and configure a third-party configuration before creating the OneDrive data store.

    Set up authentication and permissions

    You must set up authentication and permissions in Microsoft 365. This is crucial for allowing the connector to access and synchronize data. The OneDrive connector supports various authentication methods, such as OAuth client credentials or API tokens.

    Register Microsoft Entra app for Microsoft OneDrive connector

    You must set up an Entra application registration to enable secure access to Microsoft OneDrive before you can create the connector in Gemini Enterprise.

    To register Gemini Enterprise as an OAuth 2.0 application in Entra, do the following:

    1. Navigate to Microsoft Entra admin center .
    2. In the navigation menu, expand the Entra IDand select App registrations.
    3. On the App registrationspage, click New registration.

    4. On the Register an applicationpage, do the following:

      1. In the Namefield, enter a name for your app.
      2. In the Supported account typessection, select Accounts in this organizational directory only.
      3. In the Redirect URIsection, do the following:
        1. In the platform list, select Web .
        2. In the redirect URI field, enter https://vertexaisearch.cloud.google.com/console/oauth/default_oauth.html .
      4. Click Register. Microsoft Entra creates your app and displays the overview page of your app.

    5. In the app navigation menu, click Authentication.

    6. Click Add redirect URI.

    7. In the platform selection pane, do the following:

      1. Select Web.
      2. In the Redirect URIfield, enter https://vertexaisearch.cloud.google.com/oauth-redirect .
      3. Click Configure.

    Add federated credential for data ingestion

    If you are using Data ingestionas the connection mode and Federated credentialsas authentication method, then do the following:

    1. In the app navigation menu, click Certificates & secrets.
    2. Select the Federated credentialstab.
    3. Click Add credential.
    4. Select Other issuerfrom the Federated credential scenariolist.
    5. In the Issuerfield, enter https://accounts.google.com .
    6. In the Subject identifierfield, enter the value that you get from the Google Cloud console. This value is generated during the Microsoft OneDrive data store creation in the data section.
    7. In the Namefield, enter a unique label for the federated credential.
    8. Click Addto grant access.

    Create an OAuth 2.0 configuration

    To create a connection using the OAuth 2.0 authentication method, you need to obtain a client ID, client secret, and your Tenant ID from your Microsoft Entra application registration page.

    Obtain client ID and client secret

    1. To obtain the client ID, do the following:

      1. In the app navigation menu, select Overview.
      2. Copy the Application (client) ID.

    2. To obtain the client secret for the app, do the following:

      1. In the app navigation menu, select Certificates & secrets.
      2. Click New client secret.
      3. In the client secret pane, do the following:
        1. In the Descriptionfield, enter a description for the secret.
        2. In the Expireslist, select an expiry duration.
        3. Click Add.
      4. Copy the client secret from the Valuecolumn.

    Obtain Tenant ID

    Your tenant ID can be found in the Tenant IDbox on the overview page in the Microsoft Entra admin center.

    Configure Microsoft API permissions

    To configure the required API permissions for the app, do the following:

    1. Navigate to the app page.

    2. In the app navigation menu, select API permissions.

    3. Click Add permissions.

    4. In the Request API permissionspane, select Microsoft Graph.

    5. Search for and select the following permissions based on your connection mode:

    Connection mode
    Type
    Scope
    Purpose
    Federated search
    Delegated
    Files.Read.All
    Allows the data store to read all files that the user can access.
    Delegated
    Sites.Read.All
    Allows the data store to read documents and list items in all site collections that the user can access.
    Delegated
    User.Read.All
    Allows the data store to resolve user drive locations for content discovery.
    Data ingestion
    Application
    Files.Read.All
    Allows the data store to read and synchronize files across the organization without a signed-in user.
    Application
    Group.Read.All
    Allows the data store to read properties and memberships of all groups.
    Application
    GroupMember.Read.All
    Allows the data store to read memberships for all groups to manage access control (ACL) syncing.
    Delegated
    User.Read
    Allows the data store to read the profile and basic company information of signed-in users.
    Application
    Sites.FullControl.All
    Allows full control of all site collections.
    Application
    Sites.Selected
    Allows access to a specific subset of site collections.
    Federated credentials only
    User.Read.All
    Allows the data store to read user profiles.
    Delegated
    User.ReadBasic.All
    Allows reading a basic set of profile properties for users in the organization.
    Actions
    Delegated
    Files.ReadWrite.AppFolder
    Allows the data store to read, create, update and delete files in the Microsoft OneDrive folder.
    Delegated
    Files.ReadWrite
    Allows the data store to read, download, create, upload, update, and delete the files that the user can access.
    1. Click Add Permissions .
    Design a Mobile Site
    View Site in Mobile | Classic
    Share by: