Loading ...

SharePoint and OneDrive Sync Administrator Setup | Axero Documentation

Home » axero documentation » Wiki » Documentation » Third-Party Integrations » SharePoint and OneDrive Sync Administrator Setup
Axero Documentation  Wiki
Public Space
Activity Stream Content
Version 26

SharePoint and OneDrive Sync Administrator Setup

 /5
0 (0votes)

Applies to: Cloud & Self-Hosted

Audience: Site Administrators

Time: Approximately 1 hour

Introduction

This guide explains how to configure the Microsoft SharePoint and Microsoft OneDrive integration with Axero. This integration enables two-way file synchronization between your Axero platform and Microsoft 365, allowing users to access, upload, and manage files across both platforms.

The setup takes approximately 1 hour and requires a system administrator with the appropriate Microsoft Entra ID permissions. After setup, users can connect their SharePoint and OneDrive accounts from within the Axero platform.

For end-user setup instructions, see SharePoint and OneDrive Sync User Setup.

Overview

Prerequisites

Before you start, ensure you have:

  • Cloud Application Administrator, Application Administrator, or Global Administrator role in Microsoft Entra ID
  • Site Administrator access to your Axero platform
  • Access to your organization's Microsoft 365 tenant

Step 1: Configure Entra App Registration

1.1 Create the App Registration

  1. Sign in to the Microsoft Entra admin center using an account with Cloud Application Administrator, Application Administrator, or Global Administrator permissions.
  2. Navigate to Entra ID > App registrations.
  3. Select New registration.
  4. Enter a descriptive name for your application (e.g., "Axero SharePoint Integration").
  5. Under Supported account types, select Single tenant only.

Caution: Use a separate Entra app registration for SharePoint and OneDrive. Do not reuse the same app registration used for Office 365 email or Outlook Calendar Sync. Axero's token cache is scoped by connected account. When email and SharePoint share the same connected account, saving email settings or forced reauthentication (e.g., password expiration) refreshes the cached token and invalidates the token SharePoint uses, disconnecting external drives.

  1. Under Redirect URI, select Web as the platform and enter your Axero site URL followed by /oauth2/sharepoint/callback

    Example: https://your-site.com/oauth2/sharepoint/callback

    Important: The Redirect URI must use HTTPS and match your Axero URL exactly, including path and casing. Do not include a trailing slash or trailing spaces.

  2. Select Register to create the application.
  3. On the app's Overview page, copy and securely store the Application (client) ID and Directory (tenant) ID for later use.

1.2 Configure Authentication Credentials

  1. In the left navigation, select Certificates & secrets.
  2. Under Client secrets, select New client secret.
  3. Enter a meaningful Description (e.g., "Axero Integration Secret").
  4. Under Expires, select an expiration period. Microsoft recommends 6 months for security; 12 months is also commonly used to reduce renewal frequency.
  5. Select Add.
  6. Immediately copy the client secret Value (not the Secret ID). This value is only displayed once and cannot be retrieved later.

Important: Store the client secret securely and treat it as a sensitive credential. This secret provides access to your organization's SharePoint and OneDrive data. Record the expiration date in your team calendar and set a reminder to rotate the secret at least two weeks before it expires.

1.3 Configure API Permissions

  1. In the left navigation, select API permissions.
  2. Select Add a permission.
  3. Select Microsoft Graph.
  4. Select Delegated permissions and add the following:
    • Files.ReadWrite.All - Read, create, update, and delete files the signed-in user can access in SharePoint and OneDrive
    • offline_access - Maintain access when users are not actively signed in, enabling automatic background synchronization
    • openid - Authenticate users and return an ID token through Microsoft's identity platform
    • profile - Read basic profile information to associate Microsoft accounts with Axero platform users
    • Sites.Read.All - Read SharePoint site properties and document libraries the signed-in user can access
    • User.Read - Read the signed-in user's profile to verify identity for secure account linking
  5. Select Add permissions.
  6. Select Add a permission again.
  7. Select Microsoft Graph.
  8. Select Application permissions and add:
    • Files.Read.All - Read files from all SharePoint sites and OneDrive accounts without a signed-in user, required for background synchronization tasks
  9. Select Add permissions.
  10. Select Grant admin consent for [Your Organization] (where [Your Organization] is your Microsoft 365 tenant name) to pre-approve these permissions for all users. This prevents individual users from being prompted to grant consent themselves.
  11. In the confirmation dialog, select Yes. Verify that all permissions show a green checkmark under the Status column, confirming consent was granted successfully.

Checkpoint: Before continuing, confirm you have all three values from your Entra app registration: the Application (client) ID, the Directory (tenant) ID, and the client secret value. All API permissions should show green checkmarks under the Status column. If any permission shows "Not granted," revisit step 1.3 and select Grant admin consent.

Step 2: Configure Axero Integration

  1. In your Axero platform, navigate to Control Panel > System > Integrations.
  2. Locate the Office 365 section and select Connect.
  3. Enter the following information from your Entra ID app registration:
    • Tenant ID: The Directory (tenant) ID copied earlier
    • App Client ID: The Application (client) ID copied earlier
    • App Client Secret: The client secret value copied earlier
  4. Select where users can access the SharePoint and OneDrive integration. You may enable multiple options:
    • Available in top-level communities: Users can access external drives by navigating to Browse > Files
    • Available in spaces: Space administrators can add SharePoint or OneDrive drives from within any space they manage
    • Available in Personal Connect: Individual users can connect their own SharePoint or OneDrive accounts through My Content > My Files
  5. Select Save Settings to complete the integration configuration.

Important: If your organization also uses the Office 365 email integration, use a dedicated service mailbox (e.g., notifications@yourcompany.com) with a permanent password. Exclude this account from password expiration and forced reset policies. When the email account's password expires, the next reauthentication refreshes the shared token cache and can disconnect SharePoint drives.

Checkpoint: Before continuing, verify the Office 365 integration shows a connected status under Control Panel > System > Integrations. If the status does not show as connected, revisit the Tenant ID, Client ID, and Client Secret values entered above.

Step 3: Configure External Drive Connections

Option 1: Platform-Wide or Space-Specific Access

  1. Navigate to Control Panel > System > External Drives (platform-wide) or Manage Space > External Drives (space-specific).
  2. Select Add External Drives.
  3. Select either SharePoint or OneDrive depending on your integration needs.
  4. Enter a Display Name that users will see when accessing the external drive (e.g., "Company SharePoint" or "Team OneDrive").
  5. Under Connected Account, select the Office 365 integration you configured in Step 2.
  6. Select Connect to initiate the authentication process.
  7. A new browser tab will open for Microsoft authentication:
    • Sign in with an account that has access to the target SharePoint site or OneDrive. The drive connection inherits the permissions and access scope of the authenticating account, so only content this account can access will be available through the connection.
    • For shared drives, use a service account or a shared mailbox rather than an individual's account. If the authenticating user's access is revoked (e.g., they leave the organization), the drive connection will stop working.
    • Review the requested permissions and select Accept.
    • You will be automatically redirected back to Axero.

Complete the section below that matches the drive type you selected when adding the external drive:

For SharePoint Sites

  1. Configure your SharePoint site connection:
    • Method 1: Select the folder icon to load available SharePoint sites, then select your desired site from the dropdown menu
    • Method 2: Paste the SharePoint site URL directly and select the refresh icon to validate the connection
  2. Under Drives, select the specific document library you want to sync (typically "Documents" or a custom library name).
  3. Select Save Settings to complete the configuration.

For OneDrive

No additional site selection is required. The drive connects directly to the authenticated user's OneDrive storage.

Option 2: Personal My Files Access

To enable personal My Files access, configure the following system property:

  1. Navigate to Control Panel > System > System Properties.
  2. Locate the ShowNewMyAccountFilesView property (default: false).
  3. Set the value to true.
  4. Select Save.

Once enabled, users can connect to SharePoint or OneDrive through My Content > My Files.

Step 4: Configure File Download Permissions (Optional)

By default, users cannot download files from external drives to their local devices. If your organization wants to allow users to download SharePoint and OneDrive files, you can enable this feature:

  1. Navigate to Control Panel > System > System Properties.
  2. Locate the EnableDownloadExternalFile property (default: false).
  3. Set the value to true to allow users to download external drive files to their local devices. Users can always view and upload files through the web interface regardless of this setting.
  4. Select Save.

Verify Your Setup

After completing the configuration, verify the integration is working correctly:

  1. Navigate to the location where you configured the external drive (e.g., Browse > Files for platform-wide access, or the specific space).
  2. Confirm the external drive appears in the file list with the display name you configured.
  3. Open the drive and select Connect to verify that SharePoint or OneDrive files sync successfully.
  4. Test uploading a small file from Axero and confirm it appears in the corresponding SharePoint document library or OneDrive folder.

If the drive does not appear or files fail to load, see the Troubleshooting section below.

Your SharePoint and OneDrive integration is fully configured. Users can now access external files through the configured locations in your Axero platform. Files sync automatically on a recurring schedule, and users can trigger a manual sync at any time from the drive view.

Troubleshooting

Tip: Most integration issues stem from incorrect redirect URIs or missing admin consent. Always verify these settings first before investigating other potential causes.

Authentication Issues

"Invalid redirect URI" error

Verify the redirect URI in Entra exactly matches your Axero site URL with the /oauth2/sharepoint/callback path.

"Insufficient permissions" error

Confirm admin consent was granted for all required Microsoft Graph permissions.

"Application not found" error

Verify the Application (client) ID is correct and the app registration exists.

Authentication suddenly stopped working

Check whether the client secret has expired in Entra. See the Rotating Client Secrets section for renewal steps.

Connection Issues

Unable to connect to SharePoint sites

Verify the connecting user has at least read access to the SharePoint site.

Drive stopped working after staff change

If the account used to authenticate the drive connection has been disabled or lost access, the connection will fail silently. Re-authenticate with an active account under Control Panel > System > External Drives.

Files not syncing

Check for file name restrictions (special characters, path length) and verify file sizes are within supported limits. Files up to 250 MB upload directly. Larger files use chunked upload and can be up to 250 GB, subject to your organization's tenant policy.

Integration not appearing in Axero

Verify the Office 365 integration shows a connected status under Control Panel > System > Integrations. If it shows as disconnected, re-enter the Tenant ID, Client ID, and Client Secret values from your Entra app registration.

Email Integration Conflicts

SharePoint drives disconnect after saving Office 365 email settings

This occurs when the SharePoint integration and the Office 365 email integration share the same connected account. Saving email settings (even without changes) or forced reauthentication after a password expiration refreshes the cached token for that connected account, overwriting the token SharePoint uses. To restore access, reconnect the affected external drives under Control Panel > System > External Drives. To prevent recurrence, create a separate Entra app registration and connected account for email and SharePoint (see the Caution in Step 1).

SharePoint drives disconnect after email user's password expires

When the Microsoft account used for the Office 365 email integration has a temporary or expiring password, the next required reauthentication refreshes the cached token for the shared connected account and invalidates the token SharePoint uses. Use a dedicated service mailbox with a permanent password and exclude it from password expiration policies.

Maintenance

Rotating Client Secrets

Client secrets expire based on the duration selected during creation. To rotate a secret without service interruption:

  1. In the Entra admin center, navigate to Entra ID > App registrations and open your Axero integration app.
  2. Under Certificates & secrets, select New client secret to create a replacement secret before the current one expires.
  3. Copy the new secret value immediately.
  4. In Axero, navigate to Control Panel > System > Integrations, open the Office 365 connection, and update the App Client Secret field with the new value.
  5. Verify the connection is working, then delete the old secret from Entra.

Security Best Practices

  • Set a calendar reminder to rotate client secrets at least two weeks before expiration.
  • Periodically review which users have connected accounts and their access levels.
  • Monitor API permission usage through Microsoft Entra audit logs.
  • If your organization uses Conditional Access policies, ensure they do not block the OAuth callback flow to your Axero domain.

Sync Behavior

  • Files sync automatically on a recurring schedule; users can trigger manual sync from the drive view.
  • Only changed files are synchronized after the initial setup.
  • Files up to 250 MB upload directly. Larger files use chunked upload and can be up to 250 GB, subject to your organization's tenant policy.

Removing the Integration

To fully remove the SharePoint and OneDrive integration:

  1. In Axero: Navigate to Control Panel > System > External Drives and delete all SharePoint and OneDrive drive connections.
  2. In Axero: Navigate to Control Panel > System > Integrations and disconnect the Office 365 integration.
  3. In Entra: Navigate to Entra ID > App registrations, open the Axero integration app, and select Delete. This revokes all permissions and invalidates the client secret.

Important: Removing the integration disconnects all users from their external drives. Files remain in SharePoint and OneDrive but are no longer accessible from Axero. Notify affected users before proceeding.

Additional Resources

Next Steps: Now that the administrator setup is complete, share the user setup instructions with your team: SharePoint and OneDrive Sync User Setup

Support and Feedback

We are always working to improve our documentation. If you encounter an issue not covered here, or if a step could be clearer, let us know through a Support Case so we can help you and improve this guide for everyone.

Wiki Index

Pages