Microsoft One Drive Connector#

Profiles: Project Creator

This page describes how to set up and configure the Squirro 1-click connector for Microsoft One Drive.

This connector allows project creators to connect to a Microsoft One Drive account and select which data they’d like to index into Squirro.

Important: All document types including sheets are converted to PDF before ingesting into a Squirro project.


To use this connector, you’ll need the following:

  • An existing Microsoft One Drive account with data.

  • OAuth set up for 1-click connectors enabled within Squirro.


0Auth is set up by default on all cloud servers at For any other Squirro installation, ask your Squirro server admin to follow the steps in the OAuth Configuration section below.

Squirro provides a 1-click connector for Microsoft OneDrive. This connector allows the Project Creators to connect to a Microsoft Azure account and index the Microsoft OneDrive data into Squirro.

Set Up Connector#

To connect Microsoft One Drive to Squirro, follow the steps below:

  1. Open your Squirro project.

  2. Navigate to the Setup space.

  3. Click the Data tab. By default, you will be on the Data Sources page, as shown in the example screenshot below:

Add Data Sources
  1. Click the orange plus sign (+) in the top-right corner of the page to add new data.

  2. Click the Enterprise tab, then the Microsoft One Drive icon.


Once you’ve clicked Authenticate, you will be re-directed to the Sign-in screen hosted by Microsoft.

Note: Squirro will never ask you for your Microsoft password. This is requested by Microsoft itself.


  1. Sign in to your Microsoft account. Once you sign in you will be prompted to approve Microsoft OneDrive access.


  1. Click Yes to approve. After approving, you will be brought back to Squirro’s Source Configuration screen. This screen shows which Microsoft account Squirro has connected to.


  1. Click Save for Squirro to automatically configure the mapping of item fields and labels, as well as any other required source configuration.

Both the media files (image, video, audio) and files from the trash are not fetched by default. To change that behavior expand the Advanced Options section and select the appropriate option. Alternatively, you can define those settings manually by clicking Next and going through the full source setup process.


To index a specific folder, you must enter the path to the folder in the Folder Path field WITHOUT the leading slash (/). For example, if you want to index the folder /MyFolder, you must enter MyFolder in the Folder Path field.

Now, your data will begin indexing into Squirro.


OAuth Configuration#

To allow Squirro to connect to the Microsoft accounts of end users, you must register an OAuth2 app on the Microsoft portal.

Microsoft Configuration#

  1. Open the Microsoft Azure Portal at

  2. Click Register an application.


  1. Enter the following options as shown in the screenshot below:

  • Name: Your name for the application.

  • Supported account types: “Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)”

  • Redirect URI: This is the URL Microsoft will redirect the user to after successful authorization. This needs to be set to https://<your-server-url>/dataloader/onedrive_plugin/pl/azure/authorized on your server.



  1. Click Register.

  2. Navigate to the API permissions tab and click Add a permission.


  1. Click Microsoft Graph.


  1. Navigate to the Delegated permissions section.


  1. Add the following:

  • email

  • offline_access

  • Files.Read.All

  • GroupMember.Read.All

  • Sites.Read.All

  • User.ReadBasic.All

  • User.Read

GroupMember.Read.All is used to download files from the Group Drives. However, GroupMember.Read.All is a tenant-wide scope and requires admin consent to use.

Information on how to grant tenant-wide admin consent can be found at

  1. After adding scopes, confirm your choices by clicking Add permissions


  1. Navigate to the Token configuration tab, click Add optional claim and add a new claim as follows:

  • Token type: ID

  • Claim: email


  1. To create a Client secret key for your app, navigate to the Certificates & secrets tab, click New client secret and add a key:

  • Description: <your-key-name> (can be anything you’d like)

  • Expires: Period of time after your secret key will expire (max period of time is 24 months).


Apply for Production#

Unverified apps will show a warning about unverified status during the user authorization process when the users connect their Squirro instance to their Microsoft account.

To avoid that, you have to apply for Production status of the Microsoft OneDrive app.

To start that process you first have to configure the Branding. This will require a logo icon, homepage URL, links to your terms of service and privacy policy.

For more information, see

Squirro configuration#

After having created the OAuth2 app on the Microsoft Azure portal, you’ll need to configure the Client ID and the Client Secret on your Squirro instance.

To do so, follow the steps below:

  1. Go to the Overview tab of the app and copy Application (client) ID.


  1. Go to the Certificates & secrets tab and copy the value of your Client Secret key.


  1. Edit /etc/squirro/common.ini on your Squirro cluster and add the following lines:

onedrive_client_id = YOUR_ID
onedrive_client_secret = YOUR_SECRET
  1. To enable org-wide access scopes used by your app also add the following line to the [dataloader] header:


Note: This requires tenant-wide admin consent described in the App Config section.

  1. If the [dataloader] header is already present in this file, add the lines to the existing section. The section header can not appear more than once in the configuration file.

  2. Restart the frontend & datasource service to apply the settings:

sudo systemctl restart sqfrontendd
sudo systemctl restart sqdatasourced

You are now ready to connect your Squirro instance to Microsoft One Drive accounts!