---
myst:
html_meta:
"description lang=en": "OneDrive Storage Provider configuration guide for Kasm Workspaces"
"keywords": "OneDrive, Storage Provider, Storage Mapping, Cloud Storage"
"property=og:locale": "en_US"
---
```{title} OneDrive Storage Provider Setup
```
## OneDrive Storage Provider Setup
The [OneDrive](https://www.microsoft.com/en-us/microsoft-365/onedrive/online-cloud-storage) Storage Provider allows
end-users to map in their OneDrive storage into container-based sessions. Access is provided via Microsoft's OAuth
interface using the [Rclone](https://rclone.org) Docker volume plugin.
Reference Docs:
-
-
-
### Creating a Microsoft OAuth App
1. Login to the Microsoft Azure Portal: /
2. Select **Azure Active Directory**.
```{figure} /images/storage_providers/onedrive/azure_ad.png
:align: center
**Azure AD Control Panel**
```
3. Select **App Registrations**.
```{figure} /images/storage_providers/onedrive/app_registrations.png
:align: center
**App Registrations**
```
4. Select **New Registration**.
5. Give the app a Name (e.g {code}`Kasm OneDrive Example`).
6. In the **Supported account types** select **Accounts in any organizational directory
(Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)**.
7. In the Redirect URI, select Web, then enter the following URL , substituting the hostname of the Kasm
deployment `https://kasm.example.com/api/cloud_storage_callback`
```{warning}
In this example, we walk through creating an integration where any Microsoft user can auth with the Kasm app.
This is ideal for a public facing deployment. Other options are available for single-tenant and multi-tenant
configurations.
```
```{figure} /images/storage_providers/onedrive/register_app.png
:align: center
**Register an App**
```
8. On the next page, the **Application (client) ID** is shown, save this value as the Client ID to be used in the
next section.
9. Select **Add a certificate or secret** next to **Client credentials**.
```{figure} /images/storage_providers/onedrive/client_credentials.png
:align: center
**Client Credentials**
```
10. Select the **Client secrets** tab, then slick **New client secret**.
11. Enter a description and expiration then click **Add**.
12. The credentials are shown, save the **Value** as the **Client Secret** to be used in the next section.
```{figure} /images/storage_providers/onedrive/client_secret.png
:align: center
**Client Secret**
```
13. From the **Manage** menu on the left hand side, select **API Permissions**.
14. Select **Add a Permission**.
```{figure} /images/storage_providers/onedrive/api_permissions.png
:align: center
**API Permissions**
```
15. In the new window Select **Microsoft Graph**, then **Delegated permissions**.
16. Add all of the following permissions.
```text
Files.Read
Files.Read.All
Files.ReadWrite
Files.ReadWrite.All
offline_access
Sites.Read.All
User.Read
```
```{figure} /images/storage_providers/onedrive/add_permissions.png
:align: center
**Add Permissions**
```
17. Select the **Overview** section of the Azure app, then Select **Endpoints**. Note the
`OAuth 2.0 authorization endpoint (v2)` and `OAuth 2.0 token endpoint (v2)` values for use in the next steps.
Note: these will differ depending on the type of App created in the prior section (Internal vs Public vs Multi-Tenant)
```{figure} /images/storage_providers/onedrive/endpoints.png
:align: center
**Endpoints**
```
### Kasm Storage Provider Config
1. Log into the Kasm UI as an administrator.
2. Select **Settings** -> **Storage** -> **Add**.
3. Update the form with the following entries, using the **Client ID** and **Client Secret** gathered in the
previous section.
```{eval-rst}
+-------------------------------+--------------------------------------------------------------------------------------------------------------------+
| Name | :code:`OneDrive` |
+-------------------------------+--------------------------------------------------------------------------------------------------------------------+
| Storage Provider Type | :code:`OneDrive` |
+-------------------------------+--------------------------------------------------------------------------------------------------------------------+
| Enabled | :code:`checked` |
+-------------------------------+--------------------------------------------------------------------------------------------------------------------+
| Client ID | :code:`` |
+-------------------------------+--------------------------------------------------------------------------------------------------------------------+
| Client Secret | :code:`` |
+-------------------------------+--------------------------------------------------------------------------------------------------------------------+
| Authorization URL | :code:`` |
+-------------------------------+--------------------------------------------------------------------------------------------------------------------+
| Authorization URL Options | :code:`{"prompt" : "consent"}` |
+-------------------------------+--------------------------------------------------------------------------------------------------------------------+
| Token URL | :code:`` |
+-------------------------------+--------------------------------------------------------------------------------------------------------------------+
| Redirect URL | :code:`https:///api/cloud_storage_callback` |
+-------------------------------+--------------------------------------------------------------------------------------------------------------------+
| Scope | .. code-block:: text |
| | |
| | Files.Read |
| | Files.ReadWrite |
| | Files.Read.All |
| | Files.ReadWrite.All |
| | Sites.Read.All |
| | offline_access |
| | openid |
| | email |
| | profile |
+-------------------------------+--------------------------------------------------------------------------------------------------------------------+
| Root Drive URL | :code:`https://graph.microsoft.com/v1.0/me/drive/root` |
+-------------------------------+--------------------------------------------------------------------------------------------------------------------+
| Default Target | :code:`/onedrive` |
+-------------------------------+--------------------------------------------------------------------------------------------------------------------+
| Volume Config | .. code-block:: json |
| | |
| | { |
| | "driver" : "rclone", |
| | "driver_opts" : { |
| | "type" : "onedrive", |
| | "uid" : "1000", |
| | "gid" : "1000", |
| | "allow_other" : "true" |
| | } |
| | } |
+-------------------------------+--------------------------------------------------------------------------------------------------------------------+
| Mount Config | :code:`{}` |
+-------------------------------+--------------------------------------------------------------------------------------------------------------------+
```
4. Click **Save** to save the changes.
```{include} /user_guide/storage_providers/onedrive.md
```