Integrating Microsoft OneDrive with Frontegg allows your application to read and write files, manage folders, access shared files, and interact with user storage — all through Frontegg's integration layer using Microsoft OAuth 2.0 and the Microsoft Graph API.
Prerequisites
Prerequisites
- A Microsoft account with access to the Azure portal
- An Azure Active Directory (Microsoft Entra ID) tenant
Sign in to the Azure portal and search for App registrations in the top search bar. Click App registrations in the results.
Click New registration at the top of the page. Fill in the registration form:
- Enter a name for your application (for example,
Frontegg Integration). - Under Supported account types, select Accounts in any organizational directory (Any Microsoft Entra ID tenant — Multitenant) for multi-tenant apps, or the appropriate option for your use case.
- Under Redirect URI, select Web as the platform and enter your Frontegg MCP Gateway callback URL.
- Click Register.
After registration, you are taken to the application overview page. Copy both the Application (client) ID and the Directory (tenant) ID — you will need them when configuring the Frontegg portal.
In the left sidebar, click Certificates & secrets, then click New client secret.
In the Add a client secret panel, enter a description (for example, Frontegg Integration) and choose an expiry period. Click Add.
The new secret appears in the list. Copy the Value immediately — it is only shown once. After you navigate away, you cannot retrieve it again.
Save your Client Secret now
Save your Client Secret now
The Client Secret value is only displayed once. After you leave this page, you can only see the secret ID — not the value. Store the value securely before continuing.
In the left sidebar, click API permissions, then click Add a permission.
In the Request API permissions panel, click Microsoft Graph.
Click Delegated permissions. Search for Files and expand the Files group. Select the permissions your application requires, then click Add permissions.
After adding permissions, the API permissions page shows all configured permissions under Microsoft Graph.
Once you have your Client ID, Client Secret, and optionally the Tenant ID, enter them in the Frontegg portal:
- Open the Frontegg portal and navigate to [ENVIRONMENT] → Integrations → Microsoft OneDrive.
- Enter the Client ID and Client Secret in the corresponding fields.
- Optionally, enter the Directory (tenant) ID. Leave blank or use
commonfor multi-tenant applications. - Select the required scopes:
| Scope | Description |
|---|---|
Files.Read | Read the signed-in user's files |
Files.ReadWrite | Read, create, update, and delete the signed-in user's files |
Files.Read.All | Read all files the signed-in user can access |
Files.ReadWrite.All | Read, create, update, and delete all files the signed-in user can access |
Files.Read.Selected | Read files that the user selects (preview) |
Files.ReadWrite.Selected | Read and write files that the user selects (preview) |
Files.ReadWrite.AppFolder | Full access to the application's dedicated folder (preview) |
- Click Save.
Keep your credentials secure
Keep your credentials secure
Never share or commit your Client Secret to version control.