Migrating to or from OneDrive requires you to setup a migration account that will have access to all OneDrive profiles. By default, nobody but the individual user has access to his or her OneDrive. Even administrators of the tenant do not have access to users’ OneDrives. This article explains how to setup the correct permissions before starting the migration. Setting up permissions for OneDrive migration is a complex task. Fortunately, Cloudiway sets up the permissions automatically.

OneDrive configuration connector

Cloudiway needs some information before it can automatically set permissions. OneDrive Configuration connector

Cloudiway needs the AppID, AppSecret and AppRealm values.

How to find your AppID, AppSecret and AppRealm

1. Create a new AppID Go to https://yourdomain.sharepoint.com/_layouts/15/appregnew.aspx

  • Generate a new AppID and AppSecret
  • Enter a title for your application
  • Set your domain name (eg: mydomain.com)
  • The redirection URL is not used (eg: https://www.mydomain.com/default.aspx)
  • Create the application

IMPORTANT: copy your client ID as it will be used in the next step. OneDrive Administration connector

2. Grant the App tenant permission Go to https://yourdomain-admin.sharepoint.com/_layouts/15/appinv.aspx

2.1 Perform a lookup of the application that you created in the previous step

2.2 Copy this XML code to grant the permission:

<AppPermissionRequests  AllowAppOnlyPolicy="true" > <AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl" />
</AppPermissionRequests>

Don’t change the XML code: you only need to copy it to the appropriate field. Finish this step by clicking on the Create button.

IMPORTANT: the scope of this step should be ‘TENANT’.

Giving access to App 2.3 Click on ‘Trust It ‘ Trust App

3.Provide permissions to the App Go to https://yourdomain-my.sharepoint.com/_layouts/15/appinv.aspx

3.1 Perform lookup of the application that you created in the step 1

3.2 Copy this XML code to grant the permission

IMPORTANT: the scope of this step should be ‘SiteCollection’.

<AppPermissionRequests  AllowAppOnlyPolicy="true" > <AppPermissionRequest Scope="http://sharepoint/content/sitecollection" Right="FullControl" />
</AppPermissionRequests>

Set sitecollection permission to App

3.3 Click on Create

3.4 Click on Trust

4.Get your App Realm Go to https://yourdomain-my.sharepoint.com/_layouts/appprincipals.aspx

4.1 Look up the App ID corresponding to your application.Your App Realm is the GuID located after the ‘@’ symbol. OneDrive Administration connector