Skip to main content

Setup (Certificate)

Prerequisite

Set up the Microsoft 365 parent connector before configuring OneDrive. The Microsoft 365 setup covers app registration, certificate generation, and uploading the certificate to Azure. OneDrive inherits the client ID, tenant ID, and certificate credentials from the parent suite and only requires the child-specific steps below.

Required permissions for setup

  • The user setting up this data source must be the Global Admin.

Add OneDrive permissions to the parent app

Using the app created during Microsoft 365 setup, add the following permissions.

  1. Sign in to the Azure portal. Navigate to Microsoft Entra IDManageApp registrations and select the app created for the Microsoft 365 suite.

  2. Click ManageAPI PermissionsAdd a permission and select Microsoft Graph. Choose Application permissions and add the following:

    • User.Read.All
    • GroupMember.Read.All
    • Files.ReadWrite.All (for subscriptions over drives)
    • Reports.Read.All
    • Sites.FullControl.All
    • Member.Read.Hidden

  3. Click Add a permission and select SharePoint. Choose Application permissions and add the following:

    • Sites.FullControl.All

Configure permissions

  1. Ensure you are signed in to Azure as a Global, Application, or Cloud Application Administrator.

  2. Use the search box to navigate to Enterprise applications. Select the Glean app from the list of applications.

  3. Click Permissions under Security. Review the permissions shown, then click Grant admin consent.

Grant admin consent

By this step, you should have the following permissions provisioned on the API Permissions page:

SharePoint API permissions

Configure OneDrive in Glean

  1. In the Admin console, select the OneDrive child connector under the Microsoft 365 suite. The client ID, tenant ID, and certificate credentials are inherited from the parent.

  2. To increase full crawl indexing speed, Glean recommends 1–10 additional applications with the same permission settings as the parent app. For each additional app, repeat the steps from Register a new app through Upload certificate to Azure in Microsoft 365 setup and the Add OneDrive permissions to the parent app steps on this page, then paste each additional Application (client) ID into Glean. You do not need to re-upload the certificate in Glean.

Upload keys

  1. Click Save. If the credentials save, you're all set!
© 2026, Glean Technologies, Inc.
Last updated on