OneDrive Authentication
- Last Updated: May 20, 2026
- 3 minute read
- MOVEit Automation
- Version 2026
- Documentation
OneDrive authentication uses Microsoft Entra ID (formerly Azure Active Directory) to securely authenticate and authorize access to Microsoft Graph and OneDrive resources.
Prerequisites
Before configuring OneDrive authentication, ensure the following:
- You have access to MOVEit Automation and can create and manage TLS certificates.
- You have administrative access to Microsoft Entra ID (Azure Active Directory).
- You have created an App Registration in your Microsoft 365/Entra tenant for OneDrive access. This allows MOVEit Automation to access OneDrive via Graph APIs
- Use Microsoft Graph Application permissions (not Delegated permissions).
- Apply minimal permissions to the App Registration intended for OneDrive
access only, using the
Sites.Selectedstrategy. This is accomplished in the Entra ID portal. - Link the App Registration to a user’s OneDrive folder so it can access
the required content. This step cannot be completed in the Entra admin
interface but can be performed using Microsoft tools. A commonly used
approach is the PowerShell PnP module, specifically the
Grant-PnPEntraIDAppSitePermissioncmdlet. Use this cmdlet to grant the App Registration access to the user’s OneDrive and assign an appropriate permission level, such asread,write, orfull control. - Configure the App Registration with either:
Certificate Authentication
- In MOVEit Automation, create a new TLS certificate.
- After creating the certificate, export the certificate without the private
key.
Only the public key is required for Microsoft Entra ID. Do not export the private key.
The certificate should be at least 2048-bit strength. It must be in .cer format before uploading to Microsoft Entra ID.
- Sign in to the Microsoft Azure Portal.
- Navigate to .
- Select the required OneDrive app registration and click the Client Credentials hyperlink to open Certificates & secrets.
- On the Certificates tab, click Upload certificate.
- Upload the exported certificate (public key only) in
.cer format.
Certificates uploaded here are used as credentials to prove the application’s identity when requesting tokens.
Obtain Tenant ID and Client ID
The Client ID and Tenant ID are available on the Overview page of the App Registration in Microsoft Entra ID. These values are required when configuring the OneDrive host in MOVEit Automation.
- In MOVEit Automation Web Admin, create or edit a OneDrive host with authentication set to Certificate Authentication.
- Enter the following values:
- Tenant ID: Directory (tenant) ID from the Azure app registration.
- Client ID: Application (client) ID from the Azure app registration.
- Certificate: Click Set Cert and select the TLS certificate you created in MOVEit Automation.
- Save the host configuration.
Client Secret Authentication
- Sign in to the Microsoft Azure Portal.
- Navigate to .
- Select the required OneDrive app registration. Select .
- On the Client secrets tab, click New client secret.
- Enter a description, select an expiration period, and click Add.
- Copy the value of the client secret and store it securely. You will need
the secret “value” from this page, and not the secret ID.Note: The secret value is shown only once and is required when configuring the OneDrive host in MOVEit Automation.
Obtain Tenant ID and Client ID
The Client ID and Tenant ID are available on the Overview page of the App Registration in Microsoft Entra ID. These values are required when configuring the OneDrive host in MOVEit Automation.
- In MOVEit Automation Web Admin, create or edit a OneDrive host with authentication set to Client Secret Authentication.
- Enter the following values:
- Tenant ID: Directory (tenant) ID from the Azure app registration.
- Client ID: Application (client) ID from the Azure app registration.
- Client Secret: The client secret value generated in Microsoft Entra ID.
- Save the host configuration.