Skip to content

OneDrive Connector

Configure the OneDrive connector if you're using OneDrive to manage your content and want to make your existing content searchable with SearchAI. Configuring OneDrive as a content source requires:

  • Registering a multi-tenant app in Azure Platform
  • Configuration of the OneDrive connector in SearchAI
Type of Repository Cloud
Extractive Model for Answer Generation Yes
Generative Model for Answer Generation Yes
Supported Content Type Extractive Answers - .pdf, pages/articles(.aspx), .html, .xhtml. Generative Answers - pages/articles (.aspx), .doc, .docx, .ppt, .pptx, .html, .xhtml, .txt, .pdf
Access Control Support Yes
Automatic Permission Entities Resolution Yes

Authorization Support

Search AI uses OAuth 2.0 Authorization Code Grant Type mechanism for integration with OneDrive.

Registering a multi-tenant app in Azure Portal

App registrations are required to access resources programmatically. Registering an app establishes trust between the SearchAI application and the Microsoft identity platform.

Register an app in Azure

  1. Sign in to the Azure Portal and go to Azure Active Directory.
  2. Select App Registrations > New Registration.
  3. Enter the app name.
  4. Under Supported account types, select Accounts in any organizational directory (multi-tenant).
  5. Enter the Redirect URL. Use the appropriate URL for your region or deployment:
  6. Select Register.

The registration generates a Client ID and Tenant ID. Save both values from the Overview page.

Create a client secret

  1. In the app, go to Certificates & secrets.
  2. Select New client secret.
  3. Enter a description, set the expiration to 24 months, and select Add.
  4. Copy and save the client secret value. You cannot view it again after leaving the page.

Configure API permissions

  1. Go to API permissions > Add a permission.
  2. Select Microsoft Graph > Delegated permissions.
  3. Add the following permissions:
    • Files.Read
    • Files.Read.All
    • Offline_access
  4. Select Grant admin consent to apply the permissions.

Use the Client ID, Client secret, and Tenant ID generated above to configure the OneDrive connector in SearchAI.

For more information, see how to register an app in Entra.

Configure the OneDrive connector

  1. Go to the Connectors page and add OneDrive connector.
  2. On the Authorization page, set the authentication mechanism to OAuth 2.0 and the grant type to Authorization code.
  3. Enter the Client ID, Tenant ID, and Client secret that you generated during app registration in the Azure portal.
  4. Select Connect.

The connector is now authenticated and enables SearchAI to interact with OneDrive for content ingestion.

Content Ingestion

Once the authorization process is complete and the connector is configured, the next step is to ingest content and make it searchable.

  1. Go to the Configuration tab.
  2. Select Sync now to perform an immediate sync operation with OneDrive.
  3. (Optional) Schedule a sync to run at a future time.

A sync operation ingests content from OneDrive. The content is chunked and indexed according to the configuration of the SearchAI application.

  • During the first sync, all supported content is ingested.
  • During subsequent syncs, only updated content is ingested. The chunks corresponding to updated content are deleted and recreated.

All supported files under My files and Shared files are ingested into SearchAI. Content inside folders is also ingested.

Drive Home

The following screenshot shows content ingested after a sync operation through the OneDrive connector:

Content

Access Control

SearchAI supports access control for content ingested from OneDrive accounts.

To configure access control, go to the Permissions and Security tab in the OneDrive Connector and set the access as required.

OneDrive content access is determined by the permissions defined in the source system. SearchAI provides two options for managing access:

  • Permission Aware: When this option is enabled, the connector retrieves the access information from OneDrive during ingestion. This information is stored in the sys_racl field of the ingested content. Each entry in the sys_racl field represents a permission entity. SearchAI supports automatic resolution of these permission entities. It identifies the users who have access to the corresponding file or folder in OneDrive and automatically associates them with the correct permission entities in SearchAI.

  • Public Access: When this option is selected, the sys_racl field is set to *. The ingested content becomes accessible to all SearchAI users, regardless of the permissions in OneDrive.

Understanding Permissions in OneDrive

By default, when a file or folder is created in OneDrive, it is private, and only the owner of the file can access it. The files and folders can be shared with other team members using the Share option in OneDrive, which can be used to share it with one or more internal or external users or user groups.

Access

It can also be shared as a link as follows.

Access

Handling Permissions in Search AI Connector

  • The owner of the file is automatically added to the sys_racl field of the content.
  • The users to which the file is shared are also added directly to the sys_racl field of the content.
  • The user groups to which the file is shared are added as permission entities to the sys_racl field. Corresponding users( part of the user groups) must be added manually using the Permission Entity APIs.
  • If the link is shared to a domain, the users of the given domain are automatically identified using the domain name.

For instance, if Charles is the owner of a file and he shared it with a user group ‘searchassist@Kore.com’ and an external user ‘xyz@example.com, the sys_racl field would be like:

"sys_racl": [
    "E083437f-d330-4ad7-8a02-87018187be46", //permission entity id corresponding to the user group.
    "charles@koraqa1.com" //owner of the file
]

If Charles also allowed all the employees of his organization to access the file, the sys_racl field would be as shown below.

"sys_racl": [
  "koreaisoftware.onmicrosoft.com",
  "koraqa1.com",
  "kora.ai",
  "e083437f-d330-4ad7-8a02-87018187be46",//permission entity id corresponding to the user group.
  "charles@koraqa1.com" //owner of the file
]