Create a Microsoft OneDrive external content connector

  • Release version: Yokohama
  • Updated February 11, 2026
  • 7 minutes to read

    • Create an external content connector to retrieve searchable content and security principals from your Microsoft OneDrive source system.

    Before you begin

    A source system administrator must have already configured your Microsoft OneDrive source system to allow access by the Microsoft OneDrive external content connector. For details on configuring these settings in the source system, see Create a public/private key pair for the Microsoft OneDrive external content connector and Configure Microsoft OneDrive for external content indexing.

    Role required: sn_ext_conn.xcc_admin

    Procedure

    1. Navigate to All > External Content Connectors > External Content Admin Home.
    2. If prompted, select Switch scope to switch to the External Content Connectors Admin scope.
      You must be in this scope to create or edit external content connectors.
    3. In the Connectors section, select New.
    4. On the Choose source page, select the OneDrive tile, then select Next.
    5. On the Connection settings page, fill in the connection settings.
      Table 1. Connection settings
      Connection setting Description
      Connector name Unique name for this Microsoft OneDrive external content connector.
      Application (client) ID Application (client) ID for the OAuth 2.0 application defined in the Microsoft Entra admin center that grants access to your Microsoft OneDrive instance.

      If you have access to the OAuth 2.0 application's registration record in the Microsoft Entra admin center, you can navigate to Overview and copy this ID from the Application (client) ID field in the Essentials section.

      If you can't access the OAuth 2.0 application's registration record in the Microsoft Entra admin center, ask your Microsoft Entra administrator for the application's Application (client) ID value.
      Directory (tenant) ID Directory (tenant) ID for the OAuth 2.0 application defined in the Microsoft Entra admin center that grants access to your Microsoft OneDrive instance.

      If you have access to the OAuth 2.0 application's registration record in the Microsoft Entra admin center, you can navigate to Overview and copy this ID from the Directory (tenant) ID field in the Essentials section.

      If you can't access the OAuth 2.0 application's registration record in the Microsoft Entra admin center, ask your Microsoft Entra administrator for the application's Directory (tenant) ID value.
      JKS Certificate Java KeyStore (JKS) file containing a public/private key pair generated with the Java keytool utility. These keys must match the public key from the DER-encoded binary X.509 format certificate uploaded to the OAuth 2.0 application defined in the Microsoft Entra admin center that allows the Microsoft OneDrive external content connector to access your source system data.

      If you don't have a copy of the JKS file, ask your security administrator for it. You can't download the JKS file from the OAuth 2.0 application's registration record in the Microsoft Entra admin center.
      JKS certificate password Password for the Java KeyStore (JKS) file specified in JKS Certificate.

      If you don't have the password for the JKS file, ask your security administrator for it. You can't retrieve the JKS certificate password from the registration record for the OAuth 2.0 application defined in the Microsoft Entra admin center that allows the Microsoft OneDrive external content connector to access your source system data.
      JKS certificate thumbprint Base64-encoded or hexadecimal SHA1 hash for the DER-encoded binary X.509 format public key certificate uploaded to the OAuth 2.0 application defined in the Microsoft Entra admin center that allows the Microsoft OneDrive external content connector to access your source system data.

      If you don't have this hash, ask your Microsoft Entra administrator for the SHA1 thumbprint hash for the application's DER-encoded binary X.509 format public key certificate, in either base64-encoded or hexadecimal format.
      Settings for regulated markets
      Configure settings for regulated markets

      Option to display Authority endpoint and Graph API endpoint settings fields.
      Authority endpoint

      URL for the Microsoft authorization server that you use to log in to your source system (Microsoft tenant). This field appears only when Configure settings for regulated markets is selected.

      Default value: https://login.microsoftonline.com/

      Cloud service endpoint URLs include:
      • https://login.microsoftonline.com/: Endpoint URL for the Microsoft 365 cloud
      • https://login.microsoftonline.us/: Endpoint URL for the Microsoft 365 GCC and GCC High cloud and the Microsoft 365 DoD cloud
      If you don't know the authority endpoint URL to use, ask your Microsoft administrator for it.
      Important:
      The authority endpoint URL must end with a trailing slash.
      Graph API endpoint

      Microsoft Graph API endpoint for your source system (Microsoft tenant). This field appears only when Configure settings for regulated markets is selected.

      Default value: https://graph.microsoftonline.com/

      Microsoft Graph API endpoint URLs include:
      • https://graph.microsoftonline.com/: Endpoint URL for the Microsoft Graph global service cloud
      • https://graph.microsoftonline.us/: Endpoint URL for the Microsoft Graph for US Government L4 cloud
      • https://dod-graph.microsoftonline.us/: Endpoint URL for Microsoft Graph for US Government L5 (DOD) cloud
      If you don't know the Microsoft Graph API endpoint URL to use, ask your Microsoft administrator for it.
      Important:
      The Microsoft Graph API endpoint URL must end with a trailing slash.
      Validate connection settings with test crawl

      Option to run a short test crawl to verify whether your connection settings and source system permissions are correctly set.

      For more details on validating connection settings and source system permissions with a test crawl, see Verify your connection settings and source system permissions for an external content connector.
      Important:
      For connectors that support user permission crawls, all searchable content and metadata indexed by the validation test crawl is public until the connector completes its first user permission crawl. This means the test crawl's content will be visible to all users of portals and search applications that the connector is linked to.
    6. Save and validate your connection settings by selecting Validate Connection.
      Note:
      If validation of your connection settings fails, the system shows an error message. Verify your connection settings to ensure they're correct. If permissions required by the connector are missing or incorrectly configured in the source system, a warning message appears showing the permissions that must be corrected. Provide the information from this message to your source system administrator.
    7. After your connection settings are validated, select Next.
    8. On the Crawl settings page, modify any default crawl settings that you want to override for this connector, then select Next.
      If you want to skip this step for now, select Skip instead of Next. You can modify the crawl settings for this connector from the External Content Admin Home page. For details on this procedure and the available crawl settings, see Configure crawl settings for a Microsoft OneDrive external content connector.
    9. On the User permission settings page, modify any default user permission settings that you want to override for this connector.
      If you want to skip this step for now, select Skip instead of Next. You can modify the user permission settings for this connector from the External Content Admin Home page. For details on this procedure and user permission settings, see Configure user permission settings for an external content connector.
    10. On the Create crawl page, create a content crawl for this connector by selecting a crawl scope (if supported) and any desired options, then select Next.
      If you want to skip this step for now, select Skip instead of Next. You can create and run crawls for this connector from the External Content Admin Home page. For details on creating content crawls, see Create a content crawl for an external content connector.
    11. On the Connect search profile page, use the Connect to search profile field and Add button to add any search profiles that you want to connect this external content connector's default search source to, then select Save.
      If you want to skip this step for now, select Skip instead of Next. You can connect search sources for this connector to search profiles from the External Content Admin Home page. For details on connecting an external content connector to search profiles, see Connect an external content connector to a search profile.

    Result

    Your new external content connector appears in the Connectors list on the External Content Admin Home page.

    What to do next

    To retrieve searchable content and security principals with your new connector, you must configure and run content and user mapping crawls for it. You can modify your new connector's crawl settings and create crawls for it from the External Content Admin Home page even if you skipped these steps during connector creation.
    To make content crawled by your new connector searchable in portals and search applications, you must link one of its search sources to the search profile used by each portal or search application. You can use the connector's default search source or create your own custom search sources.
    Default search source
    By default, the system creates a search source that includes all content from your external content connector's indexed source.
    Custom search sources
    You can create your own search sources with filters to specify which content from the connector's indexed source is searchable. To view the connector's indexed source, navigate to All > AI Search > AI Search Index > Indexed Sources. For information about creating search sources, see Search sources in AI Search.
    You can link connector search sources to search profiles from the External Content Admin Home page. For details on this procedure, see Connect an external content connector to a search profile.