Skip to main content

OneDrive & SharePoint

info

This tutorial provides a step-by-step guide for integrating Open WebUI with Microsoft OneDrive for Business & SharePoint, as well as the separate, optional integration for Personal Microsoft OneDrive accounts. You can enable one or both integrations. This documentation is up to date as of Open WebUI v0.6.37.

Configuring OneDrive & SharePoint Integration

This guide will walk you through the entire process of configuring Open WebUI to allow users to attach files directly from their Microsoft accounts. This process involves creating one or two application registrations in the Microsoft Azure portal and setting the correct environment variables in your Open WebUI instance.

Prerequisites

To successfully complete this tutorial, you will need:

  • An active Microsoft Azure account with administrative privileges to create and manage App Registrations.
  • Access to your Open WebUI instance's environment variables (e.g., via a .env file or Docker environment settings).

Integration for OneDrive for Business & SharePoint (Work/School)

This is the primary integration for organizational use. Follow these steps to allow users to access files from their work or school accounts.

Step 1: Create the Azure App Registration

First, you need to register an application in your organization's Microsoft Entra ID (formerly Azure AD) tenant.

  1. Navigate to the Microsoft Entra ID admin center.
  2. Go to Identity > Applications > App registrations.
  3. Select + New registration.
  4. Give your application a descriptive name, such as "Open WebUI Business Integration".
  5. Under "Supported account types," select "Accounts in this organizational directory only (Single tenant)" or "Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant)".
  6. Leave the "Redirect URI" section blank for now. Click Register.

Step 2: Configure the SPA Redirect URI

Open WebUI is a Single-Page Application (SPA) and uses the Microsoft Authentication Library (MSAL). It is critical to configure the Redirect URI correctly.

  1. From your new App Registration's overview page, go to the Authentication tab.
  2. Click + Add a platform and select Single-page application (SPA).
  3. Under "Redirect URIs", enter the base URL of your Open WebUI instance (e.g., https://open-webui.yourdomain.com).
  4. Enable both "Access tokens" and "ID tokens" under the "Implicit grant and hybrid flows" section.
  5. Click Configure.

Step 3: Configure API Permissions

Next, grant the application permission to read files from OneDrive and SharePoint on behalf of your users.

  1. From the App Registration menu, go to the API permissions tab.
  2. Click + Add a permission and select Microsoft Graph.
  3. Select Delegated permissions.
  4. In the search box, find and add the following permissions:
    • Files.Read: Allows the app to read files the signed-in user has access to.
    • Files.Read.All: Allows the app to read all files the signed-in user can access.
    • Sites.Read.All: Allows the app to read items in all site collections the signed-in user can access.
    • User.Read: Allows the app to read the signed-in user's profile.
    • AllSites.Read: Legacy SharePoint permission for reading site data.
    • MyFiles.Read: Allows the app to read the user's personal drive.
    • Sites.Search.All: Enables file search functionality across sites.
  5. If your organization uses SharePoint API permissions separately, repeat the process by selecting SharePoint instead of Microsoft Graph and add the applicable delegated permissions.
  6. After adding all permissions, you must grant admin consent. Click the "Grant admin consent for [Your Tenant Name]" button. The status for these permissions should change to "Granted".
warning

Admin Consent is Mandatory Open WebUI uses the .default scope for a seamless enterprise experience, meaning it relies on pre-approved permissions. If admin consent is not granted here, non-admin users will be blocked from logging in with an "Admin approval required" error.

Step 4: Gather Credentials for Business Integration

From the Overview page of the App Registration you just created, copy the following values:

  • Application (client) ID: This will be your ONEDRIVE_CLIENT_ID_BUSINESS.
  • Directory (tenant) ID: This will be your ONEDRIVE_SHAREPOINT_TENANT_ID.

Step 5: Configure Environment Variables for Business Integration

Set the following environment variables in your Open WebUI deployment to enable the work/school integration:

# Enable the OneDrive integration feature globally
ENABLE_ONEDRIVE_INTEGRATION=true

# --- Business & SharePoint Configuration ---

# The Application (client) ID from your Business App Registration
ONEDRIVE_CLIENT_ID_BUSINESS="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"

# The Directory (tenant) ID from your Business App Registration
ONEDRIVE_SHAREPOINT_TENANT_ID="yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy"

# The root URL of your SharePoint instance
ONEDRIVE_SHAREPOINT_URL="https://your-tenant-name.sharepoint.com"
info

After setting these variables and restarting Open WebUI, you must also enable the OneDrive toggle in the admin panel. See the Final Step section below for details.

Integration for Personal OneDrive (Optional)

To enable support for personal Microsoft accounts, you must create a second, separate App Registration configured for consumers.

Step 1: Create a Separate App Registration for Personal Accounts

  1. Navigate back to App registrations in Microsoft Entra ID and select + New registration.
  2. Give it a distinct name, like "Open WebUI Personal Integration".
  3. Under "Supported account types," select the option: "Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant) and personal Microsoft accounts (e.g., Skype, Xbox)".
  4. Configure the SPA Redirect URI with your Open WebUI base URL, just as you did for the business app.
  5. Enable both "Access tokens" and "ID tokens" under the "Implicit grant and hybrid flows" section.
  6. For this personal registration, no special API permissions or admin consent are required, as users will consent to OneDrive.ReadWrite individually.

Step 2: Gather the Client ID for Personal Integration

From the Overview page of this new "Personal" App Registration, copy the Application (client) ID. This will be used for a different environment variable.

Step 3: Configure the Environment Variable for Personal Integration

Add the following environment variable to your Open WebUI deployment:


# --- Personal Account Configuration (Optional) ---

# The Application (client) ID from your *second*, Personal App Registration
ONEDRIVE_CLIENT_ID_PERSONAL="zzzzzzzz-zzzz-zzzz-zzzz-zzzzzzzzzzzz"

Final Step: Enable OneDrive Integration in Admin Settings

After setting your environment variables and restarting your Open WebUI instance, you must explicitly enable the feature in the admin panel. The environment variables alone do not activate the integration.

  1. Navigate to Settings → Admin → Documents.
  2. Toggle on the "OneDrive" switch.
  3. Refresh your browser or log out and log back in.
warning

Admin Toggle is Required

This step is mandatory even though you've set ENABLE_ONEDRIVE_INTEGRATION=true in your environment. Some configuration options in Open WebUI are persistent database settings that are initialized on first startup but must be activated through the admin interface.

Verifying the Integration

After enabling the admin toggle and refreshing, verify the integration is working:

  1. In Open WebUI, open the attachment menu (+) in the chat input. You should see menu items for "Microsoft OneDrive (work/school)" and/or "Microsoft OneDrive (personal)", depending on your configuration.
  2. Clicking either option should trigger a pop-up window for Microsoft authentication.
caution

Disable Pop-up Blockers!

The OneDrive file picker and authentication flow happen in a pop-up window. If nothing happens when you click a OneDrive option, your browser is almost certainly blocking pop-ups. You must disable the pop-up blocker for your Open WebUI domain for the integration to work. Note that some browsers (like Chrome) may have additional restrictions compared to others (like Edge).

Troubleshooting

OneDrive option not appearing in the attachment menu:

  • Verify the admin toggle is enabled in Settings → Admin → Documents
  • Refresh your browser after enabling the toggle
  • Check that your environment variables are correctly set and the container has been restarted

Files not loading or folders not clickable:

  • Log out of Open WebUI completely and log back in to refresh your authentication tokens
  • Verify the Azure App Registration permissions are correctly configured and admin consent is granted
  • Check browser console for any authentication errors

Authentication pop-up not appearing:

  • Disable pop-up blockers for your Open WebUI domain
  • Try a different browser (Edge tends to work more reliably than Chrome for Microsoft authentication flows)

You have now successfully configured OneDrive integration, providing seamless file access for your users.

This content is for informational purposes only and does not constitute a warranty, guarantee, or contractual commitment. Open WebUI is provided "as is." See your license for applicable terms.