If the Azure tenant for which you want to enable OneDrive has already been used in an Active Roles version earlier than Active Roles 7.5, you must add the Sites.FullControl.All SharePoint application permission manually for Active Roles in the Azure tenant. Failure of doing so will result in an error in the Tenant Details window of the Active Roles Configuration Center when testing the configured SharePoint credentials.

To check that Active Roles has the Sites.FullControl.All application permission in an Azure tenant

  1. Log in to Azure Portal.

  2. Open the Azure tenant of your organization by clicking Azure Active Directory on the main screen.

  3. To open the list of applications registered for your Azure tenant, navigate to Manage > App registrations.

  4. Select your Active Roles deployment either by finding it in the All applications or Owned applications list, or by searching it in the search bar.

  5. To open the list of API permissions, navigate to Manage > API permissions.

  6. Check that the Sites.FullControl.All permission is listed under the API / Permissions name > SharePoint heading.

    Figure 11: List of configured permissions under Azure Active Directory > Manage > API Permissions of Azure Portal

If Sites.FullControl.All is not listed, add it to Active Roles in the Azure tenant by completing the next procedure.

To add the Sites.FullControl.All application permission to Active Roles in an Azure tenant

  1. In the Configured permissions list (available under Manage > API permissions) click Add a permission.

    The list of available API permissions will appear on the right side of the screen under Request API permissions.

  2. In the list of available API permissions, click SharePoint.

  3. Click Application permissions.

  4. Under Select permissions > Sites, select Sites.FullControl.All and click Add permissions.

  5. To apply your changes, select Sites.FullControl.All under Configured permissions and click Grant admin consent for <azure-tenant-name>.