Microsoft Entra ID authentication

Self-hosted appliances configure Microsoft Entra ID authentication differently — see the self-hosted version of this article for the appliance flow, which uses a Microsoft client secret and requires a separate Entra ID licence key.

On Foldr Cloud, Microsoft Entra ID authentication is a toggle on the same Entra app you set up for Microsoft 365 storage. When it’s on, users can sign in to Foldr with their Microsoft 365 account. The same Federated Identity Credential (FIC) that authorises storage access also covers the sign-in flow — there is no second app registration, no client secret, and no separate licence.

Prerequisites

Microsoft 365 storage must be wired up first. The sign-in flow rides on the same Entra app and the same Federated Identity Credential. If you haven’t done that yet, follow OneDrive & SharePoint Online integration — steps 1 through 4 are the only ones strictly required for sign-in.

Enable Microsoft sign-in

1. Add the sign-in redirect URI to your Entra app. In the Azure portal, open the app you registered for Microsoft 365 integration. Go to Authentication, click the Web platform you registered in step 1 of the storage setup, and add a second Redirect URI:

   https://<your-foldr-subdomain>.foldr.cloud/services/microsoft/signin

   Without this URI registered, sign-in fails with AADSTS50011 after the user authenticates with Microsoft. The URI is also displayed with a copy button in Foldr Settings (next step) once Microsoft sign-in is enabled.

2. Flip the toggle in Foldr. In Foldr, open Foldr Settings → Integrations → Microsoft and turn on Microsoft sign-in. Two related options become available:

   • Redirect all users to Microsoft Online — every user signs in via Microsoft. Foldr-local accounts can no longer sign in via the standard Foldr screen.
   • Allow guest user access — users from other Microsoft tenants who are guests in yours can sign in.

3. Save changes. The toggle takes effect immediately. Microsoft sign-in shows up as a button on the Foldr sign-in screen.

User experience

A Microsoft sign-in option appears on the Foldr sign-in screen. Clicking it redirects the user to Microsoft Online; once they authenticate (including MFA if Entra requires it), they’re redirected back to Foldr and signed in.

The first time a user signs in this way, they may see a consent prompt — but only if admin consent for your Entra app’s permissions hasn’t already been granted. If you completed the storage setup, admin consent is already in place.

The Foldr Windows app supports automatic sign-in when the device’s Edge browser is already signed into Microsoft 365.

Coexistence with Foldr-local accounts

By default, Microsoft sign-in runs alongside any other sign-in methods you have enabled. Users see both options on the sign-in screen and pick. If you turn on Redirect all users to Microsoft Online, the Foldr-local sign-in screen is bypassed entirely.

Revoking sign-in

To stop allowing Microsoft sign-in, turn off the toggle in Foldr Settings → Integrations → Microsoft. The storage integration keeps working — only the sign-in flow is disabled.

If you want to disconnect Microsoft 365 entirely (sign-in and storage), see Revoking the trust on the storage integration page.

Related articles

• OneDrive & SharePoint Online integration — the storage integration this page builds on.
• Microsoft Entra ID authentication (self-hosted) — the appliance equivalent, which is a fuller-featured product mode with its own licence.