activities
latest
false
Productivity Activities
Last updated Oct 23, 2024

Authentication troubleshooting

This page lists possible authentication issues you may encounter when using the Microsoft 365 Activities Package.

Which authentication type should I use in the Microsoft 365 Scope activity

Overview

First, make sure you check out the following resources:

  1. Read the documentation related to the Microsoft 365 Scope activity, which includes information about the available authentication types.
  2. To learn how to register your custom application in Azure AD and set Graph API permissions, see the setup page.
  3. The list of Graph API calls from Microsoft 365 activities is available on the Technical References page.
  4. To learn about using UiPathStudioO365App for InteractiveToken (i.e. OAuthApplication=UiPath), see:
  5. See the required API permissions for Use application cards on the Microsoft 365 and Google Workspace Cards - API permissions and scopes page.

Scope to specific mailboxes

When using this authentication type, the application has access to all mailboxes from your tenant. That's because the application API permission Mail.Read represents "Read mail in all mailboxes" and Mail.ReadWrite means "Read and write mail in all mailboxes".

It's possible to scope application permissions to specific mailboxes, so the application has access only to the specified mailboxes: Scoping application permissions to specific Exchange Online mailboxes.

Scope to specific sites

Use the Sites.Selected application permission to allow the application access to just specific SharePoint site collections rather than all.

Authenticating with username and password fails

Missing parameters: client_assertion or client_secret

Issue: Authentication with username and password fails. The error message displayed is:

Important: "A configuration issue is preventing authentication - check the error message from the server for details. You can modify the configuration in the application registration portal. See https://aka.ms/msal-net-invalid-client for details. Original exception: AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'."

Solution: Make sure your registered application has the Allow public client flows configuration field enabled.



The application isn't configured as a multi-tenant application

Issue: You receive the following error message:

Important: "Application [...] is not configured as a multi-tenant application. Usage of the /common endpoint is not supported for such applications created after 10/15/2018. Use a tenant-specific endpoint or configure the application to be multi-tenant."

Solutions:

  • Set a value for the Tenant parameter.
  • Configure the application to be multi-tenant.
The authentication works, but the user can't read emails from a shared mailbox

Issue: When using a shared account on the Microsoft 365 activities, on the user's personal account, one can retrieve mail, but when trying to read emails from a shared account, an Access Denied error appears.

Solution: Check if the Application has the Mail.Read.Shared API permission (delegated) set. This permission allows the app to read mail a user can access, including their own and shared mail.

Error: The user or administrator hasn't consented to use the application

Issue: You receive the following error message:

Important: "The user or administrator has not consented to use the application with ID [...] named [...]."

Solution: Make sure you follow these steps to grant admin consent.

IntegratedWindowsAuthentication (IWA) doesn't work in v1.4.0 and v1.5.0

Issue: IntegratedWindowsAuthentication (IWA) worked in UiPath.MicrosoftOffice.365.Activitiesv1.3.1, but doesn't work in UiPath.MicrosoftOffice.365.Activities v1.4.0 and v1.5.0.

Solution: Use UiPath.MicrosoftOffice.365.Activities version >= 1.6.0.

ApplicationIdAndSecret authentication in v1.4.0 and v1.5.0

Issue: When using UiPath.MicrosoftOffice.365.Activities v1.4.0 or v1.5.0, the Scope activity fails, even though the mandatory parameters, Application Id and Application Secret, are set correctly.

If the Tenant parameter isn't set, you can get one of the following errors:

Important:
  • "The token contains no permissions, or permissions can not be understood." (Multitenant)
  • "Application with identifier [...] was not found in the directory 'microsoft.com'. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant." (Single Tenant)

Solution: Set a value for the Tenant parameter.

Another option is to upgrade to UiPath.MicrosoftOffice.365.Activities version >= 1.6.0. Starting with v1.6.0, Tenant is a mandatory parameter.

Graph API requests within Microsoft 365 Scope

You can make Graph API requests within the Microsoft 365 Scope activity. This is possible when using a ParentScope object in an Invoke Code activity.

Note: This is possible for Windows-Legacy .NET 4.6.1 projects. It fails for Windows .NET5 projects (error message "Could not load file or assembly 'Microsoft.Graph, Version=3.32.0.0'").

See below an example with Studio v2021.10 (Windows-Legacy) and UiPath.MicrosoftOffice.365.Activities v1.11.1:





Was this page helpful?

Get The Help You Need
Learning RPA - Automation Courses
UiPath Community Forum
Uipath Logo White
Trust and Security
© 2005-2024 UiPath. All rights reserved.