activities
latest
false
Productivity Activities
Last updated Nov 6, 2024

Interactive token

Overview

  • Runs: as a user.
  • Scenario: attended automation.
  • Delegated permissions.
Note: This is the same authentication method supported in Integration Service, either through the public UiPath App or a private custom application (Bring your own app method).

Details

  • Interactive Token authentication type can be used for attended automation and when multi-factor authentication (MFA) is required. This is the default option and what we use in our examples. If you're interested in trying out the activity package, this option is easy to configure and works well for personal accounts (using the default redirect URI noted in step 7 of the Register your application section of the guide).
  • You have the option of registering and using your own Azure app (i.e., OAuthApplication = UiPath) or the one provided by UiPath (OAuthApplication = Custom):
    • UiPath Public App registration: The advantage of using the UiPath public app is that you don't need to configure or maintain the application Note: UiPath does not store any user data. The authentication token is saved only on your machine or in your Orchestrator bucket. See UiPath Public App registration.
    • Custom App registration: The advantage of using your own custom app is that you can manage, customize, and assign permissions within your organization more granularly. See How to create an application for Microsoft 365 Scope connections.
  • When you create a custom application, you must select an application type. For interactive token authentication, use a mobile/desktop application (which uses OAuth 2.0 authorization code flow).
  • When you run the Microsoft 365 activity for the first time using this authentication type, you are prompted to authorize access to the resources (you granted permissions to when registering your app) via a consent dialogue box. See Get access on behalf of a user.
  • A single organization can have multiple application (client) IDs. Each application (client) ID contains its own permissions and authentication requirements. For example, you and your colleague can both register a Microsoft 365 application in your company's Azure Active Directory with different permissions. Your app can be configured to authorize permissions to interact with files only, while your colleague's app is configured to authorize permissions to interact with files, mail, and calendar.
  • If you select this authentication type in Microsoft 365 Scope, leave the Username and Password fields empty. If you're using a single tenant app, configure the Tenant field. If you're using a multitenant app (the UiPath public app is multitenant), you can leave the Tenant field empty.

Scopes for Interactive token

When you add an activity to Microsoft 365 Scope, its required scopes are automatically detected. You can also choose to allow additional scopes or fewer scopes. If fewer scopes are selected, some activity functionalities might not work. For more information, see Working with activity scopes.


docs image

UiPath Public App registration

The UiPath Public App is registered with the following information:

  • Name: UiPathStudioO365App
  • Client ID: f2f43f65-16a6-4319-91b6-d2a342a88744
  • Scopes: Calendars.Read, Calendars.Read.Shared, Calendars.ReadWrite, Calendars.ReadWrite.Shared, Chat.ReadWrite, email, EWS.AccessAsUser.All, Files.Read, Files.Read.All, Files.ReadWrite, Files.ReadWrite.All, Group.Read.All, Group.ReadWrite.All, Mail.Read, Mail.Read.Shared, Mail.ReadWrite, Mail.ReadWrite.Shared, Mail.Send, Mail.Send.Shared, offline_access, openid, Presence.Read, Presence.Read.All, profile, Sites.Read.All, Sites.ReadWrite.All, User.Read, User.Read.All.

How to create an application for Microsoft 365 Scope connections

To enable the Microsoft 365 classic activities, your app must be integrated with the Microsoft identity platform and have the correct Microsoft Graph API permissions assigned to it.

To integrate your application, assign permissions, and start building your automation project, complete the following steps:

  1. Register your application.
  2. Add API permissions.
  3. Build your project.

After registering your Microsoft 365 application, Azure Active Directory assigns a unique application (client) ID that you enter in the Microsoft 365 Scope activity along with the services that you assigned permissions to (e.g., files, mail, calendar).



Register your application

Tip: This process is described in detail in the Microsoft documentation in Quickstart: Register an application with the Microsoft identity platform. Please note that the Microsoft UI may have changed since these steps were first documented.
  1. Sign in to the Azure portal using your personal, work, or school Microsoft 365 account.
  2. In the left-hand navigation panel, click Azure Active Directory.
  3. After the Azure Active Directory page opens, click App registrations.
  4. Click + New registration in the top navigation bar.

  5. Enter a Name for your application (e.g., "Office365App").
  6. Under Supported account types, select the option that applies to you. For more information about which option to select, refer to Who can sign in to you app?:

    • Accounts in this organizational directory only - Use this option if your target audience is internal to your organization. This represents a single tenant application.
    • Accounts in any organizational directory (Any Azure AD directory - Multitenant) - Use this option if your target audience is business or educational customers. This represents a multitenant application.
    • Accounts in any organizational directory and personal Microsoft accounts (e.g. Skype, Xbox) - Use this option to target the widest set of Microsoft identities. This represents a multitenant application.
  7. Under Redirect URI (optional), enter a URI address (if applicable). The Microsoft Authentication Library (MSAL.NET) uses a default redirect URI: https://login.microsoftonline.com/common/oauth2/nativeclient. This value will likely work for you when using the Interactive Token authentication type.
    • Your selection is dependent on your authentication type. For more information on this topic, see How to connect to Microsoft 365 activities).
    • In our example, the organization supports multi-tenant authentication and can only use the Interactive token authentication type which requires a redirect URI.
      • If you use Interactive Token and the default Microsoft Redirect URI, you must add a platform of type Mobile and desktop applications. For more information, see Configure platform settings in the Microsoft documentation.
      • If your authentication type is Integrated Windows Authentication (IWA) or Username and Password, you don't need to register a redirect URI for your application. These flows do a round trip to the Microsoft identity platform v2.0 endpoint, and your application won't be called back on any specific URI.
    • When working with Microsoft 365 in a UiPath Studio project targeting .NET 5.0, add http://localhost to the Redirect URI of your custom applications.

      For more information, see Desktop app-registration in the Microsoft identity platform documentation.

  8. Select Register. An example configuration is available in the image below.
    Note: This setup is just an example. Follow the steps described in the documentation and make selections based on your organization's policies.


You're done! Now, let's add API permissions to your registered application.

Add API permissions

  1. From your registered application page (Azure portal > Azure Active Directory > App registrations > Office365App), select API permissions in the left-hand navigation panel.
  2. After the API permission page opens, click + Add a permission (this opens the Request API permissions window).
  3. Under Select an API, click Microsoft APIs (may be open by default).
  4. Under Commonly used Microsoft APIs, click Microsoft Graph.

  5. Under What type of permissions does your application require?, click Delegated permissions or Application permissions to show the list of permissions. Select Application permissions if you are using ApplicationIdAndSecret or ApplicationIdAndCertificate authentication type. The other authentication types available in Microsoft 365 Scope activity require Delegated permissions.

    For more information about permission types, see Configure a client application to access web APIs in the Microsoft Azure documentation.

  6. Use the search bar or scroll down the alphabetical list and select the following permissions:
    Note: These permissions are not all mandatory. The provided list represents the complete set of permissions required to run all Microsoft 365 activities. You can restrict permissions depending on your particular use case. Check out the activities documentation pages to learn what permissions they need.
    • Calendar

      • Calendars.Read
      • Calendars.ReadWrite
    • Files

      • Files.Read
      • Files.Read.All
      • Files.ReadWrite
      • Files.ReadWrite.All
    • Sites

      • Sites.Read.All
      • Sites.ReadWrite.All
    • Mail

      • Mail.Read
      • Mail.ReadWrite
      • Mail.Send
    • Users
      • User.Read
    • Shared (scopes needed to access resources that are shared with, but not owned by, the user.)

      • Mail.Read.Shared
      • Mail.ReadWrite.Shared
      • Mail.Send.Shared
      • Calendars.Read.Shared
      • Calendars.ReadWrite.Shared
    • Select Add permissions to return to your list of API permissions.



  7. Make sure your API permissions include your added Calendars, Files, User, and Mail permissions.



Build your project in Studio Desktop

  1. Create a new automation project.

    1. Open UiPath Studio.

    2. Under New Project, click Process. This opens a New Blank Process window.

    3. Enter a project Name, Location, and Description.

    4. Choose the Compatibility. Windows is selected by default.

    5. Click Create.

  2. Install the UiPath.MicrosoftOffice365.Activities package.

    1. From the Design ribbon, select Manage Packages.
    2. Under All Packages, in the Search bar, enter Office 365 or Microsoft.
    3. Select the package version you want, then select Install.
    4. Click the Save button.
    For more information about UiPath Studio packages, see Managing Packages in the Studio Guide.

You're done! Now that you have completed the setup, you can start adding the Microsoft 365 activities to your project.

Next steps

For a hands-on learning experience and to quickly start using the activities, see the Quickstart guides. These guides provide step-by-step instructions to help you create working samples of the different activities so that you can verify the connection to your registered app and get familiar with the input/output properties.

To learn more about the Microsoft 365 activities (including example property inputs/outputs), see the Classic activities for a complete list and links to the activity detailed pages.

Was this page helpful?

Get The Help You Need
Learning RPA - Automation Courses
UiPath Community Forum
Uipath Logo White
Trust and Security
© 2005-2024 UiPath. All rights reserved.