Blue Prism Product

 View Only
last person joined: 14 hours ago 

This community covers the core Blue Prism RPA product.

  • 1.  How to set up Microsoft Graph API with only Delegated Permissions?

    Posted 02-25-2021 18:21
      |   view attached

    Dear BP community,

    Lately we have been testing with the use of the Microsoft Graph API in Blue Prism. For our tests we have made use of the preconfigured Excel Graph API object, which we have downloaded from the Digital Exchange.

    Following the prerequisites steps, we have created an App Registration on our Azure AD test tenant. As the authentication uses only a client ID and secret, we for now have had to provide the App with solely Read/Write Application permissions. With this setup, we were successful in using the Excel API actions in our test environment.

    However, unfortunately our organization has a strict policy regarding the use of application permissions in Azure AD Apps. We therefore are looking for a way of using the Microsoft Graph API with only Delegated permissions enabled. For example, we ideally would like to restrict the Graph API in such a way that a robot is only able to edit a file/folder on a SharePoint site, when that account explicitly has been granted access to that particular site with its account (Windows AD).

    Could anyone therefore advise us on how we can configure our Microsoft Graph webservices object in such a way that we can make use of a delegated permissions setup?

    Many thanks in advance!



    ------------------------------
    Arthur Philippa
    RPA Developer
    Port of Rotterdam
    Europe/Amsterdam
    ------------------------------

    Attachment(s)

    docx
    MicrosoftGraph_Excel_UserGuide_v1.0.docx   927 KB 1 version


  • 2.  RE: How to set up Microsoft Graph API with only Delegated Permissions?

    Posted 02-26-2021 13:43
    Hi @Arthur Philippa,

    I haven't tested this scenario yet, but I have been giving it a little thought. What you're describing is essentially an OAuth Authorization Code Flow. The general process is that a human is presented with a login or authorization screen, in the browser, where they click approve or whatever and at that point permission is granted to the application to continue.

    Keep in mind that a human will have to be logged into the Runtime Resource to be able to provide the authorization unless you're going to build a VBO to do it?

    Check out this page on the Microsoft Graph site:

    https://docs.microsoft.com/en-us/graph/auth-v2-user

    It discusses how the scopes and a few other things would need to change in your app configuration on AD as well as the "Common Authentication" section of the Web API service definition in Blue Prism.

    Hopefully this helps.

    Cheers,
    Eric


    ------------------------------
    Eric Wilson
    Director, Partner Integrations for Digital Exchange
    Blue Prism
    ------------------------------

    Original Message


  • 3.  RE: How to set up Microsoft Graph API with only Delegated Permissions?

    Posted 03-26-2021 13:46
    Hello Arthur

    Hope that you are doing well?

    We have a similar challenge to solve using Graph API and Blueprism where we are trying to access O365 Mailboxes and manage emails via Blueprism rather than using outlook VBO and incurring the O365 licensing cost.

    Did you manage to find a solution to your question you posted?  I'm keen to understand if you have been able to solve this challenge how you managed to do this. We in discussions with our organizations security team regarding the exact topic.

    Your feedback will be appreciated

    Allan​

    ------------------------------
    Allan Ross
    Digital Technologist
    Nedbank
    Europe/London
    ------------------------------

    Original Message


  • 4.  RE: How to set up Microsoft Graph API with only Delegated Permissions?

    Posted 03-29-2021 14:14
    Hello Allen,

    Currently we are still testing the delegated premission setup with our Security Team, but we have seen some promising test results!
    For example, using the delegated setup, the robot is only able to access the documents on SharePoint sites to which it has been added as a member.

    To make use of a delegated setup, we have created an additional custom API reference in Blue Prism to request a Bearer Access token using the OAuth 2.0 resource Password Grant type reference (see url: Aanmelden met wachtwoord referenties voor de resource-eigenaar - Microsoft identity platform | Microsoft Docs). For obtaining a delegated access token, you will need to pass the TenantID, ClientID, ClientSecret, UserName and Password as input parameters (note the body has to be in XML).

    Attached you will find some screen cature regarding the setup.

    Hopes this helps you with you query!

    ------------------------------
    Arthur Philippa
    RPA Developer
    Port of Rotterdam
    Europe/Amsterdam
    ------------------------------

    Original Message


  • 5.  RE: How to set up Microsoft Graph API with only Delegated Permissions?

    Posted 03-29-2021 15:42
    Hi everyone!

    I can see the VBO to retrieve the Delegated Access Token is included in the MS Teams Graph VBO which was recently released. It is named "Microsoft Graph - Teams Authentication". 

    Am I right that I can use that VBO to get an Access Token for all the MS Graph VBOs which were yet released in the DX? If so then the name "Teams Authentication" might be a bit misleading in the release.

    Best regards
    Til

    ------------------------------
    Til Minet
    RPA Developer
    EWE AG Germany
    Europe/Berlin
    ------------------------------

    Original Message


  • 6.  RE: How to set up Microsoft Graph API with only Delegated Permissions?

    Posted 03-29-2021 16:27
    Hello Arthur

    Thanks for sharing this.  This really helps guide us in the right direction.

    regards
    Allan

    ------------------------------
    Allan Ross
    Digital Technologist
    Nedbank
    Europe/London
    ------------------------------

    Original Message


Related Content

Welcome to the Blue Prism RPA Product Community!

Whether you’re looking to manage a complex infrastructure, maintain security and compliance, bring new products to market faster, or gain operational speed and agility in an uncertain economy, Blue Prism delivers — with the flexibility you need to create the business you want. From deployment on-premise, through a cloud service provider or as SaaS, to a skillful and adaptable digital workforce that continually expands to meet your enterprise needs, you can gain enhanced operational insight and control while your people reclaim the time they need to focus on great work.

Product PageKnowledge BaseBlue Prism Training Offering
Product Research ProgramUpdates, Releases & Announcements

FAQs

Blue Prism is intelligent automation — business-developed, no-code automation that pushes the boundaries of robotic process automation (RPA) to deliver value across any business process in a connected enterprise.

A combination of RPA with expanded cognitive and AI capabilities, Blue Prism is different than other automation technology on the market. With one Blue Prism license, you gain instant access to an already AI equipped digital workforce, along with the tools you need to build and delegate automations. Click here for more information on Blue Prism and Intelligent Automation.
To learn more about how Blue Prism RPA can help your organization and how much it will cost to get started, please Contact our Sales department.
Blue Prism RPA can be downloaded from our customer portal. If you would like to consume or download any material it is necessary to create an account on the Portal. Once you have registered, you can access the download options for Blue Prism here.
Yes! Installed on your own machine and supported by our training materials and product documentation, you can use all the features of the full enterprise product for free with our Blue Prism Trial – giving you the opportunity to learn the basics before moving to a full production implementation. Click here for more information and to download the trial.
Yes! You can access our known issue list for Blue Prism from our Support Portal.
Regardless of your industry, Blue Prism’s Digital Workforce can adhere to strict governance and compliance standards without limiting productivity. Click here for more information on how your industry can benefit from Blue Prism.