Hello Allen,
Currently we are still testing the delegated premission setup with our Security Team, but we have seen some promising test results!
For example, using the delegated setup, the robot is only able to access the documents on SharePoint sites to which it has been added as a member.
To make use of a delegated setup, we have created an additional custom API reference in Blue Prism to request a Bearer Access token using the
OAuth 2.0 resource Password Grant type reference (see url:
Aanmelden met wachtwoord referenties voor de resource-eigenaar - Microsoft identity platform | Microsoft Docs). For obtaining a delegated access token, you will need to pass the
TenantID,
ClientID,
ClientSecret,
UserName and
Password as input parameters (note the body has to be in XML).
Attached you will find some screen cature regarding the setup.
Hopes this helps you with you query!
------------------------------
Arthur Philippa
RPA Developer
Port of Rotterdam
Europe/Amsterdam
------------------------------
Original Message:
Sent: 03-26-2021 13:45
From: Allan Ross
Subject: How to set up Microsoft Graph API with only Delegated Permissions?
Hello Arthur
Hope that you are doing well?
We have a similar challenge to solve using Graph API and Blueprism where we are trying to access O365 Mailboxes and manage emails via Blueprism rather than using outlook VBO and incurring the O365 licensing cost.
Did you manage to find a solution to your question you posted? I'm keen to understand if you have been able to solve this challenge how you managed to do this. We in discussions with our organizations security team regarding the exact topic.
Your feedback will be appreciated
Allan
------------------------------
Allan Ross
Digital Technologist
Nedbank
Europe/London
Original Message:
Sent: 02-25-2021 18:21
From: Arthur Philippa
Subject: How to set up Microsoft Graph API with only Delegated Permissions?
Dear BP community,
Lately we have been testing with the use of the Microsoft Graph API in Blue Prism. For our tests we have made use of the preconfigured Excel Graph API object, which we have downloaded from the Digital Exchange.
Following the prerequisites steps, we have created an App Registration on our Azure AD test tenant. As the authentication uses only a client ID and secret, we for now have had to provide the App with solely Read/Write Application permissions. With this setup, we were successful in using the Excel API actions in our test environment.
However, unfortunately our organization has a strict policy regarding the use of application permissions in Azure AD Apps. We therefore are looking for a way of using the Microsoft Graph API with only Delegated permissions enabled. For example, we ideally would like to restrict the Graph API in such a way that a robot is only able to edit a file/folder on a SharePoint site, when that account explicitly has been granted access to that particular site with its account (Windows AD).
Could anyone therefore advise us on how we can configure our Microsoft Graph webservices object in such a way that we can make use of a delegated permissions setup?
Many thanks in advance!
------------------------------
Arthur Philippa
RPA Developer
Port of Rotterdam
Europe/Amsterdam
------------------------------