Digital Exchange

 View Only
last person joined: 5 days ago 

This community is a place to discuss Blue Prism DX assets and development.

  • 1.  MS Graph API - Authentication connector via MSAL

    Posted 09-07-2022 14:31

    The MS Graph API - Authentication connector calls the https:// login.microsoftonline.com/* endpoint directly passing the username / password provided which is hitting Azure AD and attempting to authenticate directly against the cloud.

     Because our company does not have password hash sync enabled this will not work as the account password is not stored in Azure AD.

     Is there a solution possible using one of the available MSAL library's https://aka.ms/msal which will then allow for the authentication request to be redirected back to our on-premises hybrid identity infrastructure?

    -----------------
    Willy Vanroy
    AXA Bank
    -----------------



    ------------------------------
    Willy Vanroy
    Developer
    AXA Bank
    Europe/Brussels
    ------------------------------


  • 2.  RE: MS Graph API - Authentication connector via MSAL

    Posted 09-07-2022 22:07
    Hello @Willy Vanroy,

    Have you checked the MSAL.NET connector?

    Cheers,


    ------------------------------
    Eric Wilson
    Director, Integrations and Enablement
    Blue Prism Digital Exchange
    ------------------------------

    Original Message


  • 3.  RE: MS Graph API - Authentication connector via MSAL

    Posted 09-08-2022 10:36

    It seems there is only support for Application Permissions, thus signing in with a Client Secret,

    But with this type of deployment AXA cannot control from where the traffic is coming, also the document doesn't share the API permissions for which need to be assign so they cannot until they know guarantee that the permissions will fall within the range that is 'scopeable' (not sure that's a word) …

    Is there a version which uses the MSAL.NET library but provides support for Delegated Permissions please? Possibly using the ROPC credential flow …



    ------------------------------
    Willy Vanroy
    Developer
    AXA Bank
    Europe/Brussels
    ------------------------------

    Original Message


  • 4.  RE: MS Graph API - Authentication connector via MSAL

    Posted 09-08-2022 12:41
    @Willy Vanroy,

    The permissions/scope are up to you. They are set on the application registration within Azure AD​. For example, if I want to register an application that can work with email, I would add some subset of the various Mail permissions.



    According to this link, Microsoft specifically recommends not using the ROPC flow:
     
    Perhaps you can provide some more detail about how authentication works in your environment?

    Cheers,

    ------------------------------
    Eric Wilson
    Director, Integrations and Enablement
    Blue Prism Digital Exchange
    ------------------------------

    Original Message


Related Content

Welcome to the Blue Prism Digital Exchange Community!

The Blue Prism Digital Exchange is a "shop window" for new and emerging technologies—a platform that puts powerful RPA and AI capabilities into the hands of business leaders. Users can find and apply pre-built AI capabilities, in the form of downloadable integrations and Visual Business Objects (VBOs), to automated processes. These assets connect and integrate Digital Workers, existing systems and processes to Blue Prism's technology partners, creating a solid foundation of AI-enabled Intelligent Automation that's scalable and sustainable.

Blue Prism Digital ExchangeDX Asset IdeasContact DX Support

FAQs

The Blue Prism Digital Exchange (DX) is an online marketplace where businesses can instantly access, apply and share pre-built AI, cognitive and advanced RPA technologies from best-in-class providers. These assets easily connect to existing digital workers, systems and processes to enhance automation capabilities.
The Digital Exchange is free to all users. Most of the content on the DX is free to download but there are some submissions that do have a cost associated. The submissions with a cost are advertised on the asset card and profile. No unwanted costs will be applied to any users.
You can visit and browse the Digital Exchange here. If you would like to consume or download any material it is necessary to create an account on the Blue Prism Portal first.
Everyone can access the Digital Exchange and consume the assets on it. If you would like to contribute to the marketplace it is necessary that you create an account and sign up as a partner.