Community blogs are written by members of the SS&C Blue Prism Community and represent the views of the author. For more information on Community Blogs, or to submit your own, see here.

In the world of intelligent automation, access to enterprise data is the key to unlocking next-level efficiency and productivity. For organizations leveraging SS&C Blue Prism to automate critical business processes, integrating with Microsoft Graph API opens a gateway to the entire Microsoft 365 ecosystem — from Outlook and Teams to SharePoint, OneDrive, Excel, and beyond.

This article will guide you through the technical setup required to connect SS&C Blue Prism to Microsoft Graph API using Blue Prism's native VBOs and Digital Exchange connectors. You'll learn how to:

1. Register an Azure AD app (prerequisite for authentication)
2. Configure API permissions (using Utility - HTTP and MSAL.NET VBO)
3. Authenticate with Graph API (via Graph API - Authentication connector from Digital Exchange)
4. Execute API actions (leveraging specialized VBOs like Graph API - SharePoint or Graph API - Outlook)

Why Integrate Microsoft Graph API with Blue Prism?

Microsoft Graph API provides a unified RESTful endpoint to access data across Microsoft 365 services. When combined with Blue Prism’s digital workers, it enables:

• Cloud-based automation (no local dependencies)
• Scalable interactions with emails, files, calendars, and Teams
• Secure access via OAuth 2.0 and Azure Entra ID.
• Supports OData query parameters allowing you to filter, sort, and paginate results efficiently in a single request.

RPA Use Cases for Graph API Integration

These use cases make it easier for Blue Prism digital workers to move beyond desktop automation and seamlessly interact with enterprise cloud services,increasing scalability and control.

Step-by-Step: Register and Configure Microsoft Graph API Access for Blue Prism

Step 1: Register an Application in Azure AD

1. Navigate to the Azure Portal by going to https://portal.azure.com and sign in with your Azure account.
2. Search for “App Registrations” in the top search bar, and select it from the results.
3. Create a New Registration:
• Click “New Registration”
• Enter a name for your application (e.g., BluePrismGraphBot)
• Choose the Supported Account Type (e.g., Single Tenant for internal org use)
• Click “Register”.

Step 2: Configure API Permissions

1. After registering the app, go back to the App Registrations screen and select your newly registered application.

2. Add API Permissions

• In the left-hand menu, click on "API Permissions".
• Click "Add a Permission".
• Select "Microsoft Graph" from the list of APIs.

3. Choose Permission Type

• Application Permissions: Use this if your app needs to perform actions at the tenant level without user interaction.
• Delegated Permissions: Use this if your app needs to perform actions on behalf of a signed-in user.

4. For this example, we’ll use Application Permissions. 

• Select Required Permissions
• Choose the permissions your app requires (e.g., Access Review, Agreements, Consent Request).
• Click "Add Permissions".

5. if you’re using Application Permissions, ensure you grant Admin Consent for the permissions to take effect.

Step 3: Create a Client Secret

1. Navigate to Certificates & Secrets
• In the left-hand menu, click on "Certificates & Secrets".
• Under the "Client Secrets" section, click "New Client Secret".
2. Generate a New Secret
• Provide a description for the secret (e.g., "Graph API Access").
• Set an expiration period (e.g., 6 months, 1 year, or never).
• Click "Add".
3. Save the Client Secret
• Once generated, copy the Client Secret value immediately. This will only be displayed once, so store it securely.

Step 4: Retrieve Application ID and Secret ID

1. Locate Application ID
• In the Overview section of your app registration, you’ll find the Application (Client) ID. Copy this value.
2. Use the Client Secret
• Combine the Application ID and Client Secret to authenticate your application when calling the Microsoft Graph API.

Configure Authentication & Permissions

Client Secrets & Permissions

• Client Secrets: Expire after the duration set during app registration (e.g., 90 days). Rotate secrets proactively.
• API Permissions: Critical for security and functionality. Choose based on:
• Application Permissions: For service-to-service access (no user context).
• Delegated Permissions: For actions on behalf of a user (requires sign-in).

 Reference: Microsoft Graph Permissions Guide

Blue Prism Setup for Graph API

Prerequisites

• Blue Prism v6.7+
• Required VBOs:
  • Copy Microsoft.Identity.Client.dll to C:\Program Files\Blue Prism Limited\Blue Prism Automate.
• Utility - HTTP
• Utility - JSON
• Utility - Strings
• Utility - File Management
• Microsoft Authentication Library (MSAL.NET)

Authentication Methods

• Application Access: Inputs: Client ID, Client Secret, Tenant ID 
• Delegated Access: Inputs: Client ID, Client Secret, Tenant ID, Username, Password

Blue Prism Connectors for Graph API

You can use the below list to leverage pre-built connectors from Blue Prism Digital Exchange.

• Graph API - Authentication
• MSAL
• Graph API - Excel
• Graph API - Teams
• Graph API - SharePoint Upload Session
• Graph API - Outlook
• Graph API - Download Files
• Graph API - SharePoint
• Graph API - OneNote

Tips and Tricks for Graph API

Graph API 

Grab some IDs:

• Site ID: GET https://<tenant>. sharepoint.com/sites/<site-url>/_api/site/id 
• Drive ID: Use Get Default Drive Details action in SharePoint VBO. It is unique for a SharePoint.
• File/Folder ID: Use Get Drive Children Content action.
• It is a UUID (ex. 01ADH6OCA4T2W4SKL5OZELM3LOKI35OQEJ) that uniquely identifies the file/folder.

 For SharePoint Graph API

1. Deletion and re-creation of file/folder will renew its ID.
2. Drive ID will not change for the SharePoint where you are working.
3. If you will try to move/upload the file which is opened by someone else - this error will come error":{"code":"notAllowed","message”: “The resource you are attempting to access is locked"}
4. Move of file/folder will not change its ID.
5. You may need to refresh the SharePoint URL to see the changes.
6. List id would not change for a particular List.

 For Excel Graph API

1. Excel operations work on Session ID which is secured by Open Workbook Action
2. As per best practice, it is good to close the session.
3. Creating the same worksheet which already exists will give Error: 400 Bad Request.
4. Workbook ID will not change for the Excel where you are working, and it is must for using Excel Graph API VBO.
5. Deleting the Worksheet which does not exist will give Error: 404 Not Found.
6. Operation on Excel will work even though Excel is open in browser, but you may need to refresh SharePoint URL to see the changes.  

Graph API Testing & Debugging Tools

• Microsoft Graph Explorer: Link
• Postman: Blue Prism Connector
• Bruno/Insomnia: Alternative API clients.

Current Limitations

Conclusion

Integrating Microsoft Graph API with Blue Prism unlocks:

• No local Office apps required (cloud-native automation).
• Reduced VM configuration time.
• Fewer errors vs. legacy VBOs.

Next Steps:

Now that you know everything about Microsoft Graph APIs with Blue Prism, we recommend you  explore Digital Exchange connectors for your use case. And why not test authentication flows with Graph Explorer. Let us know how you get on.