Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Graph API - Setup

JohanSörman
Level 5

‎26-10-22 10:23 AM

Hi,

I have access to Azure portal and have an application created. After setting up client key and secret, is that enough to use the actions in BP or do you have to manually configure Web API like any normal REST API?

Another question, in a previous version we had to create an app inside of the Sharepoint for the site we wanted to interact with to get the client secret. With Graph, is this still required or is it enough for the account being a member/admin of the site (for protected sites or whatever they're called)?

------------------------------
Johan Sörman
DevOps Engineer, Senior RPA Developer
Telia Company
Sweden
------------------------------
0 Likes
15 REPLIES 15

ewilson
Staff
Staff

‎26-10-22 06:11 PM

Hello @Johan Sörman,

To use the Graph API you must also apply the appropriate permissions to the specific application registration you create in the Azure portal. As an example, if you've create an application registration, and credentials, for working with Sharepoint, you'll want to apply the necessary Site permissions as depicted in the example below:

7082.png
There are lots of Graph permissions available depending on what you're trying to do (ex. Mail/Outlook, Excel, Users, etc).

Cheers,


------------------------------
Eric Wilson
Director, Integrations and Enablement
Blue Prism Digital Exchange
------------------------------

JohanSörman
Level 5
In response to ewilson

‎27-10-22 08:26 AM

Hi @ewilson,
So, going to each site to reg an app is no longer needed, correct?

​https://domain.sharepoint.com/sites/SiteName/_layouts/15/appinv.aspx

------------------------------
Johan Sörman
DevOps Engineer, Senior RPA Developer
Telia Company
Sweden
------------------------------
0 Likes

JohanSörman
Level 5
In response to ewilson

‎28-10-22 10:36 AM

Hi @ewilson,
Is Application Permission required for this to work? I.e Delegated doesn't? I tried the Autentication and believe everything should be setup correcly but keep getting errors about users (tried on myself) isn't in this tenant directory.​

------------------------------
Johan Sörman
DevOps Engineer, Senior RPA Developer
Telia Company
Sweden
------------------------------
0 Likes

ewilson
Staff
Staff
In response to JohanSörman

‎28-10-22 03:50 PM

Hello @Johan Sörman,

Based on the documentation for the Graph API, both Application and Delegated access are supported for SharePoint sites. You can see the specific permissions required for each endpoint (aka Action) here.

I don't think we've tried Delegated on our test SharePoint sandbox, but we'll give it a go and see what happens.

Cheers,


------------------------------
Eric Wilson
Director, Integrations and Enablement
Blue Prism Digital Exchange
------------------------------
0 Likes

JohanSörman
Level 5
In response to ewilson

‎31-10-22 08:16 AM

Hi @ewilson​ , 
I was unable to get any tokens from either delegated or application access. I'm guessing this has to do with we have enabled MFA in AD and no permissions been approved yet for application access by our Azure Admins.

------------------------------
Johan Sörman
DevOps Engineer, Senior RPA Developer
Telia Company
Sweden
------------------------------
0 Likes

ewilson
Staff
Staff
In response to JohanSörman

‎31-10-22 12:31 PM

Hello @Johan Sörman,

Ah, yes. MFA does present problems with trying to retrieve a token for Graph. I haven't specifically tested an MFA-based workflow with the Graph API, but I have worked with MFA for digital workers that are automating applications via the browser. There are actually two connectors on the DX that support MFA/OTP (One Time Passwords) that may help you along.

You can find them here.

Cheers,


------------------------------
Eric Wilson
Director, Integrations and Enablement
Blue Prism Digital Exchange
------------------------------
0 Likes

JohanSörman
Level 5
In response to ewilson

‎31-10-22 12:33 PM

I'm not an expert on the MFA area but we used to have issues with it but now robot accounts are treated like an internal user so MFA is passed but I would assume the Get Token is failing because we have MFA.

------------------------------
Johan Sörman
DevOps Engineer, Senior RPA Developer
Telia Company
Sweden
------------------------------
0 Likes

ewilson
Staff
Staff
In response to JohanSörman

‎31-10-22 01:08 PM

@Johan Sörman,

Very strange indeed. An Application Access token is essentially a backend service-to-service type token. There's no actual user account, per se, associated with it, so I'm not sure how MFA would come into play for it. Do you receive an error response when you request the token? Maybe an HTTP 403 or something?

Here's a link to the Microsoft Graph documentation pertaining to authentication and authorization. I don't actually see anything related to MFA in it, but I may have missed it.

https://learn.microsoft.com/en-us/graph/auth/

Cheers,


------------------------------
Eric Wilson
Director, Integrations and Enablement
Blue Prism Digital Exchange
------------------------------
0 Likes

JohanSörman
Level 5
In response to ewilson

‎31-10-22 01:18 PM

@Eric Wilson,
From what I recall when I ran tests last week I saw several errors, no status codes though.
When trying to get a delegated token I got error along the lines of "user not found in AD" which I assumed was MFA based error.
If I tried to get "normal" token, I got client error message

When I tried the MSAL VBO from DX, I just got "Multiple error" message so can't say what was incorrect.

I would assume I can't get a token if there no permission granted to the app in Azure Portal?​

------------------------------
Johan Sörman
DevOps Engineer, Senior RPA Developer
Telia Company
Sweden
------------------------------
0 Likes
li.common.scroll-to.top