Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Microsoft Graph/MSAL.net - delegated -device

acatalano
Level 4

‎13-03-23 07:46 PM

Hi, I read many threads about Microsoft Graph and MSAL.net, but I didn't find my problem.

I am trying to authenticate to azure with delegated permission but am getting these errors.

When I run Microsoft Graph - Authentication::Get Delegated Access Token (Blue Prism VBO), the response was:

"invalid_grant","error_description":"AADSTS53003: Access has been blocked by Conditional Access policies. The access policy does not allow token issuance.

When I run MSAL.NET::Get Auth Token - Username and Password (Blue Prism VBO), the response was:

System.AggregateException: Se han producido uno o varios errores. ---> Microsoft.Identity.Client.MsalUiRequiredException: AADSTS50079: Due to a configuration change made by your administrator, or because you moved to a new location, you must enroll in multi-factor authentication to access.

In the Azure logs we found that the device information was empty and Microsoft support informed us that we must add it in the code.

The device is already hybridized in azure. The user account too.

So we need to add the device data to the action, any idea how to do it?

11 REPLIES 11

ewilson
Staff
Staff
In response to sarthak_86

‎17-07-24 02:34 PM

@sarthak_86 based on the error message your administrator hasn't consented to the use of the Graph API for the application ID you're using. I believe it's called out in the documentation as a necessary step for a DW to use delegated permissions.

Cheers,
Eric

0 Likes

sarthak_86
Level 5
In response to ewilson

‎17-07-24 02:41 PM

Thanks @ewilson, I was confused with the permissions, I will request the administrator for this and will see if it works or not.

0 Likes