Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

MSAL.NET / Microsoft Graph API - Teams

GemmaHolmes
Level 3

‎03-10-23 04:30 PM

Hi,

Is there a way to use the Microsoft Graph API to send a channel message if the logged in user has MFA enabled on their account?

Really struggling to get this to work. 

Currently using the below objects:

MSAL.NET::Get Auth Token - Username and Password

Microsoft Graph - Teams::Send Channel Message

Microsoft Graph API works in Postman fine, just can't get it to work in Blue Prism.

If I try and used the "Get Auth Token - Username and Password" action in MSAL.NET object, I get the below error:

MSAL.Desktop.4.42.1.0.MsalClientException: ErrorCode: parsing_wstrust_response_failed

Microsoft.Identity.Client.MsalClientException: There was an error parsing WS-Trust response from the endpoint. This may occur if there is an issue with your ADFS configuration. See https://aka.ms/msal-net-iwa-troubleshooting for more details. Error Message: Federated service at https://autologon.microsoftazuread-sso.com/***REDACTED***

If I use the "Get Auth Token - Client Secret" action in MSAL.NET object, it gets the access token, however when I then go to use the "Send Channel Message" action in the Microsoft Graph - Teams webservice, I get the below error:

Internal : Unexpected error Error during Web API HTTP Request

HTTP Status Code: 403

HTTP Response Content: {"error":{"code":"Forbidden","message":"Missing role permissions on the request. API requires one of 'Teamwork.Migrate.All'. Roles on the request

From my understanding of what I've looked up is that for this error to be resolved it requires the App permissions in Azure to be set to Application-Only and the Teams Group and Channel need to have their settings changed to be in a migration state. But that the "Send Channel Message" action only works if the App permissions have Delegated access, which it does.

I've attached what the APP has been set up as.

Many thanks



------------------------------
GH
------------------------------
GH
Preview file
17 KB
0 Likes
3 REPLIES 3

ewilson
Staff
Staff

‎06-10-23 01:35 PM

Hi @GemmaHolmes,

You either need to disable MFA on the user account or you need to look into the Blue Prism Authenticator asset on the DX. The Authenticator asset gives you the ability to perform two factor authentication within a Digital Worker. 

https://digitalexchange.blueprism.com/dx/entry/9648/solution/blue-prism-authenticator 

Cheers,



------------------------------
Eric Wilson
Director, Integrations and Enablement
Blue Prism Digital Exchange
------------------------------
0 Likes

GemmaHolmes
Level 3
In response to ewilson

‎11-10-23 08:20 AM

Hi @ewilson

Thank you for your reply.

Would the idea of the Authenticator object be to log into the Azure App before running the Microsoft Graph - Teams API call?

A little confused how it works going through the UI as, for example, when I try and run it myself, even though MFA is enabled on my accounts, I'm already logged into my Microsoft applications (so MFA not required) and it still doesn't work. The scenario would be the same for the digital workers.

Kind regards

Gemma



------------------------------
GH
------------------------------
GH
0 Likes

ewilson
Staff
Staff
In response to GemmaHolmes

‎31-10-23 02:18 PM

Hi @GemmaHolmes,

Apologies for the delay. The way I've used this in the past with Microsoft is to open the browser and login to something like myapps.microsoft.com. That should prompt you for credentials. If this is the first time the digital worker account is logging in you'll need to register the MFA option (see the VBO user guide for more details). Once you've successfully register for MFA using the VBO you can then perform 2FA logins using it with the specific DW user ID.

Cheers,  



------------------------------
Eric Wilson
Director, Integrations and Enablement
Blue Prism Digital Exchange
------------------------------
0 Likes