Uses the Microsoft identity platform to establish an authenticated connection between UiPath and your Microsoft Office 365 application. This authenticated connection enables a Robot to call the Microsoft Graph API to read and write resources on your behalf.
To establish your authenticated connection, you first register your Microsoft Office 365 application in your Azure Active Directory (using your personal, work, and/or school Microsoft Office 365 account). When registering your application, you assign the Microsoft Graph API permissions that specify the resources a Robot can access on your behalf.
After registering your Microsoft Office 365 application, Azure Active Directory assigns a unique application (client) ID that you enter in the Microsoft Office 365 Scope activity. The ApplicationID is used to collect the necessary information about your registered app to initiate authentication.
How do I register my app and assign permission?
To learn more about registering your application and assigning permission, see the Setup guide. This guide provides step-by-step instructions to configure your Microsoft Office 365 application for automation.
- Application Secret - The secret string that the application uses to provide its identity.
- Secure Application Secret - The Application (client) secret, as a
Required if AuthenticationType is ApplicationIdAndSecret.
- Application Id - The unique application (client) ID assigned by the Azure Active Directory when you registered your app during Setup. The application (client) ID represents an instance of a Microsoft Office 365 application. A single organization can have multiple application (client) IDs for their Microsoft Office 365 account. Each application (client) ID contains its own permissions and authentication requirements. For example, you and your colleague can both register a Microsoft Office 365 application in your company's Azure Active Directory with different permissions. Your app could be configured to authorize permissions to interact with files only, while your colleague's app is configured to authorize permissions to interact with files, mail, and calendar. If you enter your application (client) ID into this property and run attended automation, the consent dialogue box would be limited to file permissions (and subsequently, only the Files activities can be used).
- Authentication Type - The type of authentication required for your registered application. Select one of the four options: InteractiveToken, IntegratedWindowsAuthentication, UsernameAndPassword or ApplicationIdAndSecret. The default value is InteractiveToken. For more information about these options and which one to select, see the Unattended vs. Attended Automation section below.
- Services - The service(s) that you granted API permissions to when you registered your app during Setup. This field supports only
MicrosoftServicevariables. Select one or more of the following services:
- Files - Select this service to use the Files and/or Excel activities.
- Mail - Select this service to use the Outlook activities.
- Calendar - Select this service to use the Calendar activities.
- Groups - Select this service to use the Groups activities.
- Shared - Select this service to use the Planner activities.
The default value is Unselected. If the necessary API permissions are not granted during app registration, the applicable activities will fail to run even if the service is selected in this property. For more information, see Add API permissions in the Setup guide.
- Tenant - The unique directory (tenant) ID assigned by the Azure Active Directory when you registered your app during Setup. Required for multi-tenant applications and IntegratedWindowsAuthentication. The directory (tenant) ID can be found in the overview page of your registered application (under the application (client) ID).
- ContinueOnError - If set, continue executing the remaining activities even if the current activity has failed.
- DisplayName - The display name of the activity.
- TimeoutMS - Specifies the amount of time to wait (in milliseconds) for the interactive authentication (consent dialogue box) to complete before an error is thrown. This field supports only integer and
Int32variables. The default value is 30000ms (30 seconds) (not shown).
- OAuthApplication - Indicates the application (client) to be used. If
UiPathis selected, ApplicationID and Tenant are ignored. This field supports only
OAuthApplicationvariables. Select one of the two options:
- UiPath - Default. When you want to use the application created by UiPath. In this case, Application ID and Tenant parameter values are ignored.
- Custom - When you want to create your own application with correct permissions. In this case, a value must be set for Application ID parameter.
- Private - If selected, the values of variables and arguments are no longer logged at Verbose level.
These properties apply when you run unattended automation only. When specifying values for these properties, be sure the AuthenticationType property is set to UsernameAndPassword. For more information, see the Username and Password section above.
- Password - The password of your Microsoft Office 365 account.
- SecurePassword - The password of your Microsoft Office 365 account, as a
- Username - The username of your Microsoft Office 365 account.
Required if AuthenticationType is UsernameAndPassword.
The following steps and message sequence diagram is an example how the activity works from design time (i.e., the activity dependencies and input/output properties) to run time.
- Complete the Setup steps.
- Add the Microsoft Office 365 Scope activity to your project.
- Enter values for the Authentication, Input, and Unattended (if applicable) properties.
The Microsoft Office 365 Scope activity has four different authentication flows (AuthenticationTypes) that you can choose from when adding the activity to your project. Your selection is dependent on the type of automation mode you plan to run (unattended or attended) and your application authentication requirements (consult with your administrator if you're unsure which authentication requirements apply to your application).
Unattended automation does not support multi-factor authentication. If your application requires multi-factor authentication, you can only run attended automation using the InteractiveToken authentication type.
The InteractiveToken authentication type can be used for attended automation and when multi-factor authentication (MFA) is required. This is the default option and what we use in our examples. If you're interested in "playing around" with the activity package, this option is easy to configure and works well for personal accounts (using the default redirect URI noted in step 7 of the Register your application section of the Setup guide).
When the Microsoft Office 365 activity is run for the first time using this authentication type, you are prompted to authorize access to the resources (you granted permissions to when registering your app) via a consent dialogue box.
If you select this option, the Username, Password, and Tenant properties should be left empty.
This authentication type follows the OAuth 2.0 authorization code flow.
The IntegratedWindowsAuthentication authentication type can be used for both attended and unattended automation. This option can apply to Windows hosted applications running on computers joined to a Windows domain or Azure Active Directory.
If you select this option, the Username and Password properties should be left empty. The Tenant property is optional.
The UsernameAndPassword authentication type can be used for both attended (when mutli-factor authentication is not required) and unattended automation.
Though it's not recommended by Microsoft, you can use this authentication type in public client applications. Using this authentication type imposes constraints on your application. For instance, apps using this flow won't be able to sign in a user who needs to perform multi-factor authentication (conditional access). It won't enable your application to benefit from single sign-on either. Authentication with username/password goes against the principles of modern authentication and is only provided for legacy reasons (additional information can be found on GitHub).
If you select this option, the Username and Password properties are required and the Tenant property is optional for single-tenant applications (required for multi-tenant applications).
The ApplicationID property is required when selecting the UsernameAndPassword AuthenticationType. You can register your Microsoft Office 365 Application using your personal, work, and/or school account.
In the matter of authentication with Application (client) ID and Application (client) Secret, keep in mind the following:
The appropriate API permissions must be configured for the Azure application in order for Office 365 activities to work properly (e.g. the application permissions Group.Create, Group.Read.All and Group.ReadWrite.All should be configured for Microsoft Graph when using Groups activities).
Some activities, like Find Meeting Times, cannot be used with this type of authentication because the corresponding Microsoft Graph API does not support application permissions. See here.
For email activities - Get Mail, Forward Mail, Send Mail, and Move Email - it is mandatory to specify a value for the Account parameter.