- Getting started
- Notifications
- Licensing
- Troubleshooting
- Connector Builder
- Act! 365
- ActiveCampaign
- Active Directory - Preview
- Adobe Acrobat Sign
- Adobe PDF Services
- Amazon Bedrock
- Amazon Connect
- Amazon Polly
- Amazon SES
- Amazon Transcribe
- Amazon Web Services
- Anthropic Claude
- Asana
- AWeber
- Azure AI Document Intelligence
- Azure Defender for Cloud
- Azure Maps
- BambooHR
- Box
- Brevo
- Calendly
- Campaign Monitor
- Cisco Webex Teams
- Citrix Hypervisor
- Citrix ShareFile
- Clearbit
- Confluence Cloud
- Constant Contact
- Coupa
- CrewAI – Preview
- Customer.io
- Database Hub - Preview
- Databricks Agent
- Datadog
- DeepSeek
- Deputy
- Discord - Preview
- DocuSign
- Drip
- Dropbox
- Dropbox Business
- Egnyte
- Eventbrite
- Exchangerates
- Exchange Server - Preview
- Expensify
- Facebook
- Freshbooks
- Freshdesk
- Freshsales
- Freshservice
- GetResponse
- GitHub
- Gmail
- Google Cloud Platform
- Google Docs
- Google Drive
- Google Forms - Preview
- Google Maps
- Google Sheets
- Google Speech-to-Text
- Google Text-to-Speech
- Google Tasks - Preview
- Google Vertex
- Google Vision
- Google Workspace
- GoToWebinar
- Greenhouse
- Hootsuite
- HTTP
- HTTP Webhook
- Hubspot CRM
- HubSpot Marketing
- HyperV - Preview
- Icertis
- iContact
- Insightly CRM
- Intercom
- Jina.ai
- Jira
- Keap
- Klaviyo
- LinkedIn
- Mail
- Mailchimp
- Mailgun
- Mailjet
- MailerLite
- Marketo
- Microsoft 365
- Microsoft Azure
- Microsoft Azure Active Directory
- About the Microsoft Azure Active Directory connector
- Microsoft Azure Active Directory authentication
- Microsoft Azure Active Directory events
- Microsoft Azure AI Foundry
- Microsoft Azure OpenAI
- Microsoft Azure Sentinel
- Microsoft Dynamics 365 CRM
- Microsoft OneDrive & Sharepoint
- Microsoft Outlook 365
- Microsoft Power Automate – Preview
- Microsoft Sentiment
- Microsoft Sentinel Threat Intelligence
- Microsoft Teams
- Microsoft Translator
- Microsoft Vision
- Miro
- NetIQ eDirectory
- Nvidia NIM – Preview
- Okta
- OpenAI
- OpenAI V1 Compliant LLM
- Oracle Eloqua
- Oracle NetSuite
- PagerDuty
- PayPal
- PDFMonkey
- Perplexity
- Pinecone
- Pipedrive
- QuickBooksOnline
- Quip
- Salesforce
- Salesforce AgentForce & Flows – Preview
- Salesforce Marketing Cloud
- SAP BAPI
- SAP Cloud for Customer
- SAP Concur
- SAP OData
- SendGrid
- ServiceNow
- Shopify
- Slack
- SmartRecruiters
- Smartsheet
- Snowflake
- Snowflake Cortex
- Stripe
- Sugar Enterprise
- Sugar Professional
- Sugar Sell
- Sugar Serve
- System Center - Preview
- TangoCard
- Todoist
- Trello
- Twilio
- UiPath Apps - Preview
- UiPath Data Fabric – Preview
- UiPath GenAI Activities
- UiPath Orchestrator
- X (formerly Twitter)
- Xero
- watsonx.ai
- WhatsApp Business
- WooCommerce
- Workable
- Workday
- Workday REST
- VMware ESXi vSphere
- YouTube
- Zendesk
- Zoho Campaigns
- Zoho Desk
- Zoho Mail
- Zoom
- ZoomInfo
Integration Service user guide
Microsoft Azure Active Directory authentication
Prerequisites
The Microsoft Azure Active Directory connector supports the following authentication methods:
- Application access - OAuth2.0 (Client Credentials)
- Delegated access - OAuth 2.0 (Authorization Grant)
- Client Certificate Authentication - OAuth2.0 (Client Certificate)
Before creating a connection, you need an active Microsoft Azure application registration. To set one up:
- Sign in to the Azure Portal and navigate to Azure Active Directory > App registrations.
- Select New registration.
- Enter a name for your application (for example,
UiPath IS Azure AD). - Under Supported account types, select one of the following:
- Accounts in this organizational directory only — for a single-tenant application.
- Accounts in any organizational directory — for a multi-tenant application.
- Select Register.
After registration, collect the following values from the app's Overview page — you will need them when creating the connection in Integration Service:
| Value | Where to find it |
|---|---|
| Application (client) ID | Overview page of the app registration |
| Directory (tenant) ID | Overview page of the app registration |
To create a connection, you need to provide the following credentials:
- For Application access:
- Client ID
- Client secret
- Tenant ID
- For Delegated access:
- Client ID
- Client secret
- Tenant ID
- Username
- Password
- For Client Certificate Authentication:
- Client ID
- OAuth base64 client certificate
- Password for the certificate
- Tenant ID
- OAuth Scope
To learn more about authentication credentials and how to set up the Azure Active Directory integration, refer to Setting up the Azure AD Integration in the Automation Cloud Guide.
Additional information is available in the Microsoft official documentation: Authentication and authorization basics, Introduction to permissions and consent, and Retrieving credentials.
Application access
Use this option to authenticate as the application itself, without a signed-in user context. This is the recommended option for unattended automation scenarios.
Setting up the client secret in Azure
- In your Azure app registration, go to Certificates & secrets > Client secrets > New client secret.
- Enter a description and select an expiry period.
- Select Add and immediately copy the Value — it is shown only once.
Client secrets expire. Rotate the secret before the expiry date to avoid connection failures.
Required API permissions
In your Azure app registration, go to API permissions > Add a permission > Microsoft Graph > Application permissions and add the following:
Minimum required
| Permission | Type | Description |
|---|---|---|
User.Read.All | Application | Read all users' full profiles |
Group.Read.All | Application | Read all groups |
Directory.Read.All | Application | Read directory data |
RoleManagement.Read.Directory | Application | Read all directory RBAC settings |
Optional (add only if your automation creates or modifies objects)
| Permission | Type | Description |
|---|---|---|
Group.ReadWrite.All | Application | Read and write all groups |
Directory.ReadWrite.All | Application | Read and write directory data |
RoleManagement.ReadWrite.Directory | Application | Read and write all directory RBAC settings |
After adding the permissions, select Grant admin consent for [your organization].
Connection fields
| Field | Description |
|---|---|
| Client ID | The Application (client) ID from the Overview section of your Azure app registration. |
| Client Secret | The secret value from the Certificates & secrets section. Use the Value, not the Secret ID. |
| Tenant ID | The Directory (tenant) ID from the Overview section of your Azure app registration. |
Delegated access
Use this option to perform actions on behalf of a signed-in user. The connection authenticates using OAuth 2.0 delegated permissions and prompts the user for consent during connection creation.
Setting up delegated access in Azure
-
In your Azure app registration, go to Authentication > Add a platform > Web.
-
In the Redirect URIs field, enter the callback URL displayed on the UiPath connection screen:
https://{baseURL}/provisioning_/callback(for example,https://cloud.uipath.com/provisioning_/callbackfor Automation Cloud).Note:The exact callback URL is shown on the connection creation screen in Integration Service. Copy it from there, as it may differ depending on your deployment (Automation Cloud, Automation Suite, or private cloud).
-
Under Implicit grant and hybrid flows, leave both checkboxes unselected.
-
Select Configure.
Required API permissions
In your Azure app registration, go to API permissions > Add a permission > Microsoft Graph > Delegated permissions and add the following:
Minimum required (needed to establish the OAuth connection)
| Permission | Type | Description |
|---|---|---|
openid | Delegated | Sign users in |
profile | Delegated | View users' basic profile |
email | Delegated | View users' email address |
offline_access | Delegated | Maintain access to data when the user is not present |
User.Read | Delegated | Sign in and read user profile |
Optional (add based on the operations your automation performs; permissions marked with * require admin consent)
| Permission | Type | Description |
|---|---|---|
User.ReadWrite | Delegated | Read and update user profile |
User.Read.All* | Delegated | Read all users' full profiles |
Group.Read.All* | Delegated | Read all groups |
Group.ReadWrite.All* | Delegated | Read and write all groups |
Directory.Read.All* | Delegated | Read directory data |
Directory.ReadWrite.All* | Delegated | Read and write directory data |
For permissions that require admin consent, select Grant admin consent for [your organization] after adding them.
Connection fields
| Field | Description |
|---|---|
| Client ID | The Application (client) ID from the Overview section of your Azure app registration. |
| Client Secret | The secret value from the Certificates & secrets section. Use the Value, not the Secret ID. |
| Tenant ID | The Directory (tenant) ID from the Overview section of your Azure app registration. For multi-tenant applications, use common. For single-tenant applications, enter your specific tenant ID. |
After filling in the fields, select Connect. A Microsoft sign-in window opens — sign in with the user account to be used for automation and grant the requested permissions.
Client Certificate Authentication
Use this option to authenticate using a client certificate instead of a client secret.
Setting up a certificate in Azure
- In your Azure app registration, go to Certificates & secrets > Certificates.
- Select Upload certificate and upload your
.ceror.pempublic key file. - After upload, note the thumbprint value for your records.
Generating the certificate locally
To generate a certificate locally (if you do not already have one):
- Create a self-signed certificate with Subject set to
CN=uipath.comand Content Type set to PEM. - Download the certificate in .pfx format.
- Convert the
.pfxfile to Base64-encoded format before entering it in the connection field.
You can also use a Powershell script. For example, the following script generates a self-signed certificate and exports it in the required formats:
# Generate self-signed cert
$cert = New-SelfSignedCertificate `
-Subject "CN=uipath.com" `
-CertStoreLocation "Cert:\CurrentUser\My" `
-KeyExportPolicy Exportable `
-KeySpec Signature `
-KeyLength 2048 `
-HashAlgorithm SHA256 `
-NotAfter (Get-Date).AddYears(2)
# Export public key (.cer) — upload this to Azure
Export-Certificate -Cert $cert -FilePath ".\uipath.cer" -Type CERT
# Export private key (.pfx)
$pfxPassword = Read-Host "Enter PFX password" -AsSecureString
Export-PfxCertificate -Cert $cert -FilePath ".\uipath.pfx" -Password $pfxPassword
# Convert .pfx to Base64 — paste this value into the connection field
$base64 = [Convert]::ToBase64String([IO.File]::ReadAllBytes(".\uipath.pfx"))
$base64 | Out-File ".\uipath_base64.txt"
Write-Host "Thumbprint: $($cert.Thumbprint)"
Write-Host "Base64 saved to uipath_base64.txt"
Write-Host "Upload uipath.cer to Azure > Certificates & secrets > Certificates"
# Generate self-signed cert
$cert = New-SelfSignedCertificate `
-Subject "CN=uipath.com" `
-CertStoreLocation "Cert:\CurrentUser\My" `
-KeyExportPolicy Exportable `
-KeySpec Signature `
-KeyLength 2048 `
-HashAlgorithm SHA256 `
-NotAfter (Get-Date).AddYears(2)
# Export public key (.cer) — upload this to Azure
Export-Certificate -Cert $cert -FilePath ".\uipath.cer" -Type CERT
# Export private key (.pfx)
$pfxPassword = Read-Host "Enter PFX password" -AsSecureString
Export-PfxCertificate -Cert $cert -FilePath ".\uipath.pfx" -Password $pfxPassword
# Convert .pfx to Base64 — paste this value into the connection field
$base64 = [Convert]::ToBase64String([IO.File]::ReadAllBytes(".\uipath.pfx"))
$base64 | Out-File ".\uipath_base64.txt"
Write-Host "Thumbprint: $($cert.Thumbprint)"
Write-Host "Base64 saved to uipath_base64.txt"
Write-Host "Upload uipath.cer to Azure > Certificates & secrets > Certificates"
Required API permissions
In your Azure app registration, go to API permissions > Add a permission > Microsoft Graph > Application permissions and add the following:
Minimum required
| Permission | Type | Description |
|---|---|---|
User.Read.All | Application | Read all users' full profiles |
Group.Read.All | Application | Read all groups |
Directory.Read.All | Application | Read directory data |
Optional (add only if your automation creates or modifies objects)
| Permission | Type | Description |
|---|---|---|
Group.ReadWrite.All | Application | Read and write all groups |
Directory.ReadWrite.All | Application | Read and write directory data |
After adding the permissions, select Grant admin consent for [your organization].
Connection fields
| Field | Description |
|---|---|
| OAuth base64 client certificate | The client certificate in Base64-encoded format, converted from the .pfx file downloaded from Azure. |
| Password for the certificate | The password set during certificate creation. |
| Client ID | The Application (client) ID from the Overview section of your Azure app registration. |
| Tenant ID | The Directory (tenant) ID from the Overview section of your Azure app registration. |
Add the connection
To create a connection to your Microsoft Azure Active Directory instance, you need to perform the following steps:
- Select Orchestrator from the product launcher.
- Select a folder, and then navigate to the Connections tab.
- Select Add connection.
- To open the connection creation page, select the connector from the list. You can use the search bar to find the connector.
- From the Authentication Type dropdown, select one of the available options: Client Certificate Authentication, Application access, or Delegated access. By default, Application access is selected.
- Enter the required credentials and select Connect.
- Prerequisites
- Application access
- Setting up the client secret in Azure
- Required API permissions
- Connection fields
- Delegated access
- Setting up delegated access in Azure
- Required API permissions
- Connection fields
- Client Certificate Authentication
- Setting up a certificate in Azure
- Generating the certificate locally
- Required API permissions
- Connection fields
- Add the connection