- 概述
- Excel
- 发行说明
- 关于 Excel 活动包
- 项目兼容性
- 受支持的字符编码
- 项目设置
- 添加或更新 Excel 敏感性标签
- 附加范围
- 自动填充
- 自动调整范围
- 更改透视表数据源
- 清除工作表/范围/表格
- 复制/粘贴范围
- 创建透视表
- 删除列
- 删除行
- 删除工作表
- 复制工作表
- 导出为 CSV
- 填充范围
- 筛选
- 筛选条件透视表
- 查找数据的首行/末行
- 查找/替换值
- 对每个 Excel 行
- 对每个 Excel 工作表
- 格式化为表格
- 设置单元格的格式
- 获取单元格颜色
- 获取 Excel 图表
- 获取 Excel 敏感性标签
- 获取选定范围
- 插入列
- 插入图表
- 插入行
- 插入工作表
- 调用 VBA
- 查找
- “匹配”功能
- 保护工作表
- 读取单元格公式
- 读取单元格值
- 读取范围
- 刷新 Excel 数据连接
- 刷新透视表
- 删除重复项
- 重命名工作表
- 运行电子表格宏
- 保存 Excel 文件
- 将 Excel 文件另存为
- 将 Excel 文件保存为 PDF 格式
- 选择范围
- 范围排序
- 分列
- 取消保护工作表
- 更新 Excel 图表
- 使用 Excel 文件
- VLookup
- 写入单元格
- 写入 CSV
- 将数据表写入 Excel
- Google Workspace
- 发行说明
- 关于“Google Workspace”活动包
- 项目兼容性
- 添加参加者
- 创建活动
- 删除活动
- 修改活动
- 搜索活动
- 使用 Google 云端硬盘
- 共享文件
- 删除文件权限
- 获取文件权限
- 更新文件权限
- 复制文件
- 创建文件夹
- 删除文件
- 下载文件
- 查找文件和文件夹
- 获取文件信息
- 移动文件
- 上传文件
- 创建文档
- 创建新电子表格
- 获取邮件消息
- 发送邮件消息
- 更改标签
- 使用 Google 电子表格
- 添加/删除列
- 添加删除行
- 自动填充范围
- 添加新工作表
- 附加行
- 批量电子表格更新
- 复制工作表
- 复制粘贴范围
- 删除范围
- 删除工作表
- 获取单元格颜色
- 获取工作表
- 读取单元格
- 读取列
- 读取范围
- 读取行
- 重命名工作表
- 写入单元格
- 写入范围
- 清除范围
- 下载电子表格
- 使用 Google 文档
- 批量文档更新
- 获取文档
- 获取文本索引
- 插入文本
- 替换文本
- 读取所有文本
- 创建脚本项目
- 获取项目内容
- 上传脚本文件
- 创建部署
- 运行脚本
- 邮件
- Microsoft 365
- 发行说明
- About the Microsoft 365 activity package
- How to connect to Microsoft 365 activities
- 项目兼容性
- Microsoft Office 365 作用域
- 添加工作表
- 附加范围
- 清除范围
- 复制范围
- 复制工作表
- 创建工作簿
- 删除范围
- 删除工作表
- 获取单元格颜色
- 获取工作表
- 读取单元格
- 读取列
- 读取范围
- 读取行
- 重命名工作表
- 写入单元格
- 写入范围
- 设置范围颜色
- 创建表格
- 获取表格范围
- 插入列
- 删除列
- 插入行
- 删除行
- VLookup 范围
- 使用 OneDrive 和 SharePoint
- 复制文件/文件夹
- 创建文件夹
- 删除文件/文件夹
- 下载文件
- 将文件导出为 PDF
- 查找文件和文件夹
- 获取文件/文件夹
- 移动文件/文件夹
- 上传文件
- 共享文件/文件夹
- 遍历每个文件/文件夹
- 转发邮件
- 获取邮件
- 移动邮件
- 发送邮件
- 回复邮件
- 删除邮件
- 设置邮件类别
- 添加附件
- 添加参加者
- 添加地点
- 创建活动
- 删除活动
- 查找会议时间
- 获取日历
- 修改活动
- RSVP
- 搜索活动
- 创建组
- 删除组
- 获取组
- 列出组
- 创建存储桶
- 删除存储桶
- 列出存储桶
- 列出存储桶任务
- 创建计划
- 获取计划
- 列出计划
- 创建任务
- 删除任务
- 获取任务
- 列出任务
- 更新任务
- 遍历列表
- 获取列表信息
- 遍历列表项目
- 删除列表项目
- 添加列表项目
- 更新列表项目
- 获取列表项目
- 演示文稿
- Word
How to connect to Microsoft 365 activities
Microsoft 365 activities have different authentication flows that you can choose from. Your choice is dependent on: the type of automation mode you plan to run (attended or unattended), the type of projects you want to build (cross-platform or Windows), the type of permissions you want to grant (delegated or app-only), and your application authentication requirements (consult with your administrator if you're unsure which authentication requirements apply to your application).
Microsoft Authentication flow | Microsoft 365 Scope - Authentication type | Integration Service 连接 | Robot type - Attended | Robot type - Unattended | API permission type |
---|---|---|---|---|---|
OAuth 2.0 authorization code flow |
Interactive Token - public app | OAuth 2.0 授权代码 |
委派权限 | ||
Interactive Token - BYOA | 自带 OAuth 2.0 应用程序 | 委派权限 | |||
Integrated Windows authentication (IWA) | 不适用 |
委派权限 | |||
用户名和密码 | 不适用 |
委派权限 | |||
OAuth 2.0 client credentials flow | Application ID and secret | 不适用 |
应用程序权限 | ||
不适用 |
应用程序权限 |
To understand the differences between delegated and application permissions, see the Microsoft official documentation: Comparison of delegated and application permissions.
Briefly, the differences are as follows:
- With delegated permissions, the application impersonates a user and acts on the user's behalf. The application can access only what the signed-in user can access.
- With application permissions, the application acts on its own, without a signed-in user. The application can access any data that its permissions are associated with.
For both delegated and application permissions, you can restrict what the application can and can't access using the scopes defined when you create the app. Refer to Scopes and permissions in the Microsoft documentation.
Both Microsoft 365 Scope and Integration Service connections support single tenant applications and multitenant applications. To learn the difference between the two, refer to Who can sign in to you app? in the Microsoft official documentation.
Both Microsoft 365 Scope and Integration Service connections support multiple Azure environments:
- Connections through the Scope activity support: Azure, Azure Global, China, Germany or US Government. The default value is Global.
- Connections through Integration Service support: Default, US Government L4, US Government L5, and China.
Integration Service connectors use OAuth 2.0 authorization code flow with delegated permissions.
The Microsoft 365 modern activities and triggers establish an authenticated connection to the Integration Service Microsoft OneDrive & SharePoint and the Microsoft Outlook 365 connectors. To learn more about Integration Service connections, refer to Set up Integration Service connectors.
When you connect to the Microsoft connectors in Integration Service, you have the option to use the standard UiPath public application (with a set of default, non-configurable scopes) or create your own application with Microsoft and customize the scopes you need.
The Microsoft 365 Classic activities establish an authenticated connection to your Microsoft 365 applications via the Microsoft 365 Scope activity.
The activities need authorization from the Microsoft identity platform. To enable authorization, you first register your Microsoft 365 application in your Azure Active Directory. When registering your application, you assign Microsoft Graph API permissions to specify the resources your Robot can access on your behalf.
After registering your Microsoft 365 application, Azure Active Directory assigns a unique application (client) ID that you enter in the Microsoft 365 Scope activity. The Application ID is used to collect the necessary information about your registered app to initiate authentication and get the access token to establish the connection.
When you add an activity to Microsoft 365 Scope, its required scopes are automatically detected. You can also choose to allow additional scopes.
- Runs: as a user.
- Scenario: attended automation.
- Delegated permissions.
- When registering your application, you must select an application type. For interactive token authentication, use a mobile/desktop application (which uses OAuth 2.0 authorization code flow).
- “交互式令牌”身份验证类型可用于有人值守的自动化以及需要多重身份验证 (MFA) 时的情况。 这是默认选项,也是我们在示例中使用的选项。 如果您有兴趣试用活动包,此选项易于配置,并且适用于个人帐户(使用 设置 指南 注册应用程序 部分第 7 步中记录的默认重定向 URI)。
- You have the option to register and use your own Azure app (i.e., OAuthApplication = Custom) or the one provided by UiPath (OAuthApplication = UiPath).
- When you run the Microsoft 365 activity for the first time using this authentication type, you are prompted to authorize access to the resources (you granted permissions to when registering your app) via a consent dialogue box. See Get access on behalf of a user.
- If you select this authentication type in Microsoft 365 Scope, leave the Username, Password, and Tenant fields empty.
- Runs: as a user.
- Scenario: unattended automation.
- Delegated permissions.
- “集成 Windows 身份验证”身份验证类型可用于 Unattended 自动化。 此选项可适用于在加入 Windows 域或 Azure Active Directory 的计算机上运行的 Windows 托管应用程序。
- When registering your application, you must select an application type. For IWA authentication type, you must use a mobile/desktop application (which uses OAuth 2.0 authorization code flow).
- Works only for federated users and if your registered Azure application is configured to support IWA. Doesn't work for multi-factor authentication (MFA). See details here: IWA on GitHub.
- You should only select this option if your registered application is configured to support Integrated Windows Authentication.
- If you select this authentication type in Microsoft 365 Scope, leave the Username and Password fields empty. The Tenant field is optional.
- Runs: as a user.
- Scenario: unttended automation.
- Delegated permissions.
- This authentication type is provided only for legacy reasons. We do not recommend using this option, as it goes against the principles of modern authentication. It doesn't work for multi-factor authentication (MFA). See details here: User & Password on GitHub.
- 尽管 Microsoft 不建议这样做,但您可以在公共客户端应用程序中使用此身份验证类型。 使用此身份验证类型会对您的应用程序施加限制。 例如,使用此流程的应用程序将无法登录需要执行多重身份验证(条件访问)的用户。 它也不会使您的应用程序受益于单点登录。
- The ApplicationID property is required when selecting the Username and Password authentication type. You can register your Microsoft 365 Application using your personal, work, and/or school account.
- Runs: as background service.
- Scenario: unattended and unattended with MFA enabled.
- Application permissions.
- Recommended for unattended executions or when you want to access the Microsoft Graph API as an application (a background service / daemon) without a signed-in user.
-
When registering your application, you must select an application type. For application ID and secret authentication type, use a confidential/web application (which uses OAuth 2.0 client credentials flow).
-
必须为 Azure 应用程序配置适当的 API 权限,以便 Microsoft 365 活动正常工作(例如,在使用“组”活动时,应为 Microsoft Graph 配置应用程序权限
Group.Create
、Group.Read.All
和Group.ReadWrite.All
)。 -
A single organization can have multiple application (client) IDs for their Microsoft 365 account. Each application (client) ID contains its own permissions and authentication requirements. For example, you and your colleague can both register a Microsoft 365 application in your company's Azure Active Directory with different permissions. Your app can be configured to authorize permissions to interact with files only, while your colleague's app is configured to authorize permissions to interact with files, mail, and calendar. If you enter your application (client) ID into this property and run attended automation, the consent dialogue box would be limited to file permissions (and subsequently, only the Files activities can be used).
- Some activities can't be used with this type of authentication because the corresponding Microsoft Graph API does not support application permissions (e.g. Find Meeting Times).
-
对于电子邮件活动,必须为“ 帐户 ” 参数指定一个值(即,要使用所有租户邮箱中的哪个邮箱)。
-
Use
Sites.Selected
application permission to allow the application to access just the specific SharePoint site collections rather than all. -
When using this authentication type, the application has access to all mailboxes from your tenant, the reason being that application API permission
Mail.Read
means Read mail in all mailboxes andMail.ReadWrite
means Read and write mail in all mailboxes. One solution is to restrict Application permissions to specific mailboxes, so the application has access only to the specified mailboxes. For more information, see Scoping application permissions to specific Exchange Online mailboxes.
- Runs: as background service.
- Scenario: unattended and unattended with MFA enabled.
- Application permissions.
- When registering your application, you must select an application type. For application ID and certificate authentication type, use a confidential/web application (which uses OAuth 2.0 client credentials flow).
- This authentication mtehod is similar to application ID and secret, but it uses a certificate as a secret instead of a client secret string.
To authenticate using a certificate as a secret, take the following steps:
-
In the the Azure portal:
- 找到已注册的 Microsoft 365 应用程序。
-
选择 “证书和 密码”,然后上传您的证书(公钥)文件。 它可以具有以下文件类型之一:
.cer
、.pem
、.crt
。
- Convert the raw contents of your
.pfx
file representing the certificate to abase64 string
. You can use a web-based tool like Base64.Guru or assign theConvert.ToBase64String(System.IO.File.ReadAllBytes(pfxFilePath))
value to aString
variable. - In the Microsoft 365 Scope activity:
- Set Authentication Type to Application ID and Certificate.
- 将 CertificateAsBase64 设置为证书的 base64 表示形式。
- 如果需要密码才能使用证书,请同时设置“证书密码” 属性的值。
The Microsoft 365 activities designed specifically for Integration Service feature a Connection field, which enables you to choose a connection created through an Integration Service connector. When used inside Microsoft 365 Scope, the activities simply inherit the connection information from the Scope.
Microsoft 365 | ||||
---|---|---|---|---|
Cloud | On Prem | |||
Microsoft Office 365 应用程序作用域 | Integration Service | Microsoft Office 365 应用程序作用域 | Integration Service | |
跨平台 | ||||
应用程序 ID 和证书 | ||||
应用程序 ID 和密码 | ||||
OAuth - BYOA | ||||
OAuth - UiPath App | ||||
用户名和密码 | ||||
Windows 集成身份验证 | ||||
Windows | ||||
应用程序 ID 和证书 | ||||
应用程序 ID 和密码 | ||||
OAuth - BYOA | ||||
OAuth - UiPath App | ||||
用户名和密码 | ||||
Windows 集成身份验证 |
有两种方法可以在Microsoft 365 作用域活动中设置连接。
连接方法 | 描述 | 收益 | 缺点 | |
---|---|---|---|---|
资产 注意:推荐。
|
使用 Orchestrator 资产将连接与作用域配置一起存储。 资产为 JSON 格式。 每次使用时,该活动都会从资产中检索配置。 根据资产配置,作用域的行为会有所不同;它会标识身份验证类型并隐藏不必要的字段。 如果资产 JSON 设置不正确,则会提示验证错误。 |
这些活动受益于设计时查找,并且可以发现文件、文件夹、列表、范围等。 由于凭据不会以纯文本形式从一个用户传递到另一个用户,因此该连接可以轻松转移。 可由管理员配置。 这更安全,因为凭据不会到达 Studio 工作流。 |
需要高级用户才能配置资产。 Citizen Developer 设置起来并不容易。 | |
属性面板 |
使用现有的“属性”面板配置连接凭据。 可以以纯文本或变量的形式添加配置。 |
更易于使用。 保持向后兼容性。 | ||
通过纯文本配置
注意:不推荐。
| 使用纯文本值配置“属性”面板。 | 这些活动受益于设计时查找,并且可以发现文件、文件夹、列表、范围等。 | 安全性较低,因为凭据需要以纯文本在用户之间传递。 | |
通过变量进行配置 |
使用变量配置属性面板。 |
更安全,因为凭据不会到达 Studio 工作流。 | 这些活动无法在设计时发现任何资源。 |
{
"CertificateAsBase64": "",
"CertificatePassword": "",
"ClientSecret": "",
"Environment": "Default" | "Global" | "China" | "Germany" | "USGovernment" | "USGovernmentDOD",
"Mode": "interactive" | "integrated" | "uap" | "appidsecret" | "appidcertificate",
"OAuth2AppData": {
"ApplicationId": "",
"TenantId": ""
}
}
{
"CertificateAsBase64": "",
"CertificatePassword": "",
"ClientSecret": "",
"Environment": "Default" | "Global" | "China" | "Germany" | "USGovernment" | "USGovernmentDOD",
"Mode": "interactive" | "integrated" | "uap" | "appidsecret" | "appidcertificate",
"OAuth2AppData": {
"ApplicationId": "",
"TenantId": ""
}
}
{
"CertificateAsBase64": "",
"CertificatePassword": "",
"ClientSecret": "",
"Environment": "Default",
"Mode": "interactive" | "integrated" | "uap" | "appidsecret" | "appidcertificate",
"OAuth2AppData": {
"ApplicationId": "f2f43f65-16a6-4319-91b6-d2a342a88744",
"TenantId": ""
}
}
{
"CertificateAsBase64": "",
"CertificatePassword": "",
"ClientSecret": "",
"Environment": "Default",
"Mode": "interactive" | "integrated" | "uap" | "appidsecret" | "appidcertificate",
"OAuth2AppData": {
"ApplicationId": "f2f43f65-16a6-4319-91b6-d2a342a88744",
"TenantId": ""
}
}
{
"CertificateAsBase64": "",
"CertificatePassword": "",
"ClientSecret": "",
"Environment": "Default",
"Mode": "interactive" | "integrated" | "uap" | "appidsecret" | "appidcertificate",
"OAuth2AppData": {
"ApplicationId": "d47f7253-65ae-58n5-ag04-26109734e6de",
"TenantId": "3ce4ef03-chb1-871f-94b0-345136965f10"
}
}
{
"CertificateAsBase64": "",
"CertificatePassword": "",
"ClientSecret": "",
"Environment": "Default",
"Mode": "interactive" | "integrated" | "uap" | "appidsecret" | "appidcertificate",
"OAuth2AppData": {
"ApplicationId": "d47f7253-65ae-58n5-ag04-26109734e6de",
"TenantId": "3ce4ef03-chb1-871f-94b0-345136965f10"
}
}
在Microsoft 365 作用域内使用活动时,以下功能不可用:触发器、绑定和覆盖体验。
令牌刷新
没有可用于刷新连接令牌的服务,例如 Integration Service 中提供的服务。
If the Authorization Token isn't refreshed for a certain number of days, it expires, and you must re-authenticate. To avoid the expiration of authorization tokens, run a robot with that specific connection. Running an automation with the Scope activity refreshes the authorization token.
- 管理员批准流程: Microsoft 身份平台上的 OAuth 2.0 客户端凭据流程
- 没有管理员批准流程: Microsoft 身份平台和 OAuth 2.0 授权代码流程 - Microsoft 身份平台
- 概述
- Delegated permissions versus application permissions
- Multitenant versus single-tenant applications
- Azure environments
- Integration Service connections
- Microsoft 365 Scope connections
- 交互式令牌
- 概述
- 详细信息
- Windows 集成身份验证 (IWA)
- 概述
- 详细信息
- 用户名和密码
- 摘要
- 详细信息
- 应用程序 ID 和密码
- 摘要
- 详细信息
- 应用程序 ID 和证书
- 摘要
- 详细信息
- Using certificates
- How to use Microsoft 365 activities without Integration Service connections
- 关于
- Authentication and projects types matrix
- 连接方法
- Microsoft 365 Scope asset format
- 限制