activities
latest
false
UiPath logo, featuring letters U and I in white
Productivity Activities
Last updated Nov 21, 2024

How to connect to Microsoft 365 activities

Overview

Microsoft 365 activities have different authentication flows that you can choose from. Your choice is dependent on: the type of automation mode you plan to run (attended or unattended), the type of projects you want to build (cross-platform or Windows), whether you use Integration Service or not, the type of permissions you want to grant (delegated or app-only), and your application authentication requirements (consult with your administrator if you're unsure which authentication requirements apply to your application).

Use the table below to understand the basic differences between each authentication type:
Microsoft Authentication flowMicrosoft 365 Scope - Authentication type Integration Service connectionRobot type - AttendedRobot type - UnattendedAPI permission type
OAuth 2.0 authorization code flow

Interactive Token - public app

OAuth 2.0 Authorization codedocs imagedocs image (only with Integration Service)*

Delegated permissions

Interactive Token - BYOA Bring your own OAuth 2.0 app docs imagedocs image (only with Integration Service)*Delegated permissions
Integrated Windows authentication (IWA) N/A docs image

Delegated permissions

Username and password N/A docs image

Delegated permissions

OAuth 2.0 client credentials flowApplication ID and secretN/Adocs imagedocs image

Application permissions

N/Adocs imagedocs image

Application permissions

* Integration Service keeps the connection token alive by refreshing the token. After a certain period of time, you must manually refresh the connection by re-authentication.

To learn about the specifics of each option, see:

Delegated permissions versus application permissions

To understand the differences between delegated and application permissions, see the Microsoft official documentation: Comparison of delegated and application permissions.

Briefly, the differences are as follows:

  • With delegated permissions, the application impersonates a user and acts on the user's behalf. The application can access only what the signed-in user can access.
  • With application permissions, the application acts on its own, without a signed-in user. The application can access any data that its permissions are associated with.

For both delegated and application permissions, you can restrict what the application can and can't access using the scopes defined when you create the app. Refer to Scopes and permissions in the Microsoft documentation.

Tip: Refer to Working with activity scopes to learn how to control permissions using activity scopes.

Many organizations require an administrator's consent before creating a connection to an external application. The admin consent workflow requires an admin to approve the app registration to specific users or groups before a connection is established. For more information, see Overview of admin consent workflow and User and admin consent in Microsoft Entra ID in the Microsoft documentation.

Multitenant versus single-tenant applications

Both Microsoft 365 Scope and Integration Service connections support single tenant applications and multitenant applications. To learn the difference between the two, refer to Who can sign in to you app? in the Microsoft official documentation.

Azure environments

Both Microsoft 365 Scope and Integration Service connections support multiple Azure environments. For details, see Microsoft Graph and Graph Explorer service root endpoints.

Microsoft National CloudEnvironment in Integration ServiceEnvironment in Microsoft 365Scope
Microsoft Graph global serviceDefaultAzure, Azure Global
Microsoft Graph for US Government L4US Government L4US Government

Microsoft Graph for US Government L5

US Government L5N/A
Microsoft Graph China ChinaChina

Was this page helpful?

Get The Help You Need
Learning RPA - Automation Courses
UiPath Community Forum
Uipath Logo White
Trust and Security
© 2005-2024 UiPath. All rights reserved.