activities
latest
false
UiPath logo, featuring letters U and I in white

Productivity Activities

Last updated Apr 30, 2025

Interactive token

Overview

The interactive token authentication type includes the following characteristics:

  • Runs as a user.
  • Used in attended automation scenarios.
  • Uses delegated permissions.
Note: This is the same authentication method that Integration Service supports either through the UiPath Public App or the Bring your own app method.

Details

You can use the Interactive Token authentication type for attended automation, and when multi-factor authentication (MFA) is required. If you want to test the activity package, use this authentication method, as it is easy to configure and works well for personal accounts. The interactive token uses the default redirect URI mentioned in the Registering your application section.

You can either use the UiPath Public App (OAuthApplication = UiPath), which is the default one, or you can register and use your own Azure app (OAuthApplication = Custom):
  • UiPath Public App registration: The advantage of using the UiPath public app is that you do not need to configure or maintain the application.
    Note: UiPath does not store any user data. The authentication token is saved only on your machine or in your Orchestrator bucket. For more details, checkUiPath Public App registration.
  • Bring your own app (BYOA): The advantage of using your own application is that you can manage, customize, and assign permissions within your organization more granularly. For more details, check How to create an application for Microsoft 365 Scope connections.
When you create an application, you must select an application type. For interactive token authentication, use a mobile or desktop application that uses the OAuth 2.0 authorization code flow with a Redirect URI of type public client or native (mobile and desktop).

When you run the Microsoft 365 activity for the first time with the interactive token authentication type, you are prompted to authorize access to the resources you granted permissions to when registering your app. For more details, check Get access on behalf of a user.

A single organization can have multiple application (client) IDs. Each application ID contains its own permissions and authentication requirements. For example, you and your colleague can both register a Microsoft 365 application in the Microsoft Entra ID of your company with different permissions. Your app can be configured to authorize permissions to interact with files only, while the app of your colleague can authorize permissions to interact with files, mail, and calendar.

Note:
  • If you select the interactive token authentication type in the Microsoft 365 Scope activity, leave the Username and Password fields empty.
  • If you are using a single-tenant app, configure the Tenant field.
  • If you are using a multi-tenant app (the UiPath public app is multi-tenant), leave the Tenant field empty.

Scopes for Interactive token

Note:

This section applies to both UiPath Public App and Bring your own app methods.

When you add an activity to Microsoft 365 Scope, Studio automatically detects the scopes it requires. You can also allow additional or fewer scopes. However, if fewer scopes are selected, some activity functionalities might not work.

For more details, check Working with activity scopes.


docs image

UiPath Public App registration

The UiPath Public App is registered with the following information:

  • Name: UiPathStudioO365App
  • Client ID: f2f43f65-16a6-4319-91b6-d2a342a88744
  • Scopes: Calendars.Read, Calendars.Read.Shared, Calendars.ReadWrite, Calendars.ReadWrite.Shared, Chat.ReadWrite, email, EWS.AccessAsUser.All, Files.Read, Files.Read.All, Files.ReadWrite, Files.ReadWrite.All, Group.Read.All, Group.ReadWrite.All, Mail.Read, Mail.Read.Shared, Mail.ReadWrite, Mail.ReadWrite.Shared, Mail.Send, Mail.Send.Shared, offline_access, openid, Presence.Read, Presence.Read.All, profile, Sites.Read.All, Sites.ReadWrite.All, User.Read, User.Read.All.

How to create an application for Microsoft 365 Scope connections

To enable the Microsoft 365 classic activities, your app must be integrated with the Microsoft identity platform and have the correct Microsoft Graph API permissions assigned to it.

To integrate your application, assign permissions, and start building your automation project, complete the following steps:

  1. Register your application.
  2. Add API permissions.
  3. Build your project.

After registering your Microsoft 365 application, Azure Active Directory assigns a unique application (client) ID that you enter in the Microsoft 365 Scope activity along with the services that you assigned permissions to (e.g., files, mail, calendar).



Register your application

Tip: This process is described in detail in the Microsoft documentation in Quickstart: Register an application with the Microsoft identity platform. Please note that the Microsoft UI may have changed since these steps were first documented.
  1. Sign in to the Azure portal using your personal, work, or school Microsoft 365 account.
  2. In the left-hand navigation panel, click Azure Active Directory.
  3. After the Azure Active Directory page opens, click App registrations.

  4. Click + New registration in the top navigation bar.

  5. Enter a Name for your application (e.g., "Office365App").

  6. Under Supported account types, select the option that applies to you. For more information about which option to select, refer to Who can sign in to you app?:

    • Accounts in this organizational directory only - Use this option if your target audience is internal to your organization. This represents a single tenant application.
    • Accounts in any organizational directory (Any Azure AD directory - Multitenant) - Use this option if your target audience is business or educational customers. This represents a multitenant application.
    • Accounts in any organizational directory and personal Microsoft accounts (e.g. Skype, Xbox) - Use this option to target the widest set of Microsoft identities. This represents a multitenant application.
  7. Under Redirect URI (optional), enter a URI address (if applicable). The Microsoft Authentication Library (MSAL.NET) uses a default redirect URI: https://login.microsoftonline.com/common/oauth2/nativeclient. This value will likely work for you when using the Interactive Token authentication type.
    • Your selection is dependent on your authentication type. For more information on this topic, see How to connect to Microsoft 365 activities).
    • In our example, the organization supports multi-tenant authentication and can only use the Interactive token authentication type which requires a redirect URI.
      • If you use Interactive Token and the default Microsoft Redirect URI, you must add a platform of type Mobile and desktop applications. For more information, see Configure platform settings in the Microsoft documentation.
      • If your authentication type is Integrated Windows Authentication (IWA) or Username and Password, you don't need to register a redirect URI for your application. These flows do a round trip to the Microsoft identity platform v2.0 endpoint, and your application won't be called back on any specific URI.
    • When working with Microsoft 365 in a UiPath Studio project targeting .NET 5.0, add http://localhost to the Redirect URI of your custom applications.

      For more information, see Desktop app-registration in the Microsoft identity platform documentation.

  8. Select Register.
    Note: This setup is just an example. Follow the steps described in the documentation and make selections based on your organization's policies.

You're done! Now, let's add API permissions to your registered application.

Add API permissions

Note:

Interactive Token authentication uses delegated permissions.

  1. From your registered application page (Azure portal > Azure Active Directory > App registrations > Office365App), select API permissions in the left-hand navigation panel.
  2. After the API permission page opens, click + Add a permission (this opens the Request API permissions window).
  3. Under Select an API, click Microsoft APIs (may be open by default).

  4. Under Commonly used Microsoft APIs, click Microsoft Graph.

  5. Under What type of permissions does your application require?, select Delegated permissions to show the list of permissions. For more information about permission types, see Configure a client application to access web APIs in the Microsoft Azure documentation.

  6. Use the search bar or scroll down the alphabetical list and select the following permissions:
    Note: These permissions are not all mandatory. The provided list represents the complete set of permissions required to run all Microsoft 365 activities. You can restrict permissions depending on your particular use case. Check out the activities documentation pages to learn what permissions they need.

    • Calendar

      • Calendars.Read
      • Calendars.ReadWrite

    • Files

      • Files.Read
      • Files.Read.All
      • Files.ReadWrite
      • Files.ReadWrite.All

    • Sites

      • Sites.Read.All
      • Sites.ReadWrite.All

    • Mail

      • Mail.Read
      • Mail.ReadWrite
      • Mail.Send
    • Users
      • User.Read

    • Shared (scopes needed to access resources that are shared with, but not owned by, the user.)

      • Mail.Read.Shared
      • Mail.ReadWrite.Shared
      • Mail.Send.Shared
      • Calendars.Read.Shared
      • Calendars.ReadWrite.Shared

    • Select Add permissions to return to your list of API permissions.



  7. Make sure your API permissions include your added Calendars, Files, User, and Mail permissions.



Build your project in Studio Desktop

  1. Create a new automation project.

    1. Open UiPath Studio.

    2. Under New Project, click Process. This opens a New Blank Process window.

    3. Enter a project Name, Location, and Description.

    4. Choose the Compatibility. Windows is selected by default.

    5. Click Create.

  2. Install the UiPath.MicrosoftOffice365.Activities package.

    1. From the Design ribbon, select Manage Packages.
    2. Under All Packages, in the Search bar, enter Office 365 or Microsoft.
    3. Select the package version you want, then select Install.
    4. Click the Save button.
    For more information about UiPath Studio packages, see Managing Packages in the Studio Guide.

You're done! Now that you have completed the setup, you can start adding the Microsoft 365 activities to your project.

Next steps

For a hands-on learning experience and to quickly start using the activities, see the Quickstart guides. These guides provide step-by-step instructions to help you create working samples of the different activities so that you can verify the connection to your registered app and get familiar with the input/output properties.

To learn more about the Microsoft 365 activities (including example property inputs/outputs), see the Classic activities for a complete list and links to the activity detailed pages.

Was this page helpful?

Support and Services
Get The Help You Need
UiPath Academy
Learning RPA - Automation Courses
UiPath Forum
UiPath Community Forum
Uipath Logo White
Trust and Security
Terms of Use
Privacy Policy
Cookies Policy
© 2005-2025 UiPath. All rights reserved.