Integration Service user guide

DELIVERY:

Last updated May 22, 2025

Microsoft OneDrive and SharePoint authentication

Overview

In Integration Service, when you create a connection to one of our Microsoft Graph-based connectors, you can choose between the following authentication options:

OAuth 2.0 Authorization code – connects to the UiPath public application.
OAuth 2.0 Client credentials - uses a service account.
Bring your own OAuth 2.0 app – connects to a private application you create.

Note: For more details regarding the different authentication types, refer to the How to connect to Microsoft 365 activities guide.

Admin consent

Note: This section applies only to the OAuth 2.0 Authorization code and Bring your own OAuth 2.0 app authentication options.

Many organizations require the consent of an administrator before you create a connection to an external application. The admin consent workflow requires an admin to approve the app registration to specific users or groups before a connection is established. For more details, chek Overview of admin consent workflow and User and admin consent in Microsoft Entra ID in the Microsoft documentation.

Note: Integration Service impersonates the user that creates the connection. The credentials of the user offer access to all of the same resources that they have in the given application. If you share the connection, every change made to Microsoft SharePoint or OneDrive with that connection is made on behalf of that user.

OAuth 2.0 Authorization code

Scopes

The connector requests the following permissions or scopes: offline_access, Files.Read, Files.Read.All, Files.ReadWrite, Files.ReadWrite.All, Sites.Read.All, Sites.ReadWrite.All, Group.Read.All, Group.ReadWrite.All, profile, openid, email, User.Read.All or User.Read.

Adding the Microsoft OneDrive and SharePoint connection

To create a connection to your Microsoft OneDrive and SharePoint instance, perform the following steps:

Select Integration Service from Automation Cloud^TM.
From the Connectors list, select Microsoft OneDrive and SharePoint. You can also use the search bar to narrow down the connector.
Select the Connect to Microsoft OneDrive and SharePoint button.
You are now redirected to the connection page.
Select the OAuth 2.0 Authorization code authentication type.
Add the required permissions in the Scope field.
Select an environment from the drop-down list: Office 365 (default), US Government L4 - Public Sector domain, US Government L5 - Public Sector domain, or China.
Note: For more details on environments, check Microsoft Graph and Graph Explorer service root endpoints.
Select Connect and authenticate with your Microsoft email address and password.

Refresh tokens for OAuth applications

Refresh tokens for OAuth applications can be invalidated or revoked at any time by Microsoft. This can happen for different reasons, such as timeouts and revocations. For details, see Microsoft's official documentation.

Warning: Token invalidation results in failed connections and automations are unable to run without fixing connections.

Make sure to follow best practices from Microsoft when creating your OAuth applications. For full details on how to create a Microsoft OAuth app, see the Microsoft documentation.

This issue affects not only the OneDrive & SharePoint connector, but all Microsoft Graph-based connectors, such as Outlook or Teams.

OAuth 2.0 Client credentials

Scopes

Minimal scopes for creating a connection: User.Read.All or User.Read, Files.Read.

Adding the Microsoft OneDrive and SharePoint connection

To create a connection to your Microsoft OneDrive and SharePoint instance, perform the following steps:

Select Integration Service from Automation Cloud^TM.
From the Connectors list, select Microsoft OneDrive and SharePoint. You can also use the search bar to narrow down the connector.
Select the Connect to Microsoft OneDrive and SharePoint button.
You are now redirected to the connection page.
Select the OAuth 2.0 Client credentials authentication type.
Fill in and configure the following fields: Client ID, Client Secret, Tenant ID, Environment, and Account (provide the account used to impersonate a user).
Select Connect.

Bring your own OAuth 2.0 app

Overview

To learn how to create an application, check the official Microsoft documentation: Register an application with the Microsoft identity platform.

Note: This is an advanced functionality and requires admin privileges in the target application. Work with your IT administrator to set up your application successfully.

Requirements

When you create your own application to use with Integration Service, make sure you meet the following requirements:

Configure the application as a Multi-tenant or Single-tenant application.
Configure a Web application.
Configure a Web Redirect URI. The Redirect URI (or callback URL) for your OAuth 2.0 application is provided in the authentication screen when creating a connection: https://cloud.uipath.com/provisioning_/callback.
You must set up delegated permissions. For more information, refer to Permissions in the Microsoft official documentation.
Generate a client secret for your application.

Important: The advantage of using your private OAuth application is that you can customize permissions depending on your actual needs. To learn which scopes are required for each activity in the Microsoft 365 package, refer to Working with scopes and check out the activities documentation.

The connector uses Microsoft Graph API. Refer to the Microsoft Graph permissions reference page for details on all permissions.

After you create your application, use its Client ID and Client Secret to create a connection with the Microsoft connectors.

Scopes

Minimal scopes for creating a connection: openid, offline_access, User.Read.All or User.Read, Files.Read.
Minimal list of scopes required for OneDrive triggers:
- openid, offline_access, User.Read.All or User.Read, Sites.Read.All – for events on SharePoint sites.
- Group.Read.All – for events on groups and calendars.
- Files.Read.All – for all the remaining event types.

Adding the Microsoft OneDrive and SharePoint connection

To create a connection to your Microsoft OneDrive and SharePoint instance, perform the following steps:

Select Integration Service from Automation Cloud^TM.
From the Connectors list, select Microsoft OneDrive and SharePoint. You can also use the search bar to narrow down the connector.
Select the Connect to Microsoft OneDrive and SharePoint button.
You are now redirected to the connection page.
Select the Bring your own OAuth 2.0 app authentication type.
Fill in and configure the following fields: Client ID, Client Secret, Scope, Tenant ID, and Environment.
Note:
- For Scope, add the permissions you may need to interact with different activities. Check out the activities documentation to learn what scopes they require.
- If you are using a multi-tenant application, keep the default value for the Tenant ID (common). If you are using a single-tenant application, retrieve the Tenant ID from Azure. Refer to How to find your Microsoft Entra tenant ID.
Select Connect.

Refresh tokens for OAuth applications

Warning: Token invalidation results in failed connections and automations are unable to run without fixing connections.

Make sure to follow best practices from Microsoft when creating your OAuth applications. For full details on how to create a Microsoft OAuth app, see the Microsoft documentation.

This issue affects not only the OneDrive & SharePoint connector, but all Microsoft Graph-based connectors, such as Outlook or Teams.

On this page