Are you using Microsoft 365 or Google Workspace? Are you curious to learn advanced authentication setups and batching capabilities? This webinar is for you.
Discover how to:
- Understand which Authentication type (Delegated/Application) best fits your requirements.
- Explore the advantages of the new Google Workspace scope.
- Differentiate between Integration Service Connection and the new Google Workspace scope.
- Learn the process of configuring Microsoft 365 Scope using the Asset Method.
- Determine the necessary Scopes for your automation needs.
️🗣️ Speakers:
Alexandru Crijman, Product Manager, UiPath
Nisarg Kadam, UiPath MVP 2024 & AI Ambassador, UiPath
📩 Useful resources:
JSON format for Asset Creation:
https://docs.uipath.com/activities/other/latest/productivity/how-to-use-microsoft-activities-integration-service#microsoft-office-365-scope-asset
How to create Azure App with Restricted SharePoint Site Access: https://view.highspot.com/viewer/6605801c6ff9043b514449e3
⏩ Register for our upcoming Dev Dives April session: Streamline document processing with UiPath Studio Web
EMEA&APJ: https://bit.ly/Dev_Dives_April_EMEA_APJ
AMER: https://bit.ly/Dev_Dives_April_AMER
This session was streamed live on March 28, 2024.
Check out all our upcoming Dev Dives 2024 sessions at:
🚩https://bit.ly/Dev_Dives_2024
4. 4
Welcome to UiPath Dev Dives!
• Get answers to your questions and challenges. Please
use the chat box for Qs during the presentation. Live
Q&A session at the end.
• You’ll receive the recording and deck after the session.
• Bonus content from our speakers (at the end of the
session): get a step-by-step guide on how to create
an Azure app with restricted SharePoint site access.
• You're encouraged to network and share your
LinkedIn/X (formerly Twitter) handles in the chat.
• Have fun! Feedback is welcome.
6. 6
Agenda
1
3
Authentication Types Supported
Connection Activities with Microsoft
365 Scope and BYOA
Connection Activities with Integration
Service and BYOA
Limit the Permission Scope in
UiPath
App Registration with Sites.Selected
in UiPath
Q&A
4
5
6
2
8. 8
Delegate Permissions
Delegated Permissions (Permission on Behalf
of a User):
1. Utilized in the delegated access scenario.
2. Allow applications to act on behalf of users.
3. Applications can't access anything beyond what the
user themselves could access.
4. For instance, if an application is granted the
Files.Read.All permission, it can only read files
accessible to the user.
9. 9
Application Permissions
Application Permissions (Permission without
a User):
1. Employed in the app-only access scenario, without
a signed-in user.
2. Applications can access any data associated with
the permission.
3. For example, an application granted Files.Read.All
permission through the Microsoft Graph API can
read any file in the tenant.
4. Generally, only an administrator or API service
principal owner can consent to these permissions.
10. 10
Delegate Access
Delegated Access (Access on Behalf of a
User):
1. User signs into a client application.
2. Client app accesses resource on behalf of the user.
3. Requires delegated permissions.
4. Both client and user need separate authorization.
5. Correct delegated permissions (scopes) required for
client app.
6. User authorization based on granted privileges
(e.g., Microsoft Entra RBAC).
11. 11
Application Access
App-only Access (Access without a User):
1. Application acts independently with no user signed
in.
2. Used in scenarios like automation or backup.
3. App roles used instead of delegated scopes.
4. Client app must be granted appropriate application
permissions.
5. Once granted, client app can access requested
data.
12. 12
Difference Between Permission Types
Permission Types Delegated Permissions Application Permissions
Types of Apps Web / Mobile / Single-Page App (SPA) Web / Daemon
Access Context Gains access on behalf of a user Accesses data without a user
Who Can Consent
- Users can consent for their data <br> - Admins can consent for all
users
Only admin can consent
Consent Methods
- Static: pre-configured list on app registration <br> - Dynamic:
request individual permissions at login
- Static ONLY: pre-configured list on app registration
Other Names - Scopes <br> - OAuth2 Permission Scopes - App Roles <br> - App-Only Permissions
Result of Consent OAuth2PermissionGrant AppRoleAssignment
Authorization
User's consent is typically required, with potential for admin
intervention based on permissions requested.
Administrator's authorization is often necessary, especially for
high-privilege or organization-wide access.
Scope Details
Specifies what actions or resources the application can access on
behalf of the user.
Defines the level of access and permissions granted to the
application, often categorized into app roles.
Permission Level
Typically granular, allowing for fine-tuning of access rights based on
user roles and tasks.
Often broader and more generalized, providing overarching
access to resources or functionalities.
Dynamic Access
Can dynamically request and adjust permissions based on user
interactions or scenarios.
Permissions are usually static and defined upfront during
application registration.
13. 13
Difference Between Consent Types
Consent Types User Consent Administrator Consent
Definition Occurs when a user signs into an application.
Required when certain permissions are requested, often by high-
privilege or application-level permissions.
Initiation Triggered by a user's attempt to sign into an application.
May be initiated by the application requesting permissions or by
certain scenarios necessitating admin intervention.
Grant Process
User provides sign-in credentials, then prompted to grant permissions if not
previously granted. Admin may need to grant consent on behalf of the user.
Admin grants consent, either for themselves or the entire
organization.
Scope Specific to user's account and permissions requested by the application.
Extends to broader permissions, often organization-wide, and
encompasses high-privilege or application-level permissions.
Application Behavior
Application functionality may be restricted if user does not grant required
permissions.
Application may not function fully until administrator grants
necessary permissions.
Prompts Users see a consent prompt detailing permissions requested.
Admins prompted to provide consent for specific permissions,
especially high-privilege ones.
Requirement Essential for accessing user-specific data or resources.
Required for granting broader access, managing application
permissions, or ensuring organizational security.
Authentication
Regular authentication flow, with potential admin intervention if required
permissions demand it.
May prompt for admin consent during authentication if high-
privilege permissions are requested.
Custom Scopes
Does not typically require admin consent unless tied to high-privilege
permissions.
Custom scopes generally do not necessitate admin consent
unless classified as high-privilege permissions.
15. 15
Graph API
Microsoft Graph API:
1. Provides a unified endpoint (https://graph.microsoft.com) for accessing
people-centric data and insights across Microsoft 365, Windows, and
Enterprise Mobility + Security.
2. Enables developers to build apps supporting Microsoft 365 scenarios
using REST APIs or SDKs.
3. Offers services for managing user and device identity, access,
compliance, and security.
Microsoft Graph Connectors:
1. Funnel external data sources into Microsoft Graph services and
applications, enhancing Microsoft 365 experiences like Microsoft
Search.
2. Includes connectors for popular data sources like Box, Google Drive,
Jira, and Salesforce.
Microsoft Graph Data Connect:
1. Streamlines secure and scalable delivery of Microsoft Graph data to
Azure data stores.
2. Data serves as a foundation for building intelligent applications using
Azure development tools.
16. 16
Date/Time Topic
April 18,
9:00 AM EST
2:00 PM GMT
Streamline document processing with UiPath Studio Web
Next steps
Bonus content: download a step-by-step guide on how to create an Azure app with restricted
SharePoint site access (link in a chat)
Join the next Dev Dives sessions:
https://bit.ly/Dev_Dives_2024
Connect with Nisarg and Alexandru on LinkedIn:
- https://www.linkedin.com/in/nisargkadam/
- https://www.linkedin.com/in/alexandru-crijman/