Configuring MS Graph OAuth Provider

These pre-requisites are required before you configure MS Graph OAuth Provider:

  • Azure Account

    Access to an Azure account with permissions to create and manage Azure App registrations. This task is typically managed by the IT Team.

  • Microsoft 365 Account

    An account with permissions to access emails (current) and other relevant Microsoft Graph resources (future).

  • RPA Mastermind

    Authentication and Token Management with Azure App to interact with MS Graph resources (related to emails).

  • RPA Studio installed.
  • SCIM Service

    The IFS SCIM (System for Cross-domain Identity Management) process is used for managing RPA user provisioning and synchronization between existing Azure organizations and target systems such as IFS (Industrial and Financial Systems).

    The SCIM service is an optional but recommended configuration and is required if the organizations and specific users such as “rpa@acme.com or invoices@acme.com” are intended to be used for RPA flows.

    To configure the SCIM service, navigate to OS Portal > Managing user permissions and Security > Security Administration > Settings > General Settings > Manage Features > SCIM Service.

    You can use the SCIM Service option in the Manage menu to enable or disable SCIM accounts. When disabled, the SCIM Service option is not displayed in the Manage menu.

    For more information, see https://docs.infor.com/inforos/2024.x/en-us/useradminlib_cloud/default.html?helpcontent=inforospag/mrh1493236771582.html&hl=scim

Configuring MS Graph OAuth Provider includes these steps:

  1. Azure App Registration
    1. Log on to the Azure portal (https://portal.azure.com/).
    2. Navigate to Microsoft Entra ID.
    3. Click App registrations > New registration.
    4. Select Mobile and Desktop Application.
    5. Specify a name for your application.
    6. Select Accounts in this organizational directory only account or any other appropriate account.
    7. Specify the Redirect URI.
      Note: The Redirect URI can be copied from the API Gateway > Authorized Apps > RPA OAuth provider page.
    Note: You must make a note of the Application (Client) ID, Directory (Tenant) ID, and generate a Client Secret
  2. MS Graph Permissions
    1. Navigate to Azure App registration.
    2. Click API permissions.
    3. Click Add a permission > Microsoft Graph.
    4. Select the required permissions with appropriate scope for email automation For example, Mail.Read, Mail.ReadWrite, Mail.Send and so on.
    5. Grant admin consent.
  3. RPA Mastermind Configuration
    1. Log on to RPA Mastermind.
    2. Click Settings > OAuth Provider on the Configuration page.
    3. Click Add Oauth Provider and add Microsoft Office 365 application.
    4. Specify the information ( Application (Client) ID, Directory (Tenant) ID, and Client Secret) displayed when registering the Azure App .
    5. Specify https://login.microsoftonline.com/%3CTenantId%3E/oauth2/v2.0/ in the Auth Host field.
      Note: The TenantId (also known as DirectoryId) is displayed in the overview section of the Azure app. Replace “%3CTenantId%3E” with TenantId or DirectoryId.
    6. Specify the Redirect URL.
      Note: The Redirect URL can be copied from the API Gateway > Applications > RPA OAuth provider page.
    7. Select the required API Permissions for Mail service. Possible values:
      • Mail.Read
      • Mail.ReadWrite
      • Mail.Send
      • Offline_Access
      • User.Read
    Note: Additionally, you must also authorize the RPA application to perform action on your behalf. See, Authorize user for details.