Create a Microsoft Graph Connection

A Microsoft Graph Connection is required for a:

The Microsoft Graph Connection and Input are supported for mail activities.

Uploading files to SharePoint is not supported with this Connection. See the Microsoft Drive Connection.

Create App Registration in Azure

For both types of authentication, the client secret will expire at some point. It's the user's responsibility to:

  • watch the validity of client secret.
  • when expiration date is close:
    • stop all related Flows.
    • generate new secret in Azure.
    • update the connection.
    • restart Flows.

Login Behalf of a User

  1. Log into your Microsoft Azure account.
  2. Create a new App registration.

  3. Enter a Redirect URL to the Hero Platform application. (Example: https://{hero-flow-url}/oauth2)

  4. For the support account types, leave the app as Single Tenant or change it to Multitenant if required.

  5. Consult with your administrator for Hero Platform_ connection creation. Users should have the ability to add an application without Admin consent in Microsoft Azure.
    This screenshot shows a scenario when the login button is pressed, Admin consent is required. If this happens in your case, consider using the authentication option "Login as a Service". (See below)

  6.  Configure the Hero Platform_ Connection.

    Auth and Token URI:

    • Single Tenant applications use the tenant ID in the URI. (Example: https://login.microsoftonline.com/558ca8f8-d4f2-4bd7-bb0e-e0ff5d5892c0/oauth2/v2.0/authorize )
    • Multitenant application use the common endpoint in the URI. (Example: https://login.microsoftonline.com/common/oauth2/v2.0/authorize)

    Impersonated user is not filled!



Login as a Service

'"Login as a Service" is a good choice when the Hero Platform_ connection uses the Microsoft Graph API. For this authentication type, Hero Platform_ uses OAuth 2.0 client credentials. It's important to limit application permissions to specific Exchange Online mailboxes.  

  1. Log into your Microsoft Azure account.
  2. Create a new App Registration

  3. Enter a Redirect URL to the Hero Platform application. (Example: https://{hero-flow-url}/oauth2)

  4. Set the required API permissions.
    Permission type is Application.
    Mail.ReadWrite is recommended..
  5. Ask the Microsoft Graph administrator to grant admin consent.
    With admin consent, all the mailboxes from the account will be accessible by Hero Platform_. It's important to limit application permissions to specific Exchange Online mailboxes.
  6. Configure the Hero Platform_ Connection.
    Token URI has the tenant ID in it.
    Impersonated user is filled

Create a Connection to Microsoft Graph in Hero Platform_

    1. Open Hero Platform_.

    2. Open Integration from the navigation menu and select Connections.
        

   3. Click Create New Connection.
        

   4. Give the Connection a name and select Microsoft Graph from the drop-down list for Connection type.

      

   5. The Microsoft Connection details screen pops up with fields that need to be configured. 

  • Select the log level:
    • Debug
    • Error
  • Select the authentication type:
    • Login behalf of a user
    • Login as service
  • Enter the Client ID.
  • Enter the Client Secret.
  • Check or enter the Microsoft Graph Auth URI.
  • Check or enter the Microsoft Graph Token URI.
  • Check or enter the permission scope for the Microsoft Graph connection.
  • Click LOG IN
    • Enter the Microsoft Graph account name.
    • Enter the Microsoft Graph password.
  • Mark the radio button Yes if a proxy is required:
    • Enter the proxy host address.
    • Enter the proxy port number.
    • Mark the radio button Yes if authentication is required for the proxy.
      • Enter the username and password.

        

     6. Click Test connection. A confirmation message is displayed if the connection has been established in Hero Platform_.

        

     7. Click OK to finish saving the Connection in Hero Platform_.




Search