Hi everyone,
I’m trying to access SharePoint from UiPath using Microsoft Graph API with Delegated permissions, and specifically using the Sites.Selected scope (since the security team in the company I work for wasn’t comfortable with granting Sites.ReadWrite.All). I registered a custom Azure AD app, assigned the necessary delegated permissions, and granted admin consent.
However, even after configuring the Microsoft 365 Scope in UiPath to use my custom App ID and Tenant ID, the connection always ends up using the UiPathStudioO365App (as shown in the Enterprise Applications), not the custom app I registered.
Here’s what I’ve done:
- Registered a custom App in Azure AD
- Assigned Delegated permissions including
Sites.Selected, User.Read, etc.
- Granted Admin consent to the app
- Used the Microsoft 365 Scope in UiPath (latest version) and providing the App ID and Tenant ID
- Executing the automation using a user account that has access to the SharePoint folder
- Still, execution routes through
UiPathStudioO365App
Questions:
- Is
Sites.Selected supported when using Delegated authentication in UiPath?
- Why does UiPath continue to use the default
UiPathStudioO365App, even when a custom app is configured in the scope?
- Is there a way to explicitly force the use of my registered app when using delegated auth?
Any guidance or clarification would be greatly appreciated.
Thanks!
Can you show a screenshot on how did you configure the Microsoft 365 Scope?
What you have chosen at Authentication Type?
If you choose Application ID and Secret under Authentication Type, your App registration needs to use Application GraphAPI permissions.
For delegated permissions, try to change to Interactive token with Custom option selected under OAuth Application, but you will be limited to attended automations.
More details find at Activities - Microsoft 365 Scope
Hi Marian, thanks for your response.
Can you show a screenshot on how did you configure the Microsoft 365 Scope ?
What you have chosen at Authentication Type ? Interactive token
I have already used this activity as application and never had any problem. Idk if it is something with delegated.
I know that it is not the ideal, but it is possible to use delegated to unattended automations. We have a specific service account to the robot. The company that I work is not comfortable to give us application 
Change the yellow highlighted option to CUSTOM and retry.
Awesome. It changed from this
to this
I think now it is using the API that we created. About this admin that needs to approve, must be a Global Admin? Cloud application admin? We granted admin consent to this app registration, but I think since it is delegated, it needs to be granted to the user, right?
Needs to be the Azure admin that logs in for the first time.
Also, there is an option in Azure to allow users to request an admin approval for an app.
Hi Marian, we had the admin approval, but we are getting this error:
RemoteException wrapping Microsoft.Identity.Client.MsalServiceException: A configuration issue is preventing authentication - check the error message from the server for details. You can modify the configuration in the application registration portal. See Microsoft Entra authentication & authorization error codes - Microsoft identity platform | Microsoft Learn for details. Original exception: AADSTS7000218: The request body must contain the following parameter: ‘client_assertion’ or ‘client_secret’. Trace ID: 3dbe6a8e-fc7d-4299-ab5b-57fc6f9c8c00 Correlation ID: 0ce7f277-67f6-46dd-adf9-4d5e194f6b5e Timestamp: 2025-08-11 14:54:49Z
Already set Allow public client flows to Yes. Do you know how to fix this?
