Using parallel to solve the Microsoft cloud Sign-in prompts

News Vote on Tutorials
, ,
1

We have moved some apps to SSO and it has affected our automations. Here is how I solved the Microsoft SSO sign-in process with the Parallel activity.

I found that depending upon the exact situation, one of these 3 prompts appears:

imageimageimage

Here is our plan:

  1. Get credentials for the user
  2. Open the browser to a URL and log into the Microsoft prompts
  3. When the “Pick an account” prompt appears:
    a. Click the account from step 1
    b. If the account isn’t already listed in the prompt, click “Use another account”
  4. When the “Sign in” prompt appears:
    a. Enter the username
    b. Click Next
  5. When the “Enter password prompt” appears:
    a. Enter the password
    b. Click “Sign in”

I’ll skip step 1, you know how to get credentials :slight_smile:

The rest of the steps are just this, the Parallel makes it very simple:

image
image1000×310 15.5 KB

I recommend setting the timeout the same for all three main Check App States. I’ve been using 30 seconds and haven’t had an issue. Could probably even shorten it a bit to shave some time.

The “Pick an account” prompt is the most complicated one. It contains another Check App State that checks if our desired account is already listed, if not then click “Use another account”:

image
image984×770 44.7 KB

The “Sign in” prompt is very simple:

image
image463×703 28.3 KB

Notice neither of the first two top level Check App States has a “does not appear” section. Don’t need it - just do what we need to do when those prompts do appear.

The third one - Enter password - does have a “does not appear” section so this is where you end up if none of the prompts appears. For my purposes I just need it to log and move on, exiting the Parallel and continuing the process.

image
image886×448 20.9 KB

Here is a breakdown of the “Enter password/Target appears” section.

Enter the password (I found that Hardware events was necessary for typing the password) and then click Sign In. If the “Stay signed in” prompt appears I click No but for your purposes you may want to click Yes.

image
image335×580 20.4 KB

Instead of using a Check App State to see if the “Stay signed in” prompt appears, I just set the Click activity to “continue on error” and a 5 second timeout.

image

I noticed that in Chrome, sometimes it circles back around and makes you click the account one more time, so I added this:

image
image539×687 27.5 KB

The reason I have “chrome.exe” in a variable is I built this into a library and an argument allows you to configure which browser it uses. Then I just put it into all the selectors as a variable.

image

And now the most important part of the Parallel activity - the Condition:

I just set it as a variable CompletionCondition (boolean):

image

So at the very end after we have entered the password and clicked Sign in, we simply set CompletionCondition to True and the Parallel exits.

image

Remember when I said I added this to a library? Here is what the activity looks like when I use it in another automation:

image

The best part is now when I need to open a web app in one of my automations, I can put this activity inside another Parallel:

image
image873×551 30.8 KB

The Check App State on the right verifies that the login succeeded and then sets the completion condition:

image
image934×560 32.8 KB

So now if the Microsoft Sign in prompts appear, they’re handled - but if we are just logged in with cached credentials it immediately stops checking for the Microsoft Sign in prompts and continues. And if none of that happens, we throw a login exception.

1 Like
2

After extensive testing, I discovered that in some situations, the “Enter password” prompt is the first one that appears. In these cases it should click the back icon so it goes back to the “Pick an account” prompt to start at the beginning. To handle this, I created a new variable ReadyForPassword (boolean). At the end of Check App State - Sign In, set ReadyForPassword to true:

image

Since this means we could see the Enter password prompt more than once, wrap Check App State - Enter password in a Do While with a condition of “NOT CompletionCondition”:

image
image552×512 14.5 KB

Then inside Target appears, use an If to determine whether it should enter the password (ReadyForPassword TRUE) and put the original steps to enter the password inside the Then:

image
image517×659 19.4 KB

In the Else, just click the back icon:

image

I also had issues with the case sensitivity of selectors, so for every Click activity that clicks the account in the Pick an account prompt, set them to not case sensitive in the selectors:

string.Format("<webctrl aaname='{0}' casesensitive:aaname='false' />", MSUSer)

3

Nice tutorial! :+1: Just wondering, did you have a reason to do it with Parallel instead of Pick Branch? It would seem a more natural choice when the different scenarios are mutually exclusive?

4

You have to use Parallel because you need each branch to execute when its prompt appears, not just one branch to execute. The scenarios are not mutually exclusive. Each branch of the Parallel handles one of the 3 possible prompts, and all 3 may appear (and the Enter Password may appear more than once, hence the Do While I added).

5

Ah, right, I see! I’ve done MS logins with Pick Branch, so I wouldn’t say you have to go with Parallel.

One of the screens will appear first. That’s what I meant with mutually exclusive - we’re not seeing all of the screens at the same time. Sorry for the confusion :smile:

6

Considering I ran it dozens of times and discovered that in different situations it starts at a different prompt, you do need parallel. It doesn’t always come up at “Pick an account” - and in Chrome it shows you the Pick an account after you enter the password.

One of the screens will appear first.

But you don’t know which one, and you still need to go through all the screens. So Parallel. You need all the branches to execute, not just one.

7

This wouldn’t matter though, as with Pick Branch all the screens can be checked for at once (like with Parallel). Then the logic can be built inside the branches, as you’ve done.

8

Look more closely at my code. I don’t have all the steps in all the branches, because you don’t need them in all the branches. It’s not “if the Pick prompt appears, click the account then enter the password then click next” it’s just “if the Pick prompt appears, click the account” the “enter the password then click next” part is in the other branch of the Parallel.

1 Like
9

Thanks for pointing this out :grinning: It does make the logic a bit simpler.

10

I solve this in a much simpler fashion in my opinion.
Just open the browser in incognito mode, a custom user profile can also be used and ‘reset’ each time, but I have found this to be ugly.

This causes the same screens to consistently appear. You dont need to worry about a list of ‘used accounts’ nor worry about it already having an account associated and going straight to the password prompt.

Significantly reduces the technical complexity and makes it very consistent.

1 Like
11

Are there any consequences to using Incognito? I would expect that some web apps/pages may not function properly in incognito, but I’ve never tried it so it’s just a guess.

12

I am not sure why you think something won’t work in Incognito?

Its highly reliable. The only concern and annoyance is related to updating the robot versions.
When this happens the chrome extension can also be updated and the settings will go back to default and by default extensions arent enabled for incognito.
Not sure if Edge works the same in regards to upgrades, but I’d expect so.

I find this to be a reasonable ‘cost’ by comparison for cleaner code and more reliable behaviour.

I am sure you have been in a scenario where you push your code to prod and it doesnt work because the website give a popup regarding cookies and you need to log into the prod machine to press accept to make it go away.
Developing in Incognito avoids this since the popup always appears, so you just tell the robot to press accept and it works entirely consistently on whatever machine or profile you run on.

13

Me either. I just always try to consider possible pitfalls.

Yes I’ve definitely seen things like that when migrating to production. I’m going to try incognito on my next automation, it sounds promising.