Using Service Account for Office 365 Outlook Connector

This article is contributed. See the original author and article here.

Some of the users have a need to use service account for the connection – some other account than the logged in user. However because of SSO, this does not work – even after providing username in the credential pop up, it defaults back to the logged in user. The workarounds are documented here – Integrate with Office 365 Outlook – Azure Logic Apps | Microsoft Docs

Also as a workaround, it is possible to use HTTP action with AAD authentication to call the Graph API directly.

 

One of the members from dev team has found a hack to get it working. For a good number of users, it has worked. If you are are reluctant to provide contributor access to the service account, it may be worth trying.

 

Symptom: 

 

A user logs into Azure portal as user1@xxx.com and he wants to create a logic app to send emails from logic app. He does not want the email to be sent from user1@xxx.com and instead he wants the email to be sent from user2@xxx.com.  Logically he add the Outlook365 action to the logic app and then try to create the connection as user2@xxx.com.  The problem is that even though he specifies user2@xxx.com on connection creation, the connection is still created with user1@xxx.com.  This is because AAD has the SSO feature, where AAD notices he has already logged in as user1@xxx.com and it just uses that as the credential.  

 

Solution:  

 

This feature/ issue lies on the AAD SSO side – can check SSO article for more details What is Azure single sign-on (SSO)? | Microsoft Docs.   

 

From the Logic Apps side dev member Dan has found a workaround below. It is a hacky workaround but works most of the times: 

 

  

• Open IE Browser setting to disable Integrated Windows Authentication under Internet Options/Advanced tab. Close the browser and open it again to verify the setting is good. 

 

• After you click “Sign In” and the authentication popup displays, copy the URL, it should look something like this: 
   
  https://login.microsoftonline.com/common/oauth2/authorize?client_id=7ab7862c-4c57-491e-8a45-d52a7e023983&response_type=code&redirect_uri=https%3a%2f%2flogic-apis-centralus.consent.azure-apim.net%2fredirect&resource=https%3a%2f%2fapi.office.com%2fdiscovery%2f&state=bc91a2a8-90d6-4474-a14d-3d581e38db8d&prompt=select_account&claims= 


• Replace prompt=select_acount with prompt=login, copy this to your clipboard: 
  https://login.microsoftonline.com/common/oauth2/authorize?client_id=7ab7862c-4c57-491e-8a45-d52a7e023983&response_type=code&redirect_uri=https%3a%2f%2flogic-apis-centralus.consent.azure-apim.net%2fredirect&resource=https%3a%2f%2fapi.office.com%2fdiscovery%2f&state=bc91a2a8-90d6-4474-a14d-3d581e38db8d&prompt=login&claims= 


• Bring up the browser F12 tools for the popup and change the popup location by typing: 
   
  this.document.location=”{paste URL here}” 


• This will change the sign in popup to a standard sign in form. Continue the sign in process to completion, it should use the correct account. 

  

Picture for reference: 

 

 

 

 

 

Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.