Skip to main content

Hallo.

i am trying to create connection between FME desktop and azure ad

i have client id an client secret and tennant id

but I am not sure ,what is [OAUTH Scope] ?

Where should I get it from ?

i have written

https://Storage.azure.com instead of Oauth scope because it is the resource.

then i clicked test but It shows me a window to log in with Microsoft online .

could someone advice me ,what should I do ?

thanks is in advance

fme 2021

Hi @soly​, have you tried entering a non-admin Azure AD user credentials? Check out this article from Microsoft about the offline_access scope: https://learn.microsoft.com/en-us/azure/active-directory/develop/scopes-oidc#offline_access


Hi @soly​, have you tried entering a non-admin Azure AD user credentials? Check out this article from Microsoft about the offline_access scope: https://learn.microsoft.com/en-us/azure/active-directory/develop/scopes-oidc#offline_access

thanks for reply ,

we have tried using https://storage.azure.com/.default

but it does not work .

we are looking for a method that work with out entering the user credentials ( user name and password )

is there a method to let it work with default scope ?

please ,explain the steps if you have new idea

i have read some articles about the connection but IT Security does not want to use User.Read ,offline access Bcs it requires user credentials ,what they said .

so I am looking for a method without user credentials .thanks a lot .


thanks for reply ,

we have tried using https://storage.azure.com/.default

but it does not work .

we are looking for a method that work with out entering the user credentials ( user name and password )

is there a method to let it work with default scope ?

please ,explain the steps if you have new idea

i have read some articles about the connection but IT Security does not want to use User.Read ,offline access Bcs it requires user credentials ,what they said .

so I am looking for a method without user credentials .thanks a lot .

@nampreetatsafe​ Do u have solution for me to create the connection by using default scope ?


@soly Hi there, I know it’s been a little while since your question was addressed. It sounds like your organization would like you to use a method of authentication called the client credentials flow, where the registered application acts on its own behalf, and not on behalf of a logged-in user. Here’s a nice article from Microsoft on this auth method in a MS Entra context:

https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-client-creds-grant-flow

Generally, this client credentials flow with MS Entra can be configured in FME for those requests which make use of the Graph API. It gets a bit more tricky when other MS APIs are involved, as there may or may not be API permissions available which support client credentials flow with those other MS APIs.

If you could provide some more details on your workflow in FME (i.e. what resource are you trying to access? What formats / transformers are you using in your FME workflow to try and access these resources?), we might be able to make some suggestions on how to get this client credentials flow going for you.

Even better if you could post a copy of your workspace (with sensitive info redacted, of course!). If you feel that a more detailed conversation is needed here, please don’t hesitate to file a support ticket with the Safe Support Team.


Reply