Hi @soly, have you tried entering a non-admin Azure AD user credentials? Check out this article from Microsoft about the offline_access scope: https://learn.microsoft.com/en-us/azure/active-directory/develop/scopes-oidc#offline_access
Hi @soly, have you tried entering a non-admin Azure AD user credentials? Check out this article from Microsoft about the offline_access scope: https://learn.microsoft.com/en-us/azure/active-directory/develop/scopes-oidc#offline_access
thanks for reply ,
we have tried using https://storage.azure.com/.default
but it does not work .
we are looking for a method that work with out entering the user credentials ( user name and password )
is there a method to let it work with default scope ?
please ,explain the steps if you have new idea
i have read some articles about the connection but IT Security does not want to use User.Read ,offline access Bcs it requires user credentials ,what they said .
so I am looking for a method without user credentials .thanks a lot .
thanks for reply ,
we have tried using https://storage.azure.com/.default
but it does not work .
we are looking for a method that work with out entering the user credentials ( user name and password )
is there a method to let it work with default scope ?
please ,explain the steps if you have new idea
i have read some articles about the connection but IT Security does not want to use User.Read ,offline access Bcs it requires user credentials ,what they said .
so I am looking for a method without user credentials .thanks a lot .
@nampreetatsafe Do u have solution for me to create the connection by using default scope ?
@soly Hi there, I know it’s been a little while since your question was addressed. It sounds like your organization would like you to use a method of authentication called the client credentials flow, where the registered application acts on its own behalf, and not on behalf of a logged-in user. Here’s a nice article from Microsoft on this auth method in a MS Entra context:
https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-client-creds-grant-flow
Generally, this client credentials flow with MS Entra can be configured in FME for those requests which make use of the Graph API. It gets a bit more tricky when other MS APIs are involved, as there may or may not be API permissions available which support client credentials flow with those other MS APIs.
If you could provide some more details on your workflow in FME (i.e. what resource are you trying to access? What formats / transformers are you using in your FME workflow to try and access these resources?), we might be able to make some suggestions on how to get this client credentials flow going for you.
Even better if you could post a copy of your workspace (with sensitive info redacted, of course!). If you feel that a more detailed conversation is needed here, please don’t hesitate to file a support ticket with the Safe Support Team.