Skip to main content

Connect

Connects to Azure Active Directory using client credentials and establishes an access ID for subsequent operations.

Common Properties

  • Name - The custom name of the node.
  • Color - The custom color of the node.
  • Delay Before (sec) - Waits in seconds before executing the node.
  • Delay After (sec) - Waits in seconds after executing node.
  • Continue On Error - Automation will continue regardless of any error. The default value is false.
info

If ContinueOnError property is true, no error is caught when the project is executed even if Catch node is used.

Inputs

  • Tenant Id - Azure AD tenant ID (directory ID). Found in Azure Portal > Azure Active Directory > Overview.
  • Client Id - Azure AD application (client) ID. Found in your app registration overview.

Options

  • Client Secret - Credential from vault containing the Azure AD application client secret. Create this in Azure Portal > App registrations > Your app > Certificates & secrets.

Output

  • Access Id - Unique access ID for using in subsequent Active Directory operations. Pass this to other nodes to perform authenticated operations.

How It Works

The Connect node:

  1. Validates the provided tenant ID, client ID, and client secret
  2. Obtains an access token from Azure AD using OAuth2 client credentials flow
  3. Generates a unique access ID and stores the token internally
  4. Returns the access ID to be used with other Active Directory nodes

The access token is cached for the duration of your automation flow. Other nodes can use either:

  • The access ID from Connect node (recommended for better performance)
  • Direct credentials (if you don't want to use Connect)

Examples

Basic Connection

Connect to Azure AD and use the access ID for subsequent operations:

// Connect node inputs
tenant_id = "12345678-1234-1234-1234-123456789012"
client_id = "abcdef12-3456-7890-abcd-ef1234567890"
// Client Secret from vault: "my-azure-ad-secret"

// Connect node output
access_id = "a1b2c3d4-e5f6-7890-abcd-ef1234567890"

// Use access_id in other nodes
// No additional authentication needed

Storing Credentials in Vault

  1. In Robomotion, go to Vault
  2. Create a new credential (Token category)
  3. Name it (e.g., "azure-ad-client-secret")
  4. Paste your client secret value
  5. Use this credential in the Connect node
// In Connect node:
// Client Secret option: Select "azure-ad-client-secret" from vault

Complete Authentication Flow

// Step 1: Connect to Azure AD
// Connect node
// - Tenant Id: "12345678-1234-1234-1234-123456789012"
// - Client Id: "abcdef12-3456-7890-abcd-ef1234567890"
// - Client Secret: [from vault]
// Output: access_id

// Step 2: Use access ID for operations
// Create User node
// - Access Id: message.access_id
// - User properties...

// Step 3: Continue using same access ID
// Get User node
// - Access Id: message.access_id
// - User Id: "user@domain.com"

Finding Your Azure AD Credentials

To get your tenant ID, client ID, and client secret:

  1. Tenant ID:

    • Go to Azure Portal
    • Navigate to Azure Active Directory
    • Copy the "Tenant ID" from the Overview page

  2. Client ID and Secret:

    • Go to Azure Active Directory > App registrations
    • Select your application (or create new one)
    • Copy the "Application (client) ID"
    • Go to "Certificates & secrets"
    • Click "New client secret"
    • Set description and expiration
    • Copy the secret Value (shown only once!)

Tips for Effective Use

  • Reuse access ID: Create one connection at the start and use the access ID across all Active Directory nodes
  • Secure storage: Always store client secret in Robomotion Vault, never hardcode it
  • Token lifetime: Access tokens are valid for about 1 hour. The Connect node handles token expiration automatically
  • Connection pooling: Each Connect creates a new session. Use one Connect per flow to avoid unnecessary API calls
  • Error handling: Use Try-Catch blocks to handle authentication failures gracefully
  • Permission check: Verify your app has required Graph API permissions before running

Common Errors and Solutions

"Client Id cannot be empty"

Cause: The Client Id input was not provided or is empty.

Solution: Provide your Azure AD application client ID:

client_id = "your-client-id-here"
// Format: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

"Client Secret cannot be empty"

Cause: The Client Secret credential is missing or empty.

Solution:

  • Create a credential in Robomotion Vault
  • Store your client secret value
  • Select the credential in the Connect node Options

"Tenant Id cannot be empty"

Cause: The Tenant Id input was not provided or is empty.

Solution: Provide your Azure AD tenant ID:

tenant_id = "your-tenant-id-here"
// Format: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

"Response Status is not OK"

Cause: Authentication failed due to invalid credentials or insufficient permissions.

Solution:

  • Verify tenant ID, client ID, and client secret are correct
  • Check that the client secret hasn't expired
  • Ensure the Azure AD application has required API permissions:
    • User.ReadWrite.All
    • Group.ReadWrite.All
    • Directory.ReadWrite.All
  • Verify admin consent has been granted for these permissions
  • Check that the application is enabled in Azure AD

"Failed to connect to Azure AD"

Cause: Network connectivity issue or Azure AD service unavailable.

Solution:

  • Check internet connectivity
  • Verify firewall allows HTTPS to login.microsoftonline.com
  • Check Azure AD service status
  • Retry the connection after a few moments

Best Practices

  1. Single connection per flow: Create one Connect node at the beginning and reuse the access ID
  2. Credential rotation: Update client secrets before they expire and update vault accordingly
  3. Least privilege: Only grant permissions your automation actually needs
  4. Error logging: Log authentication failures for troubleshooting and security monitoring
  5. Testing: Test connection in development environment before production deployment
  6. Service accounts: Use dedicated service accounts for automation, not personal accounts
  7. Monitoring: Track connection success/failure rates to detect issues early
  8. Documentation: Document which Azure AD app is used for which automation flows

All other Active Directory nodes can use the access ID from Connect: