%3CLINGO-SUB%20id%3D%22lingo-sub-1978513%22%20slang%3D%22en-US%22%3EUsing%20Service%20Account%20for%20Office%20365%20Outlook%20Connector%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1978513%22%20slang%3D%22en-US%22%3E%3CP%3ESome%20of%20the%20users%20have%20a%20need%20to%20use%20service%20account%20for%20the%20connection%20-%20some%20other%20account%20than%20the%20logged%20in%20user.%20However%20because%20of%20SSO%2C%20this%20does%20not%20work%20-%20even%20after%20providing%20username%20in%20the%20credential%20pop%20up%2C%20it%20defaults%20back%20to%20the%20logged%20in%20user.%20The%20workarounds%20are%20documented%20here%20-%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fconnectors%2Fconnectors-create-api-office365-outlook%23connect-using-other-accounts%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EIntegrate%20with%20Office%20365%20Outlook%20-%20Azure%20Logic%20Apps%20%7C%20Microsoft%20Docs%3C%2FA%3E%3C%2FP%3E%0A%3CP%3EAlso%20as%20a%20workaround%2C%20it%20is%20possible%20to%20use%20HTTP%20action%20with%20AAD%20authentication%20to%20call%20the%20Graph%20API%20directly.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EOne%20of%20the%20members%20from%20dev%20team%20has%20found%20a%20hack%20to%20get%20it%20working.%20For%20a%20good%20number%20of%20users%2C%20it%20has%20worked.%20If%20you%20are%20are%20reluctant%20to%20provide%20contributor%20access%20to%20the%20service%20account%2C%20it%20may%20be%20worth%20trying.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%3CSPAN%20data-contrast%3D%22auto%22%3ESymptom%3A%3C%2FSPAN%3E%3C%2FSTRONG%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EA%20user%20logs%20into%20Azure%20portal%20as%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22mailto%3Auser1%40comname.com%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3E%3CSPAN%20data-contrast%3D%22auto%22%3Euser1%40xxx.com%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%26nbsp%3Band%20he%20wants%20to%20create%20a%20logic%20app%20to%20send%20emails%20from%20logic%20app.%20He%20does%20not%20want%20the%20email%20to%20be%20sent%20from%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22mailto%3Auser1%40xxx.com%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3E%3CSPAN%20data-contrast%3D%22auto%22%3Euser1%40xxx.com%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%26nbsp%3Band%20instead%20he%20wants%20the%20email%20to%20be%20sent%20from%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22mailto%3Auser2%40xxx.com%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3E%3CSPAN%20data-contrast%3D%22auto%22%3Euser2%40xxx.com%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-contrast%3D%22auto%22%3E.%26nbsp%3B%20Logically%20he%20add%20the%20Outlook365%20action%20to%20the%20logic%20app%20and%20then%20try%20to%20create%20the%20connection%20as%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22mailto%3Auser2%40xxx.com%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3E%3CSPAN%20data-contrast%3D%22auto%22%3Euser2%40xxx.com%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-contrast%3D%22auto%22%3E.%26nbsp%3B%20The%20problem%20is%20that%20even%20though%20he%20specifies%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22mailto%3Auser2%40xxx.com%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3E%3CSPAN%20data-contrast%3D%22auto%22%3Euser2%40xxx.com%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%26nbsp%3Bon%20connection%20creation%2C%20the%20connection%20is%20still%20created%20with%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22mailto%3Auser1%40xxx.com%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3E%3CSPAN%20data-contrast%3D%22auto%22%3Euser1%40xxx.com%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-contrast%3D%22auto%22%3E.%26nbsp%3B%20This%20is%20because%20AAD%20has%20the%20SSO%20feature%2C%20where%20AAD%20notices%20he%20has%20already%20logged%20in%20as%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22mailto%3Auser1%40xxx.com%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3E%3CSPAN%20data-contrast%3D%22auto%22%3Euser1%40xxx.com%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%26nbsp%3Band%20it%20just%20uses%20that%20as%20the%20credential.%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%3CSPAN%20data-contrast%3D%22auto%22%3ESolution%3A%26nbsp%3B%3C%2FSPAN%3E%3C%2FSTRONG%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EThis%20feature%2F%20issue%20lies%20on%20the%20AAD%20SSO%20side%20-%20can%20check%20SSO%20article%20for%20more%20details%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fmanage-apps%2Fwhat-is-single-sign-on%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EWhat%20is%20Azure%20single%20sign-on%20(SSO)%3F%20%7C%20Microsoft%20Docs%3C%2FA%3E.%26nbsp%3B%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EFrom%20the%20Logic%20Apps%20side%20dev%20member%20Dan%20has%20found%20a%20workaround%20below.%20It%20is%20a%20hacky%20workaround%20but%20works%20most%20of%20the%20times%3A%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%20data-aria-posinset%3D%221%22%20data-aria-level%3D%222%22%3E%3CSPAN%20data-contrast%3D%22auto%22%3EOpen%20IE%20Browser%20setting%20to%20disable%20Integrated%20Windows%20Authentication%20under%20Internet%20Options%2FAdvanced%20tab.%20Close%20the%20browser%20and%20open%20it%20again%20to%20verify%20the%20setting%20is%20good.%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%20data-aria-posinset%3D%222%22%20data-aria-level%3D%222%22%3E%3CSPAN%20data-contrast%3D%22auto%22%3EAfter%20you%20click%20%E2%80%9CSign%20In%E2%80%9D%20and%20the%20authentication%20popup%20displays%2C%20copy%20the%20URL%2C%20it%20should%20look%20something%20like%20this%3A%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3CBR%20%2F%3E%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3CBR%20%2F%3E%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Flogin.microsoftonline.com%252Fcommon%252Foauth2%252Fauthorize%253Fclient_id%253D7ab7862c-4c57-491e-8a45-d52a7e023983%2526response_type%253Dcode%2526redirect_uri%253Dhttps%25253a%25252f%25252flogic-apis-centralus.consent.azure-apim.net%25252fredirect%2526resource%253Dhttps%25253a%25252f%25252fapi.office.com%25252fdiscovery%25252f%2526state%253Dbc91a2a8-90d6-4474-a14d-3d581e38db8d%2526prompt%253Dselect_account%2526claims%253D%26amp%3Bdata%3D02%257C01%257Cxuehongg%2540microsoft.com%257C822a7794b52b4a18afb208d6c496a5bf%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C636912548637094871%26amp%3Bsdata%3DTMP7d487jW1kSRcjodPowC9UdY1bt2aUUKi4ROPPxO4%253D%26amp%3Breserved%3D0%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3E%3CSPAN%20data-contrast%3D%22auto%22%3Ehttps%3A%2F%2Flogin.microsoftonline.com%2Fcommon%2Foauth2%2Fauthorize%3Fclient_id%3D7ab7862c-4c57-491e-8a45-d52a7e023983%26amp%3Bresponse_type%3Dcode%26amp%3Bredirect_uri%3Dhttps%253a%252f%252flogic-apis-centralus.consent.azure-apim.net%252fredirect%26amp%3Bresource%3Dhttps%253a%252f%252fapi.office.com%252fdiscovery%252f%26amp%3Bstate%3Dbc91a2a8-90d6-4474-a14d-3d581e38db8d%26amp%3B%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Eprompt%3Dselect_account%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%26amp%3Bclaims%3D%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%20data-aria-posinset%3D%223%22%20data-aria-level%3D%222%22%3E%3CSPAN%20data-contrast%3D%22auto%22%3EReplace%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Eprompt%3Dselect_acount%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%26nbsp%3Bwith%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Eprompt%3Dlogin%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%2C%20copy%20this%20to%20your%20clipboard%3A%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3CBR%20%2F%3E%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Flogin.microsoftonline.com%252Fcommon%252Foauth2%252Fauthorize%253Fclient_id%253D7ab7862c-4c57-491e-8a45-d52a7e023983%2526response_type%253Dcode%2526redirect_uri%253Dhttps%25253a%25252f%25252flogic-apis-centralus.consent.azure-apim.net%25252fredirect%2526resource%253Dhttps%25253a%25252f%25252fapi.office.com%25252fdiscovery%25252f%2526state%253Dbc91a2a8-90d6-4474-a14d-3d581e38db8d%2526prompt%253Dlogin%2526claims%253D%26amp%3Bdata%3D02%257C01%257Cxuehongg%2540microsoft.com%257C822a7794b52b4a18afb208d6c496a5bf%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C636912548637104875%26amp%3Bsdata%3DmexrtBp0ThQfgfQd10ufO5ONVtIOWgbwwiGDbENQpIg%253D%26amp%3Breserved%3D0%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3E%3CSPAN%20data-contrast%3D%22auto%22%3Ehttps%3A%2F%2Flogin.microsoftonline.com%2Fcommon%2Foauth2%2Fauthorize%3Fclient_id%3D7ab7862c-4c57-491e-8a45-d52a7e023983%26amp%3Bresponse_type%3Dcode%26amp%3Bredirect_uri%3Dhttps%253a%252f%252flogic-apis-centralus.consent.azure-apim.net%252fredirect%26amp%3Bresource%3Dhttps%253a%252f%252fapi.office.com%252fdiscovery%252f%26amp%3Bstate%3Dbc91a2a8-90d6-4474-a14d-3d581e38db8d%26amp%3B%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Eprompt%3Dlogin%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%26amp%3Bclaims%3D%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%20data-aria-posinset%3D%224%22%20data-aria-level%3D%222%22%3E%3CSPAN%20data-contrast%3D%22auto%22%3EBring%20up%20the%20browser%20F12%20tools%20for%20the%20popup%20and%20change%20the%20popup%20location%20by%20typing%3A%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3CBR%20%2F%3E%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3CBR%20%2F%3E%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Ethis.document.location%3D%22%7B%3C%2FSPAN%3E%3CI%3E%3CSPAN%20data-contrast%3D%22auto%22%3Epaste%20URL%20here%3C%2FSPAN%3E%3C%2FI%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%7D%22%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%20data-aria-posinset%3D%225%22%20data-aria-level%3D%222%22%3E%3CSPAN%20data-contrast%3D%22auto%22%3EThis%20will%20change%20the%20sign%20in%20popup%20to%20a%20standard%20sign%20in%20form.%20Continue%20the%20sign%20in%20process%20to%20completion%2C%20it%20should%20use%20the%20correct%20account.%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EPicture%20for%20reference%3A%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Shailesh_Agre_0-1607667629987.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F239760i22AC7B728CB1A9C4%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22Shailesh_Agre_0-1607667629987.png%22%20alt%3D%22Shailesh_Agre_0-1607667629987.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-1978513%22%20slang%3D%22en-US%22%3E%3CP%3ESome%20of%20the%20users%20have%20a%20need%20to%20use%20service%20account%20for%20the%20connection%20-%20some%20other%20account%20than%20the%20logged%20in%20user.%20However%20because%20of%20SSO%2C%20this%20does%20not%20work%20-%20even%20after%20providing%20username%20in%20the%20credential%20pop%20up%2C%20it%20defaults%20back%20to%20the%20logged%20in%20user.%20The%20workarounds%20are%20documented%20here%20-%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fconnectors%2Fconnectors-create-api-office365-outlook%23connect-using-other-accounts%22%20rel%3D%22noopener%20noreferrer%22%20target%3D%22_blank%22%3EIntegrate%20with%20Office%20365%20Outlook%20-%20Azure%20Logic%20Apps%20%7C%20Microsoft%20Docs%3C%2FA%3E%3C%2FP%3E%0A%3CP%3EAlso%20as%20a%20workaround%2C%20it%20is%20possible%20to%20use%20HTTP%20action%20with%20AAD%20authentication%20to%20call%20the%20Graph%20API%20directly.%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1978513%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ELogic%20Apps%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Microsoft

Some of the users have a need to use service account for the connection - some other account than the logged in user. However because of SSO, this does not work - even after providing username in the credential pop up, it defaults back to the logged in user. The workarounds are documented here - Integrate with Office 365 Outlook - Azure Logic Apps | Microsoft Docs

Also as a workaround, it is possible to use HTTP action with AAD authentication to call the Graph API directly.

 

One of the members from dev team has found a hack to get it working. For a good number of users, it has worked. If you are are reluctant to provide contributor access to the service account, it may be worth trying.

 

Symptom: 

 

A user logs into Azure portal as user1@xxx.com and he wants to create a logic app to send emails from logic app. He does not want the email to be sent from user1@xxx.com and instead he wants the email to be sent from user2@xxx.com.  Logically he add the Outlook365 action to the logic app and then try to create the connection as user2@xxx.com.  The problem is that even though he specifies user2@xxx.com on connection creation, the connection is still created with user1@xxx.com.  This is because AAD has the SSO feature, where AAD notices he has already logged in as user1@xxx.com and it just uses that as the credential.  

 

Solution:  

 

This feature/ issue lies on the AAD SSO side - can check SSO article for more details What is Azure single sign-on (SSO)? | Microsoft Docs.   

 

From the Logic Apps side dev member Dan has found a workaround below. It is a hacky workaround but works most of the times: 

 

  

  • Open IE Browser setting to disable Integrated Windows Authentication under Internet Options/Advanced tab. Close the browser and open it again to verify the setting is good. 

 

  

Picture for reference: 

 

Shailesh_Agre_0-1607667629987.png