MS interactive Authentication via Webportal

Hi all,

Commonly, we authenticate against our AAD via the “interactive authentication” in the “Microsoft Authentication” Node to for example connect to SharePoint. When we want to run the workflow on the server, we store the authentication as a token like this:

The authentication is then valid for quite some time and the workflow can run w/o re-authentication. Nevertheless, this also means, if someone else runs this workflow e.g., from the Webportal, (s)he would use my authentication and token and might access a SharePoint folder potentially w/o genuine permission.

Is there a possibility to force an interactive authentication via the webportal, to assure data integrity?

Thanks and BR,
Stiefel

One addtional, but not too sure if relevant information: When we connect or run a workflow via the Webportal, the users authenticate via OAUTH 2. So, to the KNIME Server it is known which user triggers a workflow.

Hi all,

I found other threads regarding this topic:

It seems that there is already an internal ticket.

Sorry for the spam then :slight_smile:

BR,
Stiefel

Hi @Residentstiefel

Let me find that ticket that was mentioned in your linked posts. For now I can point you to the Credentials Widget node as workaround. With that you can prompt users for their login credentials, and use them in the Microsoft Authentication node.

Best,
Alice

1 Like