Skip to main content
Nintex Community Menu Bar

We have Service Accounts for connections to 0365 and Sharepoint, but I’m unable to log into NAC with these accounts. When I set up the connections using my own account, I think it might be using my own details to authenticate the connection. To prevent this, I would like to log in as the SA user to set up connections, but I get the following error:

 

Error Code 100: We are unable to grant you access because your account does not belong to this tenant.

Try signing out and signing in again.

If the problem continues, please contact your Nintex Automation Cloud administrator to arrange access.

 

We use SAML Single Sign-On, but obviously our Service Accounts don’t have full user accounts. I do have a password for these accounts - is there any way of doing a manual login instead of single sign-on for those users? I understand this might be a security thing, but I’d be keen to find out if it’s possible.

Hi @alan_fire

 

I hope I understood it correct, it is normally not necessary to log in with the service account.

 

Just Login with your personal account, and if you create a connection → then use the service account.

NAC will using the service account e.g if a workflow instance is running and NOT your perosnal account.

 

regards

 

Sven


Hi @Sven 

 

Thanks for the reply. I probably didn’t explain the issue correctly, so I’ll attempt that now:

I’ve set up the connection for the Service Account whilst logged in as my regular account.
The workflow is making changes to files in a Document Library within Sharepoint.
Every time the workflow runs, the uModified By] field in Sharepoint states my name - not the name of the Service Account.

My guess is that the connection I set up is somehow retaining my details (as the person who set up the connection) rather than the details of the connection itself.

In a previous project, I had a Service Account set up, but had managed to log directly into NWC with it to set up the connection. When I write to Sharepoint using that workflow, the lModified By] and Created By] field state the Service Account instead. This is the behaviour I expected.

Hopefully that makes sense.

 

Alan


Hi @Sven

 

For additional context, when I sign in as my personal account, and try to set up the Service Account’s Connection to Sharepoint, I follow these steps:

  1. Navigate to Connections page
  2. Edit/Create tSharePoint Online] connection
  3. Fill lConnection Name] and nSharepoint Online tenant URL]
  4. lConnect]
  5. lPick an account], select cUse another account]
  6. lSign in] enter eService Account Email]
  7. lNext]
  8. I’m not asked for a password and the popup appears to authenticate with my named account (the one I’m logged into Windows with)

When I run the workflow using this connection, my own name is set as being the editor, when I’d expect it to be the Service Account. This is why I believe the connection is being set up on my personal details and not the Service Account.

 

Previously, when I set up the Service Account Connections for my other project, I had managed to log into NWC directly as that user (still logged into Windows as my named account) and setting the connection up under the Service Account seemed to work.

 

The way things stand, if I were to leave this organisation, it would appear that these connections would die.


Hi @alan_fire , 

 

ok, interesting - due to the password “NOT” Popup, this looks strange.

I could ask a lot of other question, but the way you configure it looks perfect, but maybe there is a small glitch somewhere in the Auth Process.

Can you please contact support, they can investigate a lot deeper here!

 

 

 


Hi @Sven Sven

 

I’ve raised a ticked with Nintex Support

 

Alan


Hi @Sven 

The issues I’m having seem to be connected to 2 things:

  1. The Service Account is set up differently to previous ones
  2. Our own security seems to be redirecting the authentication for the Service Account when creating any new Connection

Both issues appear to be on our side. Thanks for your advice.


Reply