Using an Azure Service Principal for Power Platform connections

Create an App Registration, assign a secret password, assign permissions, and use it in a Power Automate workflow to connect to Dynamics.

Using an Azure Service Principal for Power Platform connections
Photo by Tadas Sar / Unsplash

When connecting to external sources, like Dynamics from Power Automate or Power Apps, by default it will use the account that created the connection. For example, if your creating a Flow with your own account, the flow will connect to these data sources using your account.

An alternative is to create a separate user account that has access to these data sources and when creating our connections, use that account instead of our own.

However, the reliable and secure way to handle this is to use an Azure App Registration. The App Registration is given the permissions it needs in the external data sources, without being a licensed user.

This post provides the steps to create an App Registration, assign a secret password, assign permissions, and use it in a Power Automate workflow. [1]

Unfortunately, this doesn't work with SharePoint (yet). We can configure the App Registration with access to SharePoint, but there is not an option to connect to SharePoint using a Service Principal, like we can with Dynamics.

Create the App Registration

  1. Log into Azure Portal.
  2. Open App Registrations.
  3. Create a new registration.Give it a name and leave the defaults.

Configure API Permissions for Dynamics CRM

  1. From the new App Registration, click API Permissions.
  2. Select Add a permission.
  3. Select Dynamics CRM.
  4. Select Delegated permissions.
  5. Check the user_impersonation permission.
  6. Click the Add Permissions button.
  7. While on the API Permissions page, click Grant admin consent for Abel Solutions Demo. Choose yes, to confirm.

Give the App Registration a secret password.

  1. From the new App Registration, click Certificates & Secrets.
  2. Select New client secret. Give it a description and expiration.
  3. Copy the Value and Secret ID (you will not be able to get to them later).

Add the new App Registration to Power Platform

  1. Go to the Power Platform Admin Center and open the environment that will be using this App Registration.
  2. From the environment screen, select Settings.
  3. Expand Users + Permissions and select Application users.
  4. Click New app user then Add an app.
  5. Select the App Registration you created earlier.
  6. Click Add.
  7. Select the Business Unit.
  8. Add the System Administrator Security Role.
  9. Click Create.

Use the App Registration in Power Automate

  1. Open your Flow.
  2. Add a Dataverse Action.
  3. Click the ... then + New connection reference.
  4. Instead of signing in, click the link Connect with service principal.
  5. Enter the Connection Name.
  6. Paste the Client ID (found on App Registration Overview screen).
  7. Paste the Client Secret (Copied earlier).
  8. Paste the Tenant ID (found on App Registration Overview screen).

  1. Matthew's post "A Visual Guide to Power Platform Service Principal Setup" was a big help when setting this up. ↩︎