Skip to main content

Notifications

Announcements

Join us on April 2nd for the Power Platform AMA - Copilot Studio Edition
🌸 Community Spring Festival 2025 Challenge 🌸
Welcome to the Power Platform Communities
News and Announcements icon
Community site session details

Community site session details

Session Id : JrelqVigyNFvVfYg8Clxlh
Power Platform Community / Forums / Power Apps - Microsoft Dataverse / Creating a Dataverse S...
Power Apps - Microsoft Dataverse
Suggested answer

Creating a Dataverse Service Principal and Environment Variable for Azure Key Vault

Like (1) ShareShare
ReportReport
Posted on 28 Mar 2025 15:46:52 by pp365 394
Hi everyone,
 
I have set up an Azure Key Vault which works well in the scope of a Flow which I authored and ran. (The Azure Subscription, Resource Group, Key Vault and Secret are working correctly in the Flow when they are called by the Flow).
 
I am trying to take this a step further, to add an Environment Variable in my Dataverse-based Solution which will call Key Vault to obtain the Secret. When I try to save the Environment Variable, I see this error:
 
 
The 'Owner' of the resources is logged in at the time the above is attempted, so it seems that the "User" it's referring to is the Dataverse 'service', and not the scope of a user account.

I've found instructions that say that I need to register the Microsoft.PowerPlatform resource provider in my Azure subscription (https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-providers-and-types). I can confirm this has already been done.

It also states:

"Azure Key Vault must have the Key Vault Secrets User role granted to the Dataverse service principal. If it doesn't exist for this vault, add a new access policy using the same method you previously used for the end user permission, only using the Dataverse application identity instead of the user. 

If you have multiple Dataverse service principals in your tenant, then we recommend that you select them all and save the role assignment. Once the role is assigned, review each Dataverse item listed in the role assignments list and select the Dataverse name to view the details. If the Application ID isn't 00000007-0000-0000-c000-000000000000**, then select the identity, and then select Remove to remove it from the list."

 

The problem is, I do not know how to check if we have a Dataverse Service Principal, or, how to set one up. Completing some searches for this have not revealed any information. Can anyone advise on next steps for this?

Thank you!

 

Categories:
Microsoft Dataverse
  • pp365 Profile Picture
    pp365 394 on 31 Mar 2025 at 18:15:43
    Creating a Dataverse Service Principal and Environment Variable for Azure Key Vault
    Hi again @MichaelFP , everyone,
     
    I have proceeded to create a Service Principal within a Flow, for Dataverse tables - so the linked instructions do work for this. But, this does not extend to the Environment Variable concept. This matter remains pending. As mentioned in my last post, I can only assume there is an additional piece of the puzzle here since I am yet to see any instructions on how the Application Client ID or Client Secret or Directory (Tenant ID) can be matched against the Environment Variable - and yet these are the attributes needed to create a Service Principal in the Flow context.
     
    Any further help on this would be greatly appreciated, thank you!
  • pp365 Profile Picture
    pp365 394 on 31 Mar 2025 at 15:20:25
    Creating a Dataverse Service Principal and Environment Variable for Azure Key Vault
     
    Thank you for your reply and the linked resource. I've followed all the steps in the linked resource, and still no luck, I am getting the same error.
     
    Whilst I can see how the linked resource might work for a Power Automate Flow, I don't see how that would enable the use of an Environment Variable as there is nowhere to specify, within the creation of the Environment Variable, the Application Client ID or Client Secret or Directory (Tenant ID) which are surely the authentication pieces required? 
     
    In the linked article, in Create Flow, Step 4, the above details are added. This makes sense as you are providing the authentication details to the Flow which have been set up against the Application and in turn the Security Role provided to the Application. But during the creation of the Environment Variable there is nowhere to enter these data?
     
    It is very frustrating that (as usual), Microsoft documentation on this to any degree of usefulness is completely non-existent. Can you advise further please? Thank you very much!
  • Suggested answer
    MichaelFP Profile Picture
    MichaelFP 1,692 Super User 2025 Season 1 on 30 Mar 2025 at 15:11:48
    Creating a Dataverse Service Principal and Environment Variable for Azure Key Vault
    These Dataverse Principal are App registration inside on the Microsoft Entra ID. So need to create one of this and them include in your environments and after that on the azure apply the roles that you got from the documentation.
     
    Setup a Service Principal in Power Automate

    If my answer helped you, please give me a thumbs up (👍). If solve your question please mark as answer ✔️. This is help the community.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Join us on April 2nd for the Power Platform AMA - Copilot Studio Edition
🌸 Community Spring Festival 2025 Challenge 🌸
Welcome to the Power Platform Communities

Quick Links

🌸 Community Spring Festival 2025 Challenge 🌸

WIN Power Platform Community Conference 2025 tickets!

Kudos to the March Top 10 Community Stars!

Thanks for all your good work in the Community

Announcing Our 2025 Season 1 Super Users!

A new season of Super Users has arrived, and we are so grateful for the daily…

Leaderboard

#1
WarrenBelz Profile Picture

WarrenBelz 146,513 Most Valuable Professional

#2
RandyHayes Profile Picture

RandyHayes 76,287 Super User 2024 Season 1

#3
Pstork1 Profile Picture

Pstork1 65,636 Most Valuable Professional

Leaderboard

Featured topics

Product updates

Microsoft Power Platform Community release plans