Power Platform Community Forum Thread Details

We often face issues where a user has left the organization or moved to a different role & had permissions altered.
This causes issues in their flows that connect to sharepoint or Outlook 365 to send mails.
This limitation is preventing us really utilizing the power automate as an enterprise grade platform.

Is it possible to use a service principal to connect to these services, instead of the users?

Categories:

Using connectors

Hi @winston_smyth , As my knowledge, SharePoint Online and Office 365 Outlook connectors does not support service principal. Check this for SHarePoint: https://techcommunity.microsoft.com/t5/power-apps-power-automate/using-service-principals-with-sharepoint/m-p/2816413

It is available for Dataverse.

However, you can create service account with proper licenses and create the connections using this service account rather than creating with actual user account. And then upload the credentials of this service account in Azure vault and share the azure vault to team member for further uses.

There is still an alternate if you want to use service principal, then you might have to use graph API/ SharePoint RESR API to consumes the end points of SharePoint and Office 365 Outlook service which are available.

Here are the general steps to use a service principal in Power Automate:

Create an App Registration:

Go to the Azure portal (https://portal.azure.com/).
Navigate to "Azure Active Directory" > "App registrations" > "New registration."
Fill in the required details, such as name and supported account types.
Note down the "Application (client) ID" and "Directory (tenant) ID" for later use.

Generate Client Secret:

In the app registration, go to "Certificates & secrets" and create a new client secret.
Note down the generated secret value or save it in Azure Vault.

Assign Appropriate Permissions:

In the app registration, go to "API permissions."
Add the necessary permissions for the services your Power Automate flows interact with (e.g., Microsoft Graph, SharePoint).
Grant admin consent if required.

Use Service Principal in Power Automate:

In your Power Automate flow, use the "HTTP" or "HTTP with Azure AD" connector.
Configure the connector with the endpoint of the service you are connecting to (e.g., Microsoft Graph or SharePoint).
Use the client ID, client secret, and tenant ID obtained during the app registration.

-----------------------------------------------------------------------------------------------------------------------------

I hope this helps.

Please click Accept as solution ✅ if my post helped you solve your issue. This will help others find it more readily. It also closes the item. If the content was useful in other ways, please consider giving it Thumbs up.👍

Thanks,
ANB