web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Automate / Cross-Tenant Azure SQL...
Power Automate
Suggested Answer

Cross-Tenant Azure SQL Connection Fails from power automate

(0) ShareShare
ReportReport
Posted on by
I am attempting to connect a Power Automate Cloud Flow hosted in Tenant A to an Azure SQL Database hosted in Tenant B. I am trying to use the native SQL Server Connector action (such as GetTable_V2 / Get Rows).
Despite configuring a multi-tenant App Registration and creating a fresh connection asset, the action continuously fails to retrieve dynamic outputs or initialize, returning a 400 Bad Request error.

{
"status": 400,
"message": "Invalid connection settings\r\n inner exception: Not enough information to establish a Sql Connection\r\nclientRequestId: 9a165c42-35f8-4072-85c5-a2d8da96aa4a",
"error": {
"message": "Invalid connection settings\r\n inner exception: Not enough information to establish a Sql Connection"
},
"source": "sql-ase.azconn-ase-001.p.azurewebsites.net"
}

 
What I Have Already Attempted & Verified:
  1. Firewall Configurations: In Tenant B's Azure SQL Server, the firewall exception "Allow Azure services and resources to access this server" is strictly enabled.
      2. Authentication Flow (401 Resolution): Initially tried Microsoft Entra ID Integrated authentication, which                  correctly threw a 401 token issuer error. I successfully pivoted to a multi-tenant Service Principal architecture.
      3.Service Principal Setup:
  • Created a multi-tenant App Registration in Tenant B.
  • Provisioned the Service Principal inside the target database via T-SQL containment (CREATE USER [App-Name] FROM EXTERNAL PROVIDER) and assigned it db_datareader and db_datawriter roles.
Categories:
I have the same question (0)
  • Suggested answer
    sannavajjala87 Profile Picture
    515 Super User 2026 Season 1 on at
    This error usually means the SQL connector connection object is missing one of the required SQL connection properties, not only that the service principal lacks permissions.
     
    A few things I would check:
     
    1. Make sure the SQL connector connection is created with all required values:
     
     
     
    Server name: yourserver.database.windows.net
    Database name: yourdatabasename
    Authentication type: Service principal / Microsoft Entra application
    Tenant ID: Tenant B ID
    Client ID: App registration client ID
    Client secret: valid secret
     
    Do not use only the Azure SQL resource ID or partial server name.
     
    2. Confirm where the app registration should live.
     
     
     
    For cross-tenant access, the app registration can be multi-tenant, but the service principal must exist in the tenant that owns the SQL database, and SQL must be able to resolve that identity.
     
    3. Confirm the database user exists in the actual target database, not only master.
     
     
     
    Run in the target database:
     
    SELECT name, type_desc
    FROM sys.database_principals
    WHERE name = 'App-Name';
     
    Then confirm role membership:
     
    SELECT 
        dp.name AS principal_name,
        rp.name AS role_name
    FROM sys.database_role_members drm
    JOIN sys.database_principals dp ON drm.member_principal_id = dp.principal_id
    JOIN sys.database_principals rp ON drm.role_principal_id = rp.principal_id
    WHERE dp.name = 'App-Name';
     
    4. If the connector fails while loading dynamic content, test with a simple manual SQL query action first, for example:
     
     
     
    SELECT TOP 1 * FROM dbo.YourTable
     
    This helps confirm whether the issue is authentication/connection or only metadata discovery.
     
    5. Check that the SQL Server has a Microsoft Entra admin configured. Without that, Entra authentication to Azure SQL can behave unexpectedly.
     
     
    6. If this is Azure SQL in Tenant B, also check whether Conditional Access, private endpoint, networking, or tenant restrictions are blocking the Power Platform connector backend.
     
     
     
    In short, I would first recreate the SQL connection using the exact server FQDN, database name, Tenant B tenant ID, Client ID, and Client Secret. Then test with a simple query action before using Get rows or dynamic table metadata.
     
    If it still fails after that, this may need Microsoft support because cross-tenant SQL connector + service principal authentication can fail at the connector connection layer before the query even reaches SQL.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Season of Sharing Community Challenge Launch!

Jump in, show your community spirit, and win prizes!

Kudos to our 2025 Community Spotlight Honorees

Expanding mentorship, skilling, and AI innovation

Congratulations to the May Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Automate

#1
Valantis Profile Picture

Valantis 377

#2
11manish Profile Picture

11manish 279

#3
David_MA Profile Picture

David_MA 234 Super User 2026 Season 1

Last 30 days Overall leaderboard