Notifications
Announcements
Our security officer want to forbidden service accounts in our organisation. I am just wondering how people using Power Apps. Are you using your personal account or a service account? What are the cons of running under a personal account?
I am talking about business critical Power Apps for a department or project team.
For good security (and to comply with Microsoft licencing agreements) you are supposed to have one account per person. If your tenant turns on two-factor authentication and people are using shared accounts, you would quickly learn how widely some passwords have been shared. Shared passwords are an open invitation to security problems. The only major con to individual accounts is the cost of licencing. If it's "business critical" shouldn't it be well-protected?
Maybe I was not clear. I am talking about the owner of the Power App and the useraccount where the connections are running under.
I see multiple cons when the owner of a Power App is a personal account:
My apologies, I misunderstood and wasted your time.
Consider a few things to help with your concerns:
As an external user, the person is added to your org's Azure Active Directory. However, they are identified as an external user and have limited privileges.
When I do this for my customers, I frequently use both an internal and an external account.
Hope this helps!
I am global admin. I know it is possible to add my global admin account to all PowerApps builded by our IT provider. But there will come some time I will leave this organisation. My global admin account will be deleted because it personal for me.
If I create a new account for the IT provider I have the same problem. That guy from the IT provider can leave hes organisation and there will come a new guy.
It looks like that a service account is the best solution, but we dont like service accounts from security risks.
I see why accounts held by outside service providers carry additional risk. Perhaps this is an opportunity to make sure your company's IT governance framework addresses these kinds of items? For example, you can disable the service provider's account as soon as they are done their work for you.
@BCLS776 I don't see this question as asking about outside service providers. Seems like "service account" here is used to indicate an account that is not tied to an individual. The idea is that, for mission critical processes, the complication of moving flows and apps from user to user whenever a user leaves the company is too easy to mess up, leaving service gaps if any app or flow is forgotten. Not only is it too easy to mess up, it's too time consuming. Having all mission critical apps and flows running under one account that can run in perpetuity, regardless of employees coming and going, is the best way to build for continuity of service. The issue lies in the glaring security hole this opens up.
@KLD , I'm with you on this. The Power Platform Center for Excellence (CoE) is an attempt from Microsoft to mitigate this issue. Users who are not global admins can be given specific admin rights for specific environments that allow them to move apps and flows from user to user. Basically crowd-sourcing the added work of moving apps between accounts to ensure that critical processes keep running. I'm not 100% certain on this last bit, perhaps @BCLS776 can let us know. I think that using the CoE would allow you to move apps and flows under a service account without actually needing the password to that service account. Your Admin could create the service account and give the password to nobody. You or the admin could then move apps and flows to run under that account without actually logging in under that account's credentials.
Under review
Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.
In our never-ending quest to improve we are simplifying the forum hierarchy…
We are honored to recognize Ajay Kumar Gannamaneni as our Community Spotlight for December…
These are the community rock stars!
Stay up to date on forum activity by subscribing.
WarrenBelz 721 Most Valuable Professional
Michael E. Gernaey 320 Super User 2025 Season 2
Power Platform 1919 268
