Hi,
I have access to a Sharepoint site as a guest in the tenant of a project collaborator. I see that I can create a Flow as shown below:
As a test, I used a template flow that should send an email when a file is created:
I uploaded a file and the flow failed as follows in the Sharepoint trigger:
How is it possible that I have read & write access to this specific folder, but cannot create a trigger? It clearly sees the site because as soon as I upload a file, the flow runs and fails right away. Are there specific permissions that need to be enabled on our collaborator's tenant? We are already unable to use OneDrive sync as another example, and know that certain settings are not enabled on their Admin center:
This is making Sharepoint not really live up to the hype as a collaboration platform. Thanks.
Go through the steps mentioned in this video
https://www.youtube.com/watch?v=jKiRNc17tWs
If this answer is helpful plz subscribe to my channel Power Expertise for such content
>>How is it possible that I have read & write access to this specific folder, but cannot create a trigger?
I believe that flows are stored in a different location to the SharePoint libraries. The default location for flows is the organisation's default Power Platform environment, and they are stored in a Dataverse database (which is also where Approvals are stored too).
Ellis
Nothing as complex as that, as far as I know:
then add a new connection:
This new connection would be the connection selected for the flow.
Ellis
Oh ok understood (I think). Unfortunately not where I wanted this to go 🙂 So basically they have to create an app registration on Azure, add the "delegated" Sharepoint APIs (read, write, etc.) and then we use the credentials of that "service" account when creating flows that access Sp on their tenant. The complication though is the licensing part...it seems silly that you have to ask a 3rd party to do all this and provide a flow license. Does this sound right?
This is not something I have had to do yet, but it would be a matter of creating a new connection using the service account's Azure AD username and password for the connection. The service account would need the appropriate MS365 and Power Automate licenses, as well as permissions to the SharePoint list:
In my current dev tenant, the guest user is able to trigger events in SharePoint, but they cannot select and run flows The flows would need to use that connection.
Currently, a guest user can trigger a flow, but manually cannot select a flow to run:
Ellis
I just tried a manual flow instead of an automated flow but the Sharepoint connector to get all lists and libraries still failed with an "Unauthorized" error, so it doesn't have to do with whether it's "attended" vs "unattended" licensing. So it has to be some setting at the tenant admin level that is not granting the right level of permission.
Thanks for your response Ellis.
How can you configure flows to run using a service account though? Are we saying that a flow triggered by an event such as an email hitting the inbox or a file added/modified on Sharepoint is considered as "unattended" RPA and thus requires a license which I clearly would not have associated to this guest account? This is getting way too complicated.
In my organisation we are planning to do something similar, with guest users being able to trigger flows.
The way this has been explained to me by our MS solutions provider is that flows should be "configured" to run using a service account within the tenant. External users wont directly trigger the flows but their actions will, such as 'When an item is created’, ‘When an item is created or modified’ etc. This will only work if we are not using any Premium Connectors - so we wont need additional licenses. However, if you are using any Premium Connectors you will need at minimum a Power Automate Per User license to be pinned to the service account executing the flows.
Ellis
Thanks, the connection is seeing the Sharepoint site in the other tenant (it does not display in the pull-down list; I had to enter it manually, including the "Library Name", which seems to be the company GUID or something similar). At least the trigger did fire when a document was uploaded, but it failed to run to completion and pass data downstream as shown above.
So is this supposed to work and are there settings that need to be enabled in the tenant's Admin Center to make this possible? Or is it a limitation imposed by design for guest accounts? If it is the later, it is a fail IMO because it is anything but conducive to collaboration. Thanks.
Hi @dbaldacchino ,
I have tried and couldn't find a way to connect to another SharePoint tenant using my normal AAD account which is setup as a guest in that tenant. The connection you create seems to be tied to the AAD domain of your account.
I also have an account in that tenant and was able to have a flow that uses two connections
--------------------------------------------------------------------------
If I have answered your question, please mark my post as a solution
If you have found my response helpful, please give it a thumbs up
Connect on LinkedIn