You’re offline. This is a read only version of the page.
Hi,
We recently migrated our deployment pipeline into Azure DevOps using the Power Platform build tools, running into an issue with regards to canvas app ownership:
We migrate the solution from dev to test as expected, all components work just fine, except I cannot, as the system admin, access the Canvas App.
Looks like all components of the solution are 'owned' by the application user in the environment (the one connected to the service principle in Azure DevOps.)
This includes the canvas app, such that in the imported Power Apps solutions I can see:
Canvas App: MyAppName
Owner: ApplicationUser
Problem is, as the system admin for the environment, I can't access the Canvas app, as it has not been shared with me.
With the application user being a service account, I also don't know how to share the canvas app.
My workaround has been to remap ownership of the application using Power Automate. I migrate ownership from Application User -> System Admin for that environment, and then share the app in the normal way.
However, this isn't something I'd like users doing every time we have to import an upgraded solution.
Moreover, I'm unsure how changing the owner affects importing newer versions of the solution. I definitely don't want users to have to run a flow everytime a solution is imported, just to be able to access the canvas app.
Hopefully I'm missing something and would really appreciate some clarity here.
Thank you
Hi @EricRegnier
I am not sure if you last response was meant for me, assume yes.
Consistent with the responses above in this thread, my goal to to have this automated using Azure DevOps so it is completely 'hands off'. I don't want to be manually configuring each tenant environment post deployment to change the owner of components within the solution (there will be ~20 different tenants I am deploying to).
Even when I manually use the Maker Portal to update the connection references, I am able to do this on all connection references (Maker, Dataverse, Office 365 groups, SharePoint etc) EXCEPT for 'Power Apps Notifications V2'. The 'Power Apps Notifications V2' connection reference doesn't have a user in the dropdown menu when trying to edit the connection reference (The other connection references above did have). Then when I try to edit/run the App, I get the modal attached below with the 'Allow' button greyed out.
I am really struggling with how to get this all working in the target environment once deployed.
Thanks again.
Hi @jzia93, As a system admin you can add yourself or anyone as the owner in the Power Platform Admin Center (aka.ms/ppac). Pick your environment --> Resources --> then pick "Power Apps" --> Select ellipse on the app --> Share --> search/add yourself:
Hope this helps!
Hi @EricRegnier
Sorry for the reply to old post. I have all the same issues with my pipelines that are running using service principal. I have been able to resolve App owners and Flow owners with PowerShell PowerApps Cmdlets, however stumbling with Connection Reference owners.
In the
Hi @DanyilVol, Connecting with a SPN now works Add-PowerAppsAccount!
Hi @EricRegnier Did you get any response from Microsoft Support?
Hi @hackondor, I'm using a service account and I don't believe it's supported yet with a SPN. It's strange though that the documentation you sent says you can! Maybe it's now available, but only in some region?.. I would submit a Microsoft support ticket to get more info. Keep us posted, cheers!
Hi @EricRegnier , i'm using service principal, so i can use the the function below:
Add-PowerAppsAccount
-Endpoint "tip1"
-TenantID [Guid]
-ClientSecret ABCDE]NO_8:YDLp0J4o-:?=K9cmipuF@
-ApplicationId [Guid]
But i have no response after running my script, do i still have the same issue below :
Your pipeline needs to authenticate and execute the scripts with a service account that has MFA disabled. I configure the pass and username in pipeline variable (and variable groups of shared across pipelines).
Specifically this part:
# Here is how you can pass in credentials
$pass = ConvertTo-SecureString "password" -AsPlainText -Force
Add-PowerAppsAccount -Username user@contoso.com -Password $pass
Hi @EricRegnier We can't execute the script from the pippline as a task because the MFA blocking the access, do you have any workround for this ? Thank's
In ADO, you’ll need a PowerShell task with either inline or script file. Use the “Set-FlowOwnerRole” for a flow or “Set-PowerAppRoleAssignment” for a canvas app. Don’t forget to authenticate before setting the owner with the “Add-PowerAppsAccount” command
https://docs.microsoft.com/power-platform/admin/powerapps-powershell#installation
hope this helps!
#1
WarrenBelz
637
Most Valuable Professional
#2
stampcoin
570
Super User 2025 Season 2
#3
Power Apps 1919
473
Share
Report
All responses (
Answers (
