Unanswered

Azure AD Connector in Flow

(1) Share

Report

Posted on by JoeCrockett

Hello, thank you for your interest.

An end-user (with the role of 'user' in Azure AD) was trying to use the "Azure AD - Get user" action in Microsoft Flow, and received the following error:

"You can't access this application Azure AD Connector - PowerApps and Flow needs permissions to access resuorces in your organization.

As a global admin, I was able to complete this.

I would like the end-user to be able to lookup user attributes from Azure AD to use in their Flow/SharePoint.

How do I assign the permission to the user in Azure AD (without giving them Global Admin role)?

I've searched for hours through the Docs web site to no avail. There are certain indications that I should be using RBAC within Azure AD, but no clear instructions.

Categories:

Building flows

I have the same question (0)

All responses (6)

Answers (0)

v-yamao-msft on at

Like (0)

Report

Hi JoeCrockett,

May this documentation about “Use Role-Based Access Control to manage access to your Azure subscription resources” could be a reference for you:
https://docs.microsoft.com/en-us/azure/active-directory/role-based-access-control-configure

I would suggest you post Azure Active Directory related issues on this forum, the reason why we recommend posting appropriately is you will get the most qualified pool of respondents. Thank you for your understanding.
https://social.msdn.microsoft.com/Forums/azure/en-US/home?forum=WindowsAzureAD%2CWindowsAzureAD

Best regards,
Mabel Mao

Was this reply helpful? Yes No
JoeCrockett 6 on at

Like (1)

Report

Thank you for the idea, sadly however, I tried this to no avail.

As it turns out, I now believe this to be part of the Microsoft Graph permissions, specifically a delegated permission. I haven't gotten it to work yet, but am focusing on finding 'some higher-privileged permissions require administrator consent.' How does one give consent to a non-administrative user. There doesn't appear to be any docs on it.

Also, this was a good document to read regarding Azure AD and permissions, but didn't provide any answers about my situation.

Was this reply helpful? Yes No
Bassel 23 on at

Like (0)

Report

Hello every one,
Did you guys find any solution for managing access for individual users ?

Thank you in advance,

Was this reply helpful? Yes No
manuelstgomes 6,625 on at

Like (0)

Report

HI @Bassel, @JoeCrockett and @v-yamao-msft

I just searched to try to find a solution to a similar issue, and I think you need a "Directory.Read.All", based on the document below:

https://www.anupams.net/extended-attributes-azure-ad-ms-flow/

Please let me know if this solves your problem.

If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.

Cheers
Manuel

Was this reply helpful? Yes No
Community Power Pla... on at

Like (0)

Report

I find this to be something Microsoft really hasnt thought about. We want to use service accounts in our flows and specific connectors like this AD connector, but there is absolutely no documentation anywhere that works in granting these service accounts the proper permissions. Everything that is currently posted (including the above) fails to work, unless of course there is some simple missing step.

Would appreciate ANYONE giving directions to solving this simple problem - User A need to be able to use the AD connector in power automate. What permissions - IN Azure does this user need and how to give them permission to use the connector. Using the "POST" option against the MSFT app doesnt work etc.

Mind blowing how something so basic can be made so dificult.

Was this reply helpful? Yes No
SebastianMusiol 44 on at

Like (0)

Report

Hello,

Any updates in this topic?
I cannot find which permissions I have to give so I can use Azure AD connector... (of course except of Global Admin)

Was this reply helpful? Yes No