Hello, thank you for your interest.
An end-user (with the role of 'user' in Azure AD) was trying to use the "Azure AD - Get user" action in Microsoft Flow, and received the following error:
"You can't access this application Azure AD Connector - PowerApps and Flow needs permissions to access resuorces in your organization.
As a global admin, I was able to complete this.
I would like the end-user to be able to lookup user attributes from Azure AD to use in their Flow/SharePoint.
How do I assign the permission to the user in Azure AD (without giving them Global Admin role)?
I've searched for hours through the Docs web site to no avail. There are certain indications that I should be using RBAC within Azure AD, but no clear instructions.
Hello,
Any updates in this topic?
I cannot find which permissions I have to give so I can use Azure AD connector... (of course except of Global Admin)
I find this to be something Microsoft really hasnt thought about. We want to use service accounts in our flows and specific connectors like this AD connector, but there is absolutely no documentation anywhere that works in granting these service accounts the proper permissions. Everything that is currently posted (including the above) fails to work, unless of course there is some simple missing step.
Would appreciate ANYONE giving directions to solving this simple problem - User A need to be able to use the AD connector in power automate. What permissions - IN Azure does this user need and how to give them permission to use the connector. Using the "POST" option against the MSFT app doesnt work etc.
Mind blowing how something so basic can be made so dificult.
HI @Bassel, @JoeCrockett and @v-yamao-msft
I just searched to try to find a solution to a similar issue, and I think you need a "Directory.Read.All", based on the document below:
https://www.anupams.net/extended-attributes-azure-ad-ms-flow/
Please let me know if this solves your problem.
If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.
​
Cheers
Manuel
Hello every one,
Did you guys find any solution for managing access for individual users ?
Thank you in advance,
Thank you for the idea, sadly however, I tried this to no avail.
As it turns out, I now believe this to be part of the Microsoft Graph permissions, specifically a delegated permission. I haven't gotten it to work yet, but am focusing on finding 'some higher-privileged permissions require administrator consent.' How does one give consent to a non-administrative user. There doesn't appear to be any docs on it.
Also, this was a good document to read regarding Azure AD and permissions, but didn't provide any answers about my situation.
Hi JoeCrockett,
May this documentation about “Use Role-Based Access Control to manage access to your Azure subscription resources” could be a reference for you:
https://docs.microsoft.com/en-us/azure/active-directory/role-based-access-control-configure
I would suggest you post Azure Active Directory related issues on this forum, the reason why we recommend posting appropriately is you will get the most qualified pool of respondents. Thank you for your understanding.
https://social.msdn.microsoft.com/Forums/azure/en-US/home?forum=WindowsAzureAD%2CWindowsAzureAD
Best regards,
Mabel Mao
Michael E. Gernaey
497
Super User 2025 Season 2
David_MA
436
Super User 2025 Season 2
Riyaz_riz11
244
Super User 2025 Season 2