Managed entity based security when using Entra create user connector

Hi,

We have a power automate flow from where we are calling Entra create user connector. https://learn.microsoft.com/en-us/connectors/azuread/#create-user

We are currently using connection based login which is created when we import the solution/flow in the environment.

Is it possible to use managed entity with connectors or I need to use MS Graph API from power automate for that?

Any standard Microsoft document around this will be very helpful.

Cheers

Categories:

Licensing

You are using Power Automate to create Entra ID (Azure AD) users using the built-in Azure AD connector. This connector uses user-based connection, and you want to replace it with a more secure method like managed identity or service principal. Azure AD connector does not support managed identity or service principal.

1. Azure AD connector only supports user login, not service principal or managed identity
2. To use service principal or managed identity, stop using Azure AD connector
3. Instead, use HTTP action in Power Automate
4. Register an app in Azure AD (Azure portal → App registrations → New registration)
5. After app is created, go to API permissions → add Microsoft Graph → Application permissions → select User.ReadWrite.All → click Grant admin consent
6. Go to Certificates & Secrets → create new client secret → copy the value (you’ll need this in flow)
7. Go to Overview → copy Application (client) ID and Directory (tenant) ID
8. In Power Automate, add HTTP action
9. First, get token using below HTTP request

   Method: POST
   URL: https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/token
   Headers:
   Content-Type: application/x-www-form-urlencoded
   Body (x-www-form-urlencoded):
   client_id=<client-id>
   scope=https://graph.microsoft.com/.default
   client_secret=<client-secret>
   grant_type=client_credentials

10. From above response, store access_token using Parse JSON
11. Add another HTTP action to create user using below details

   Method: POST
   URL: https://graph.microsoft.com/v1.0/users
   Headers:
   Authorization: Bearer <access_token>
   Content-Type: application/json
   Body (raw JSON):
   {
   "accountEnabled": true,
   "displayName": "Ravi Kumar",
   "mailNickname": "ravik",
   "userPrincipalName": "ravik@yourtenant.onmicrosoft.com",
   "passwordProfile": {
       "forceChangePasswordNextSignIn": true,
       "password": "TempPass@123"
   }
   }
12. Run the flow and user will be created using app identity, not user connection
13. This setup uses service principal (app registration), not managed identity
14. If you want to use managed identity, flow must run in Azure Logic Apps or hosted environment that supports it

Quick Links

Leaderboard