web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Automate / Authorisation issues d...
Power Automate
Suggested Answer

Authorisation issues due to expired token while using service account

(0) ShareShare
ReportReport
Posted on by GilbertS 54
Hi,
 
We got an issue with expired token while using a service account for all steps in the flow. However the result differs by whom is triggering the flow. Some got the error:
"The Graph API rejected the access token because it has expired or is not yet valid."
However not all people have this issue. Apparently there is a connection between the person who is triggering the flow and the service account which is used for all connections. Next to that I understood the policy for service account is also changing due to MFA. How can we organize that our flows keep on working regardless of the person who is triggering the flow and regardless of MFA for service accounts? This should be standard way-of-working for automated flows. These should not be connected to any fyiscal person.
Categories:
Building flows
I have the same question (0)
  • Suggested answer
    rzaneti Profile Picture
    rzaneti 4,249 Super User 2025 Season 2 on at
    Hi,
     
    You can find this kind of issue when your account tokens are refreshed. It can happen when a password is changed, for example. 
     
    About MFA, you can disable it for service accounts in Azure Entra ID. I temporarily did it some weeks for testing a solution that required a user token. Before moving forward with this approach, I recommend you to double check any cybersecurity concerns related to it (as I disabled it just temporarily, it wasn't a problem for me). 
     
    If you are mostly working with Graph requests rather than actions, you can set up an App Registration to manage the authentication process, so your HTTP requests won't rely on your service account access token. 
     
    If you are not comfortable in managing the MFA for the service accounts, you can work with a service principal as an alternative. Here is the official docs about the service principal for Power Automate: https://learn.microsoft.com/en-us/power-automate/service-principal-support
     
    The limitation of service principal is that it doesn't accept a Power Automate Per User license, which can be a problem depending on how your organization uses an manage its flows. 
     
    Let me know if it works for you or if you need any additional help!
    -------------------------------------------------------------------------
    If this is the answer for your question, please mark the post as Solved.
    If this answer helps you in any way, please give it a like.
     
  • GilbertS Profile Picture
    GilbertS 54 on at
    @rzaneti, thanks for your help. But I understood as of October 15th Service Accounts also are enforced to set MFA. We run our service account already for 2 years without MFA. Can we bypass this enforcement or do we need to set it up? And can the service prinicpal owner be used for our flows since they are on user license plans and most of them has premium connectors. Our flows are triggered mostly via PowerApps, Dataverse reaction or planned on time. And we use connectors like MS Outlook, Teams, Sharepoint, Word Online, OneDrive, Dataverse and Mail.
  • rzaneti Profile Picture
    rzaneti 4,249 Super User 2025 Season 2 on at
    Hi,
     
    I did some research and you are correct about the MFA enforcement by Microsoft, starting Oct 15th. However, this enforcement is required only for accessing the Admin Portals, like Azure, Intune and Entra ID. Here is the official announcement:
     
     
     
    And here there is a list of the applications affected by this enforcement:
     
     
    Although it affects the service accounts, you are still able to have some accounts without MFA enabled, but these users won't be able to access the Admin portals. So it technically won't affect your flows. In any case, if you are not comfortable with the enforcement, it's possible to apply for postponing the enforcement date to March 15th 2025 (highlighted in green above), so you can have more time for planning what to do (and to monitor the feedback of other users with similar issues that didn't apply for postpone).
     
    Finally, Microsoft docs confirms that MFA enforcement applies exclusively to users that access the platforms listed above:
     
     
    If you need to access data from any of these portals within your flows, then you should consider to use an HTTP request combined with an App Registration (as the registration happens in the Azure Portal, you would need to execute it with an MFA enabled account). 
     
    Let me know if it works for you or if you need any additional help!
    -------------------------------------------------------------------------
    If this is the answer for your question, please mark the post as Solved.
    If this answer helps you in any way, please give it a like.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!

Quick Links

Forum hierarchy changes are complete!

In our never-ending quest to improve we are simplifying the forum hierarchy…

Ajay Kumar Gannamaneni – Community Spotlight

We are honored to recognize Ajay Kumar Gannamaneni as our Community Spotlight for December…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Automate

#1
Michael E. Gernaey Profile Picture

Michael E. Gernaey 525 Super User 2025 Season 2

#2
Tomac Profile Picture

Tomac 324 Moderator

#3
abm abm Profile Picture

abm abm 232 Most Valuable Professional

Last 30 days Overall leaderboard

Featured topics

Share your ideas and struggles with building Power Automate flows!
Survey: Power Automate mobile app
How to Ask for Help with Your Power Automate Workflow
Flows are not visible for users who sign in with their personal accounts
Start and wait for an approval action
Restore a deleted flow
List of actions cheat sheet for Power Automate Desktop
Question for everyone : How are you using Create Text GPT in AI Builder?
Welcome to the Power Automate forum!

Product updates

Microsoft Power Platform Community release plans