You’re offline. This is a read only version of the page.
4
Hello,
Does anyone know how to setup a Service Principal to access PowerApps in devops pipeline through connection service? Do we have to assign the Service Principal certain permissions?
Thank you
Do this: https://docs.microsoft.com/en-us/power-platform/alm/devops-build-tools
Worked for me. Note that the contained script is the only way the Back Up task worked for me. There is an API permissions set on App Reg via script that I don't think was available in the Az Portal doing it manually.
What's missing is a way to assign an additional 'owner' of the flow/app when importing. SP's as owners is less than ideal, as the Platform doesn't recognize a SP as an interactive user... you can't log in as an SP or license one. It's intended for system to system authentication.. which is what it's doing... but.......................
Hi @ericonline,
To specifically answer your two questions:
As @ToddShelton shows, it is now much easier than before (my older post) to add new application users 🙂
Hope this helps!
Generally you assign the System Administrator security role to the Application User. Setting up an Application User is a little different than setting up a regular user in that you need to start from the Application Users screen (D365 Online > PP Admin Center, not Power Apps Environment Admin) > Settings > Application Users > New app user > Add an app. Here's what it looks like on Dynamics CE server version: 9.2.22033.00156:
The application already has to exist in Azure Active Directory. The AAD application has to have Dynamics CRM impersonation permissions and user permissions (you can do this administratively for everyone):
If you can set up your application user this way there's no username or password needed in Dynamics--adding the application as an Application User just works. From there you can assign security roles normally.
To use this user in Azure Pipelines you map it to a Service Connection in Pipelines > Settings > Service Connections.
- What CDS security role is needed for Azure DevOps to export/import a Solution?
- Does the Service Principal need any specific permissions/roles?
@NigelP, not quite, what I was mentioning was for Service Connections in Azure DevOps. I know in Logic Apps, you can use a client ID and secret with the Common Data Service connector but I haven't tried with canvas apps. As for Power Automate, suggest to use the Common Data Service (current environment) connector which I don't think can be used with a client ID/secret yet.
You should submit the idea at: https://powerusers.microsoft.com/t5/Power-Apps-Ideas/idb-p/PowerAppsIdeas
Cheers
Hi @EricRegnier
Are you saying I can use ClientID and Secret for both PowerApps and PowerAutomate authentication ?
Where is this documented ?
Thanks
Nigel
You can now connect with a SPN (app ID, secret) with the new Power Platform service connection type! Make sure the URL is CDS/D365 organisation URL (<name>.crm<#>.dynamics.com) and not the usual "https://management.core.windows.net/".
I'm now using it and works like a charm!
Today I noticed a new Service Principal option on the Export Solution task in the pipeline editor. (Perhaps it was there before but I didn’t notice it.) I was able to use that option to a setup what appears to be a new service connection type specific to the Power Apps Build Tools (Before, I was using Generic service connection). I set that up and it worked just fine.
That new connection type option was also available for Import Solution tasks.
I didn’t notice it for the environment tasks (eg reset).
It’s setup as both
#1
WarrenBelz
109
Most Valuable Professional
#2
Michael E. Gernaey
82
Super User 2025 Season 1
#3
MS.Ragavendar
72
Share
Report
All responses (
Answers (
