Skip to main content
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Apps - Power Apps Governance and Administ... / Pipeline Assign owner ...
Power Apps - Power Apps Governance and Administ...
Unanswered

Pipeline Assign owner other than Service Principal

(0) ShareShare
ReportReport
Posted on by byrnep 218

Followed this Dev ops build tools setup, and while it works there is a critical step missing, which is to be able to assign a real AD User account as the owner of the flow/app.

 

https://docs.microsoft.com/en-us/power-platform/alm/devops-build-tools

 

Anyone have the guidance on how to do this as part of the pipeline? 


The only option I see is to go with an AD User account as a 'service account', no MFA, no password policy, licensed for PPlatform, and set it up as the credentials as a Generic Service Connection.  Presumably this will set the owner of the flow/app to the account the service connection is using, which will be a proper AD user account.  This would allow the flows/apps to work as a 'regular' user had created them.

 

 

Categories:
Management
  • byrnep Profile Picture
    byrnep 218 on at
    Re: Pipeline Assign owner other than Service Principal

    True for child flows.  However when using the pipeline tools the owner is the sp for all power platform artifacts.  Automate flows (not instant), apps etc.  The UX vs pipeline tools/cli/automate flows, also don't match functionally for owner assignment either at the moment.


    To make it even more interesting, connectors are going to be SP enabled in Sept. Service principal support for connectors - Power Platform Release Plan | Microsoft Docs

     

    I'd say ALM is going to be 'interesting' unless MS is leaving the licensing in the grey area for now.  SP's are Azure entities really, not people and can't be licensed with the current model (more relevant for primary ownership).  What I do see potentially happening is the PAYG model which is an AZ subscription billing policy being used with ALM. 

     

    To me, it feels like there is another tier coming:

     

    1) Personal Productivity/small team (current options fit here) 'low code'

    2) Project/high business value/Complex needs ALM 'low code' <---- NEW

    3) Azure services (functions, APIM, Cognitive services) Project/high business value/Complex needs ALM 

     

    byrnep_1-1657808714544.png

     

     

  • Ionaaa Profile Picture
    Ionaaa 94 on at
    Re: Pipeline Assign owner other than Service Principal

    Actually, the licensing when a SP is the owner is not so straightforward. You have seeded licensing, meaning for example if the flow is part of a Power App, the user using the app would be required to have appropriate licensing and that would leverage through to the SP in place, so it also depends on the application itself. SP licensing was and is still a pain for MSFT but basically an SP is still a user in Azure as it resides in AAD and has an object ID, so even then you could leverage it with premium licensing or even use NPA accounts.

     

    Besides the licensing for ‘the SP’, a lot af actions and other things happening are via delegation, so again checks on user licensing.

     

    Complex area, where lots of things “should be”, but worked differently in practice.

  • byrnep Profile Picture
    byrnep 218 on at
    Re: Pipeline Assign owner other than Service Principal

    It may remove individualism, but the licensing until June required a licensed AD user for Automate flows that run as Owner licensing.  To build and run anything in Power Platform you need different licenses, but licenses none the less.  This means that while a SP could be assigned, you 'should' have had a licensed user as the owner.

     

    I don't know why the option was there to deploy/import with SP in the first place if it would negatively affect the licensing.  I'm guessing it just wasn't enforced for SP's from the beginning.

     

    That seems to have changed as of June 2022. https://docs.microsoft.com/en-ca/power-platform-release-plan/2022wave1/power-automate/ownership-supported-service-principals

     


    As a note you can also assign AD groups as owners for Apps/Flows, which again, I don't know how that works for licensing, other than that I would imagine at least one person in the group being correctly licensed.

     

    However, when you take into account the Power Platform Request limitations, it gets more confusing.  Who's account are the requests going against?

     

    ALM for Power Platform is the right solution to work with Power Platform in a Pro or even organized way, but it leverages a lot of techinques, that while possible seem to violate what you can do as a standard licensed user.

  • Ionaaa Profile Picture
    Ionaaa 94 on at
    Re: Pipeline Assign owner other than Service Principal

    The whole idea of the ALM approach you are mentioning is to have the app as owner, since it removes individualism. If you need to have an owner, you can use the CLI and create an auth profile and use that profile to create/import stuff, as this will attach components to the profile, in this case, a user.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities

Quick Links

Paul Stork – Community Spotlight

We are honored to recognize Paul Stork as our July 2025 Community…

Congratulations to the June Top 10 Community Leaders!

These are the community rock stars!

Announcing the Engage with the Community forum!

This forum is your space to connect, share, and grow!

Leaderboard > Power Apps

#1
WarrenBelz Profile Picture

WarrenBelz 791 Most Valuable Professional

#2
MS.Ragavendar Profile Picture

MS.Ragavendar 410

#3
mmbr1606 Profile Picture

mmbr1606 275 Super User 2025 Season 1

Last month Overall leaderboard

Featured topics

Product updates

Microsoft Power Platform Community release plans