App registration in Azure - set it up to own Power Automate flows
What is a Service Principal in Power Platform?
A Service Principal is a non-interactive account that facilitates connections to Dataverse and the management of flows. Essentially, this “User” is an Azure App, which is employed within the Power Platform to take ownership of Power Automate flows. It’s important to note that you cannot log in with a Service Principal or interact with it as you would with a typical Azure AD User.
This article will help you set up an App Registration in Azure, which you can later use as a Service Principal for managing flows.
Please remember that you need access to the Azure Portal to initiate and configure an App Registration in Azure. So, please make sure you have the necessary permissions before proceeding with the setup.
Service Principal - this is a series!
Hey! This is a series of three articles regarding a Service Principal.
- Set up Service Principal in Azure to work with Power Platform – this article shows you how to set up an App Registration in Azure to work with Power Platform
- Own and run Power Automate flows with Service Principal – this article, on the other hand, discusses how to register a Service Principal in Power Platform and how to own and run flows in Power Automate
- Use a Service Principal to run Dataverse actions in Power Automate – the last one of the series discusses how Dataverse actions can run with a Service Principal so users don’t need to use their personal accounts to authenticate.
Set up App Registration in Azure Portal
To start, open Azure Portal via the link: https://portal.azure.com/#home. Then, you should see the “App registrations” icon. If you can’t locate the icon, just type the “App registration” phrase in the search.
If you can’t locate the icon, type the “App registration” phrase in the search.
Now, after you enter “App registrations”, press the “+ New registration” button.
Provide a name for your App and choose “Accounts in this organization directory..”. This option is a default one. We do not want to integrate with other tenants, so we stick to this choice. After that, press “Register”. The button is available at the bottom of the site.
Done! Our application has just been registered. Now what? After registering the app, we must provide permission for Power Automate – because we want this App to own and manage our flows.
Go to “App registrations” again and find your application.
Open it and choose “Api permissions” from the left pane.
Click “+ Add a permission”.
From the list choose “Power Automate”.
Choose the permission I’ve chosen here:
- User – Access Power Automate cloud flows.
- Activity.Read.All – Allows to read activities in Power Automate
- Flows – Allows to read and manage Power Automate cloud flows and also read and modify flows permissions
- Manage.All
- Read.All
- Read.Plans
- Write.Plans
This is the final list of permissions for this Service Principal.
This app is ready to be used as a Service Principal in Power Platform to own Power Automate cloud flows.
We don’t need to provide a Client Secret for this app, because we will not be using it with Dataverse. We want to own and manage flows with it. The actions I’ve shown you in this article are sufficient to accomplish this goal.
Summary
It wasn’t hard, was it? Application registration is incredibly versatile, extending beyond the realm of Power Automate. It is frequently employed in Custom Connectors as well. Understanding the advantages of this feature in both Power Platform and Azure equips you with the ability to harness its strengths. I trust you gained valuable insights from this article.
So, finally, we are at this point where I should thank you for your time and reading this article. Feel free to rate this article and comment if you liked it. If you have any questions, feel free to contact me (via contact@poweruniverse.org), but first, you may be interested in joining a Newsletter. Hmm? (Sign up here) If you already did, wow, thanks, thanks a lot 
Via Newsletter, I am sharing insights into my work, plans for upcoming weeks, and knowledge about the Power Platform Universe and the IT world. If you are interested, feel free to join! I am going to send the latest Newsletter to everyone who enters!
See you!
Daniel Ciećkiewicz
I am a Senior Power Platform Consultant focused on Dataverse, Power Apps, and Power Automate. I was also a Team Leader responsible for the Power Platform Team and their development paths.
In my private life, I like video games, sports, learning & gaining knowledge, and a taste of good Scotch Whisky!
Ooo, I almost forgot, I love our Polish Tatra Mountains!
Power Apps Licensing Explained
Power Apps Licensing – this is something every Power Platform expert must know. In this article I will walk you through the cons and pros of available plans.
Understand Delegation in Power Apps
In this article I will walk you through delegation in Power Apps and I will show you many interesting concepts how to work with delegation and understand Delegation in Power Apps!
Connection vs connection reference in Power Platform
In this article I will tell you what is the difference between connection and connection reference in Power Platform. It is very good to know the advantages.
Overview of a Tenant Isolation in the Power Platform
What is Tenant Isolation in the Power Platform? How does it work and how do you know it will be good for your organization? Check the article!
The most interesting Power Platform features of 2024 – Wave 1 update
Do you want to know what updates are coming in 2024? This article will tell you more about incoming updates for Power Platform in Wave 1.
Use a Service Principal to run Dataverse actions in Power Automate
Do you want to learn how to use a Service Principal to work with Dataverse actions in Power Automate? This article is for you. Check it out.
Overview of a Tenant Isolation in the Power Platform
What is Tenant Isolation in the Power Platform? How does it work and how do you know it will be good for your organization? Check the article!
The most interesting Power Platform features of 2024 – Wave 1 update
Do you want to know what updates are coming in 2024? This article will tell you more about incoming updates for Power Platform in Wave 1.
[…] my previous article, Set up Service Principal in Azure to work with Power Platform, I discussed this topic. Please go and check it out! It not only discusses the Service Principal […]
[…] my previous article, Set up Service Principal in Azure to work with Power Platform, I discussed this topic. Please go and check it out! It not only discusses the Service Principal […]
Why do we need here assigning API Permissions from the “Power Automate”? Is it really required for registered app to be owner of the flow?
Hi John,
Yes – You must do as this article says. My source of knowledge is Microsoft Learn, which is Microsoft’s documentation. You must apply these permissions for this to work.
Could you please share with the link to this MS Learn page? I can not find those recommendations. For example I created a Connection for the Dataverse OOTB connector without CRM API Permission and it worked like a charm. So I am wondering if in this scenario is requried as well?
I did a test yesterday and I was able to run the flow (and the child flow inside) where the owner was a service principal but without any granted API Permissions. I think that those permissions are needed for the custom connector or application but if it is used for example within Microsoft Dataverse connector it works “somehow” under the hood.