cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Bjarke
Level: Powered On

MFA and Invalid Connection in Flow

Hi,

 

I have a tenant in which MFA has been activated for all users. I have created a user to run all my flows, but the flows breaks after a while and the only message i see is "Invalid connection". I assume this is because of MFA. Are there anyway to handle this or do i have to disable MFA for that specific user ?

1 ACCEPTED SOLUTION

Accepted Solutions
PeterSelchDahl
Level: Powered On

Re: MFA and Invalid Connection in Flow

This solution should work for customers that use Microsoft Flow and service accounts for running the flow: https://blog.peterdahl.net/2018/01/09/microsoft-flow-and-azure-conditional-access-azure-mfa/

 

I still need feedback from Microsoft around a solution that will work for end-users.

 

/Peter Selch Dahl

10 REPLIES 10
Highlighted
Community Support Team
Community Support Team

Re: MFA and Invalid Connection in Flow

Hi @Bjarke,

 

I’m afraid that it might be caused by MFA authentication.


Please suggest your user try to refresh their connections to see if it will work.


There is a similar issue on this thread, Staff @TravisB has some suggestion on it. Please check it for more details:
https://powerusers.microsoft.com/t5/General-Flow-Discussion/Flow-Connections-error-due-to-Credential...


Best regards,
Mabel Mao

Community Support Team _ Mabel Mao
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
PeterSelchDahl
Level: Powered On

Re: MFA and Invalid Connection in Flow

This solution should work for customers that use Microsoft Flow and service accounts for running the flow: https://blog.peterdahl.net/2018/01/09/microsoft-flow-and-azure-conditional-access-azure-mfa/

 

I still need feedback from Microsoft around a solution that will work for end-users.

 

/Peter Selch Dahl

dbogda
Level: Power Up

Re: MFA and Invalid Connection in Flow

Peter's answer was the fix we needed to bypass Azure Conditional Access(MFA) in order to keep Flows running. In case anyone needs the Flow IPs formatted for MFA exceptions, here is the US list formatted and sorted. This is for the Logic App Service IP List from Peter's Flow Limits and Configuration link.

 

13.91.252.184/32

13.92.98.111/32

40.114.82.191/32

40.117.99.79/32

40.117.100.228/32

40.118.241.243/32

40.118.244.241/32

40.121.91.41/32

52.160.90.237/32

52.160.92.112/32

137.135.106.54/32

138.91.188.137/32

 

 

- Dan

https://www.disruption.consulting

PeterSelchDahl
Level: Powered On

Re: MFA and Invalid Connection in Flow

Smiley Very Happy Great to hear that it resolved your issue. I know that Microsoft is aware of the issue and that this solution is not the best in the world. I gets the job done for now Smiley Happy

helsby
Level: Powered On

Re: MFA and Invalid Connection in Flow

Only works if you have Azure AD premium though, otherwise you can't add a policy.

Another solution would be to support app passwords?

Lucas-Rojo
Level: Power Up

Re: MFA and Invalid Connection in Flow

Hi all,

 

Is this issue still current? If so, do we know if Microsoft is planning to solve this issue?

 

Thanks in advance for any insights.

 

KR,

 

Lucas

 

gtsmith
Level: Powered On

Re: MFA and Invalid Connection in Flow

Hi Peter - thanks for this post. Are you aware of any negative security consequences that could arise from bypassing MFA in this fashion?

rcheetha
Level: Powered On

Re: MFA and Invalid Connection in Flow

I'd take a guess that generally speaking it's never good practice to "bypass" security. So this is not a great workaround. Understandable if absolutely required to continue using Flows that are running key business processes/applications etc.

helsby
Level: Powered On

Re: MFA and Invalid Connection in Flow

Hi Lucas - I would say the problem is still current unless you pay up for the expanded Azure rights so allow conditional access.

I reduced the issue on my end by increasing the reprompt issue from 2 days to the maximum allowed. Not an ideal sitation by any means.

PeterSelchDahl
Level: Powered On

Re: MFA and Invalid Connection in Flow

Yes. This is in no way best practice from a security point of view. The workaround would allow potential hackers to execute code or task using Microsoft Flow without requiring to prove their identity using two factor authentication. I would also recommend using this solution as a last resort. I hope that Microsoft will find a solution for this issue. Many other Microsoft services are also strungling with delegated credentials / doing stuff on behalf of users as most of these require passive authentication flows. 

 

/Peter

Helpful resources

Announcements
firstImage

Microsoft Flow Online Conference

Join us for a FULL day of FREE Microsoft Flow Sessions from some of the best minds in the industry!

firstImage

Watch Sessions On Demand!

Continue your learning in our online communities.

Power Platform 2019 Release Wave 2 Plan

Power Platform 2019 Release Wave 2 Plan

Features releasing from October 2019 through March 2020

thirdimage

Flow Community User Group Member Badge

Fill out a quick form to claim your user group badge now!

thirdImage

New Flow Community Board!

Check out the new Microsoft Flow Community Blog Topic Suggestion board!

fifthimage

Microsoft Learn

Learn how to build the business apps that you need

sixthImage

Power Platform World Tour

Find out where you can attend!

seventhimage

Webinars & Video Gallery

Watch & learn from the Flow Community Video Gallery!

Users Online
Currently online: 47 members 4,470 guests
Please welcome our newest community members: