cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Reply
Bjarke
Regular Visitor

MFA and Invalid Connection in Flow

โ€Ž01-05-2018 06:50 AM

Hi,

 

I have a tenant in which MFA has been activated for all users. I have created a user to run all my flows, but the flows breaks after a while and the only message i see is "Invalid connection". I assume this is because of MFA. Are there anyway to handle this or do i have to disable MFA for that specific user ?

Labels:
Message 1 of 12
16,695 Views
1 ACCEPTED SOLUTION

Accepted Solutions
PeterSelchDahl
Regular Visitor
In response to v-yamao-msft

โ€Ž01-09-2018 05:49 AM

This solution should work for customers that use Microsoft Flow and service accounts for running the flow: https://blog.peterdahl.net/2018/01/09/microsoft-flow-and-azure-conditional-access-azure-mfa/

 

I still need feedback from Microsoft around a solution that will work for end-users.

 

/Peter Selch Dahl

View solution in original post

Message 3 of 12
18,174 Views
11 REPLIES 11
v-yamao-msft
Community Support
Community Support

โ€Ž01-07-2018 10:07 PM

Hi @Bjarke,

 

Iโ€™m afraid that it might be caused by MFA authentication.


Please suggest your user try to refresh their connections to see if it will work.


There is a similar issue on this thread, Staff @TravisB has some suggestion on it. Please check it for more details:
https://powerusers.microsoft.com/t5/General-Flow-Discussion/Flow-Connections-error-due-to-Credential...


Best regards,
Mabel Mao

Community Support Team _ Mabel Mao
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Message 2 of 12
16,681 Views
0 Kudos
PeterSelchDahl
Regular Visitor
In response to v-yamao-msft

โ€Ž01-09-2018 05:49 AM

This solution should work for customers that use Microsoft Flow and service accounts for running the flow: https://blog.peterdahl.net/2018/01/09/microsoft-flow-and-azure-conditional-access-azure-mfa/

 

I still need feedback from Microsoft around a solution that will work for end-users.

 

/Peter Selch Dahl

View solution in original post

Message 3 of 12
18,175 Views
dbogda
New Member
In response to PeterSelchDahl

โ€Ž06-26-2018 10:45 AM

Peter's answer was the fix we needed to bypass Azure Conditional Access(MFA) in order to keep Flows running. In case anyone needs the Flow IPs formatted for MFA exceptions, here is the US list formatted and sorted. This is for the Logic App Service IP List from Peter's Flow Limits and Configuration link.

 

13.91.252.184/32

13.92.98.111/32

40.114.82.191/32

40.117.99.79/32

40.117.100.228/32

40.118.241.243/32

40.118.244.241/32

40.121.91.41/32

52.160.90.237/32

52.160.92.112/32

137.135.106.54/32

138.91.188.137/32

 

 

- Dan

https://www.disruption.consulting

Message 4 of 12
15,901 Views
PeterSelchDahl
Regular Visitor
In response to dbogda

โ€Ž07-02-2018 12:45 AM

Smiley Very Happy Great to hear that it resolved your issue. I know that Microsoft is aware of the issue and that this solution is not the best in the world. I gets the job done for now ๐Ÿ™‚

Message 5 of 12
15,880 Views
0 Kudos
helsby
Advocate I
Advocate I
In response to PeterSelchDahl

โ€Ž07-11-2018 09:52 AM

Only works if you have Azure AD premium though, otherwise you can't add a policy.

Another solution would be to support app passwords?

Message 6 of 12
15,831 Views
Lucas-Rojo
New Member
In response to helsby

โ€Ž08-07-2018 04:59 AM

Hi all,

 

Is this issue still current? If so, do we know if Microsoft is planning to solve this issue?

 

Thanks in advance for any insights.

 

KR,

 

Lucas

 

Message 7 of 12
15,611 Views
0 Kudos
gtsmith
Frequent Visitor
In response to PeterSelchDahl

โ€Ž08-09-2018 09:57 AM

Hi Peter - thanks for this post. Are you aware of any negative security consequences that could arise from bypassing MFA in this fashion?

Message 8 of 12
15,573 Views
rcheetha
Advocate I
Advocate I
In response to gtsmith

โ€Ž10-07-2018 10:40 PM

I'd take a guess that generally speaking it's never good practice to "bypass" security. So this is not a great workaround. Understandable if absolutely required to continue using Flows that are running key business processes/applications etc.

Message 9 of 12
15,002 Views
helsby
Advocate I
Advocate I
In response to Lucas-Rojo

โ€Ž10-08-2018 06:10 AM

Hi Lucas - I would say the problem is still current unless you pay up for the expanded Azure rights so allow conditional access.

I reduced the issue on my end by increasing the reprompt issue from 2 days to the maximum allowed. Not an ideal sitation by any means.

Message 10 of 12
14,987 Views
0 Kudos
PeterSelchDahl
Regular Visitor
In response to gtsmith

โ€Ž06-26-2019 03:38 AM

Yes. This is in no way best practice from a security point of view. The workaround would allow potential hackers to execute code or task using Microsoft Flow without requiring to prove their identity using two factor authentication. I would also recommend using this solution as a last resort. I hope that Microsoft will find a solution for this issue. Many other Microsoft services are also strungling with delegated credentials / doing stuff on behalf of users as most of these require passive authentication flows. 

 

/Peter

Message 11 of 12
12,840 Views
0 Kudos
TomDegler
Frequent Visitor
In response to PeterSelchDahl

โ€Ž09-14-2020 07:24 AM

Thank you!

 

It helped me to solve my problem!

 

Addresses for EU:

13.69.227.208/28
13.69.64.208/28
52.174.88.118/32
52.178.150.68/32
137.117.161.181/32

Message 12 of 12
5,320 Views
0 Kudos

Helpful resources

Announcements
Process Advisor

Introducing Process Advisor

Check out the new Process Advisor community forum board!

MPA User Group

Welcome to the User Group Public Preview

Check out new user group experience and if you are a leader please create your group

MBAS on Demand

Microsoft Business Applications Summit sessions

On-demand access to all the great content presented by the product teams and community members! #MSBizAppsSummit #CommunityRocks

MBAS Attendee Badge

Claim Your Badge & Digital Swag!

Check out how to claim yours today!

View All
Users online (30,622)