cancel
Showing results for 
Search instead for 
Did you mean: 

Access Request options for canvas apps

Currently when an user dong have access to an app they can request access. and and email is generated to the owner for this. which is good. now what its missing is some more options like : 

 

change recipients of the access request email, the owner ( Developer) is not always the actual Owner of the application and this is manage by different people. therefore the ability to add a different user / Group / Distribution list to received that mail would be very good, 

 

in addition to this, customize a the message when someone tries to get access like contact xxxx@domain.com would also ba a nice add on. 

Status: New
Comments
JClarkeUK
New Member

This has been annoying me for a while so I thought up a solution until Microsoft actually allow us to edit the request access page.

Using Power Automate, link When a new email arrives to the owner of the App, I use a service account so that I don't have to see these requests at all, set the subject filter to match the subject of the app request.

 

JClarkeUK_8-1646271130895.png

 

 

Then do a Html to text conversion using the output from the when a new email arrives.

 

JClarkeUK_1-1646270145228.png

 

Next I use a compose action to get the email address that sent the access request, this is done by grabbing the contents between the 2 brackets ()

last(split(first(split(outputs('Html_to_text')?['body'],')')),'('))
JClarkeUK_2-1646270256912.png

Using the email address I send them an email with a link to an MS Form for them to request access, this also allows them to add more context such as why they require access.


JClarkeUK_3-1646270376225.png

Finally I delete the email, not required but I do it anyway

JClarkeUK_4-1646270444641.png

 

 

Then I have a second flow that runs when someone requests access to app through the MS Form this allows us to use an approval workflow. 

I use the email from the form submission to search for 1 user in the directory, it will only return 1 as only 1 person can have that email address. This gives me the UPN, if your company aligns UPN with email this is not needed, but we have some discrepancies. 

 

JClarkeUK_5-1646270625907.png

The next step is the approval workflow, send an approval to whoever should be in charge of the app requests.

JClarkeUK_6-1646270929615.png

 

Then once they approve add the user to an Azure AD - Microsoft 365 Security Group this is important, it has to be a security group as power apps do not allow the use of Microsoft 365 non security groups for permissions.

JClarkeUK_7-1646270987928.png

Final step, send them an email saying they have been granted access, 30 minutes is overkill usually only takes 1 minute but I'd rather avoid emails chasing.