cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
cxiong
Regular Visitor

Service Principal setup

Hello,

 

Does anyone know how to setup a Service Principal to access PowerApps in devops pipeline through connection service? Do we have to assign the Service Principal certain permissions?

 

Thank you 

10 REPLIES 10
EricRegnier
Super User
Super User

Hi @cxiong,

Assuming this SPN requires access to Power Apps CDS, you can follow these steps:

  1. Create the object in Azure AD: https://docs.microsoft.com/en-us/powerapps/developer/common-data-service/walkthrough-register-app-az...
  2. Create the user in CDS and assign a security role: https://docs.microsoft.com/en-us/power-platform/admin/create-users-assign-online-security-roles#crea...
  3. You'll than need to create a generic service connection in Azure DevOps and use that connection with Power Apps Build Tools

 Hope this helps!

What do you use for the generic connection if you are setting it up as service principal? Do you only need to enter the app registration Secret in the Password/Token field?

I also had to create that user in Office 365 (no license assigned) and made sure that the CDS application user's username (service principal) was the same as in O365. I then use the O365 username and password in the generic service connection since unfortunately as of now, it doesn't seem to work with client ID and secret...

So you set it up as non-interactive user rather than as an application user?

It’s setup as both

Today I noticed a new Service Principal option on the Export Solution task in the pipeline editor. (Perhaps it was there before but I didn’t notice it.)  I was able to use that option to a setup what appears to be a new service connection type specific to the Power Apps Build Tools (Before, I was using Generic service connection).  I set that up and it worked just fine.


That new connection type option was also available for Import Solution tasks.

 

I didn’t notice it for the environment tasks (eg reset).

Hi @NewcombR@cxiong,

You can now connect with a SPN (app ID, secret) with the new Power Platform service connection type! Make sure the URL is CDS/D365 organisation URL (<name>.crm<#>.dynamics.com) and not the usual "https://management.core.windows.net/".

I'm now using it and works like a charm!

2020-06-07_19-27-40.png  

Hi @EricRegnier 

 

Are you saying I can use ClientID and Secret for both PowerApps and PowerAutomate authentication ?

 

Where is this documented ?

 

Thanks

 

Nigel

@NigelP, not quite, what I was mentioning was for Service Connections in Azure DevOps. I know in Logic Apps, you can use a client ID and secret with the Common Data Service connector but I haven't tried with canvas apps. As for Power Automate, suggest to use the Common Data Service (current environment) connector which I don't think can be used with a client ID/secret yet.

You should submit the idea at: https://powerusers.microsoft.com/t5/Power-Apps-Ideas/idb-p/PowerAppsIdeas

Cheers

Helpful resources

Announcements
UG GA Amplification 768x460.png

Launching new user group features

Learn how to create your own user groups today!

Microsoft Ignite 768x460.png

Find your focus

Explore the latest tools,training sessions,technical expertise, networking and more.

Community Connections 768x460.jpg

Community & How To Videos

Check out the new Power Platform Community Connections gallery!

Welcome Super Users.jpg

Super User Season 2

Congratulations, the new Super User Season 2 for 2021 has started!

Carousel 2021 Release Wave 2 Plan 768x460.jpg

2021 Release Wave 2 Plan

Power Platform release plan for the 2021 release wave 2 describes all new features releasing from October 2021 through March 2022.

Users online (2,576)