cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
cxiong
Regular Visitor

Service Principal setup

Hello,

 

Does anyone know how to setup a Service Principal to access PowerApps in devops pipeline through connection service? Do we have to assign the Service Principal certain permissions?

 

Thank you 

13 REPLIES 13
EricRegnier
Super User
Super User

Hi @cxiong,

Assuming this SPN requires access to Power Apps CDS, you can follow these steps:

  1. Create the object in Azure AD: https://docs.microsoft.com/en-us/powerapps/developer/common-data-service/walkthrough-register-app-az...
  2. Create the user in CDS and assign a security role: https://docs.microsoft.com/en-us/power-platform/admin/create-users-assign-online-security-roles#crea...
  3. You'll than need to create a generic service connection in Azure DevOps and use that connection with Power Apps Build Tools

 Hope this helps!

What do you use for the generic connection if you are setting it up as service principal? Do you only need to enter the app registration Secret in the Password/Token field?

I also had to create that user in Office 365 (no license assigned) and made sure that the CDS application user's username (service principal) was the same as in O365. I then use the O365 username and password in the generic service connection since unfortunately as of now, it doesn't seem to work with client ID and secret...

So you set it up as non-interactive user rather than as an application user?

It’s setup as both

Today I noticed a new Service Principal option on the Export Solution task in the pipeline editor. (Perhaps it was there before but I didn’t notice it.)  I was able to use that option to a setup what appears to be a new service connection type specific to the Power Apps Build Tools (Before, I was using Generic service connection).  I set that up and it worked just fine.


That new connection type option was also available for Import Solution tasks.

 

I didn’t notice it for the environment tasks (eg reset).

Hi @NewcombR@cxiong,

You can now connect with a SPN (app ID, secret) with the new Power Platform service connection type! Make sure the URL is CDS/D365 organisation URL (<name>.crm<#>.dynamics.com) and not the usual "https://management.core.windows.net/".

I'm now using it and works like a charm!

2020-06-07_19-27-40.png  

Hi @EricRegnier 

 

Are you saying I can use ClientID and Secret for both PowerApps and PowerAutomate authentication ?

 

Where is this documented ?

 

Thanks

 

Nigel

@NigelP, not quite, what I was mentioning was for Service Connections in Azure DevOps. I know in Logic Apps, you can use a client ID and secret with the Common Data Service connector but I haven't tried with canvas apps. As for Power Automate, suggest to use the Common Data Service (current environment) connector which I don't think can be used with a client ID/secret yet.

You should submit the idea at: https://powerusers.microsoft.com/t5/Power-Apps-Ideas/idb-p/PowerAppsIdeas

Cheers

Helpful resources

Announcements
Ignite 2022

WHAT’S NEXT AT MICROSOFT IGNITE 2022

Explore the latest innovations, learn from product experts and partners, level up your skillset, and create connections from around the world.

Power Apps Africa Challenge 2022

Power Apps Africa Challenge

Your chance to join an engaging competition of Power Platform enthusiasts.

Users online (4,752)