Security - restrict HTTP - Request trigger by IP a...

yoshihirok · ‎08-08-2017

I want to secure my flows by restrict IP address, tenant, group, users for HTTP - Request trigger.

My scenario:

1. Restrict in my company ipaddress to use my flows which trigger by HTTP - Request.

2. Restrict in my users of our Office 365 group to use my flows which the trigger by HTTP - Request and use from SharePoint - Flow menu.

Secure:

Current, Anyone who know HTTP POST URL of the trigger, can use our Flows.

At SharePoint, When create Flow by template 'Complete a custom action for the selected item', the new flow by trigger HTTP - Request, and can use anyone who know HTTP POST URL.

Regards,

Yoshihiro Kawabata

yoshihirok · ‎08-22-2018

Thank you for your vote to this idea - Security - restrict HTTP - Request trigger by IP address, tenant, group, users .

Please comments your think, and your scenarios.

jsharma · ‎10-29-2018

Hi team,

We also have a similar requirement in which we want to enforce security on the HTTP POST URL to restrict access to this url.

Any ideas would be appreciated.

Thanks

Jyoti

Stephen · ‎12-21-2018

Thank you for the idea, we will evaulate this.

SamPo · ‎04-09-2019

@Stephen Are there any updates here? It is very difficult to build flows, especially those realted to personal data, without the option of restricting who can make calls to our HTTP endpoints.

Adding this feature would massivly increase the types of flows we can create. Today we are restricted due to this security vunerability.

Thanks

yoshihirok · ‎04-09-2019

Yes @Anonymous

The Security is a mandatory requirement to use the personal data.

Security - restrict HTTP - Request trigger by IP address, tenant, group, users

Make it possible to duplicate actions in a Flow

Copy action - time saver

Sharepoint Create Folder

set item level security in SharePoint

Need Triggers for Dynamics 365 Operation