cancel
Showing results for 
Search instead for 
Did you mean: 

Security - restrict HTTP - Request trigger by IP address, tenant, group, users

I want to secure my flows by restrict IP address, tenant, group, users for HTTP - Request trigger.

 

My scenario:

1. Restrict in my company ipaddress to use my flows which trigger by HTTP - Request.

2. Restrict in my users of our Office 365 group to use my flows which the trigger by HTTP - Request and use from SharePoint - Flow menu.

 

Secure:

Current, Anyone who know HTTP POST URL of the trigger, can use our Flows.

At SharePoint, When create Flow by template 'Complete a custom action for the selected item', the new flow by trigger HTTP - Request, and can use anyone who know HTTP POST URL.

 

Regards,

Yoshihiro Kawabata

 

 

 

 

Status: Under Review

Thank you for the idea, we will evaulate this.

Comments
Impactful Individual

@Jotad710 That's really not an alternative for the issue here. The issue is we have no way of securing our flows that are called by external services. For example I can't create a flow that takes some action on 365 without knowing that I can secure the incoming HTTP request and currently there's no way of doing that with flows.

Frequent Visitor

This is very crucial for our Power Automate adoption process. Security control related to HTTP Requests is mandatory. Please consider implementing this soon.