I want to secure my flows by restrict IP address, tenant, group, users for HTTP - Request trigger.
1. Restrict in my company ipaddress to use my flows which trigger by HTTP - Request.
2. Restrict in my users of our Office 365 group to use my flows which the trigger by HTTP - Request and use from SharePoint - Flow menu.
Current, Anyone who know HTTP POST URL of the trigger, can use our Flows.
At SharePoint, When create Flow by template 'Complete a custom action for the selected item', the new flow by trigger HTTP - Request, and can use anyone who know HTTP POST URL.
Thank you for the idea, we will evaulate this.
@Jotad710 That's really not an alternative for the issue here. The issue is we have no way of securing our flows that are called by external services. For example I can't create a flow that takes some action on 365 without knowing that I can secure the incoming HTTP request and currently there's no way of doing that with flows.
This is very crucial for our Power Automate adoption process. Security control related to HTTP Requests is mandatory. Please consider implementing this soon.
May I ask if there is any update for this idea?
My organization have similar use case and concern.
@VincentWong The solution here is to use Azure Logic Apps instead for any flow that requires this restriction. Would be great if they add this to PA as well but doesn't seem like its happening any time soon
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.