cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Helpful
Resolver III
Resolver III

Managed solution with Connection References and Service Principal connections

Hi All,

I'm finding the scenario below harder than I think it should be and I'm wondering if I'm missing something.  Please weigh-in with any insights.

Assume two environments in the same tenant: DEV (unmanaged solution environment) and TEST (managed):

  • Create and configure a new Application User for use in both environments - call it "SPN Flow Execution"
  • In DEV, create a new unmanaged solution - call it "Demo Solution"
    • Add a Flow to the solution - call it "Demo Flow"
      • Trigger:
        • "When a record is selected"
        • Create a new SPN-based connection to Common Data Service - call it "DEV SPN CDS Connection"
        • Account entity or whatever you like
      • Action:
        • "Create a new record"
        • Create a new SPN-based connection to Common Data Service (current environment) - call it "DEV SPN CDS (current) Connection"
        • Create a new Account and add static values for required fields
    • Add a Connection Reference (preview) to the solution - call it "Demo CDS Connection"
      • Connector: Common Data Service
      • Connection: DEV SPN CDS Connection
    • Add another Connection Reference (preview) to the solution - call it "Demo CDS (current) Connection"
      • Connector: Common Data Service (current environment)
      • Connection: DEV SPN CDS (current) Connection
    • Update Flow Trigger and Action to use appropriate Connection References
    • Publish and export solution as managed

In TEST, import solution and see where things start to break down...

When deploying to TEST:

The import process wants the user to associate the Connection References included in the solution with local connections.  At this point, I would expect to be able to create a new connection using the SPN I setup in the environment, however, only user-based connections are displayed and only user-based connections can be created using the "+ New connection" button.

In a given environment, an admin is unable to create an SPN-based connection outside the context of a Flow.  Prior to attempting a solution import I can't go into TEST, navigate to Data -> Connections -> "+ New connection" and create SPN-based connections that will then be associated with the Connection References.

Furthermore, I can't create a quick Flow in test to establish the two new environment-specific connections (e.g. "TEST SPN CDS Connection" and "TEST SPN CDS (current) Connection") and then go back to the solution import UI to refresh the list and choose one.  Hitting refresh and they never show up.

import.png

 

Anyone from the engineering team that can shed some light on the expected deployment scenario here?

2 REPLIES 2
Helpful
Resolver III
Resolver III

Small update...  Instead of using my existing TEST environment I created a fresh TRIAL environment and basically followed the same steps above.

Some observations:

  • Prior to attempting to importing the solution, I created a new local flow (didn't have to save it) with two SPN-based connections: "TRIAL SPN CDS Connection" and "TRIAL SPN CDS (current) Connection".
  • I then imported the solution and was prompted by the UI to associate the Connection References with a local connection and the new local connections appeared in the list.
  • The flows did not activate upon import which I don't fully understand since they were associated with the valid connections.  I had to open them and click "Continue", Save and then Activate.

import_with.png

 

I assume that the TEST environment I had been using was in a state that the new connection reference/import process does not like... hopefully things get ironed out soon.  It will be nice to have this process work without having to troubleshoot issues.

Also, existing ALM deployments from Azure DevOps are not in a good place due to connection references, but this has been well-documented in the forums.

Aedu
Helper II
Helper II

Hi

I just stumbled about this behavior and, thanks to your article, am confirmed in my understanding of how Connection References work.
I think your solution is good. Of course I hope that Microsoft will come up with a solution how to set up a connection with a SPN during the solution import or in general without having to create a dummy flow. I personally don't like such tinkering in managed environments. They contradict the managed idea.

 

I calm myself with the knowledge that we are still working with "latest **bleep**" technologies here.

 

Is it as it is or do we things completely wrong?

 

Regards

Adrian

Helpful resources

Announcements
Power Platform Conf 2022 768x460.jpg

Join us for Microsoft Power Platform Conference

The first Microsoft-sponsored Power Platform Conference is coming in September. 100+ speakers, 150+ sessions, and what's new and next for Power Platform.

New Ideas Forum MPA.jpg

A new place to submit your Ideas for Power Automate

Announcing a new way to share your feedback with the Power Automate Team.

MPA Virtual Workshop Carousel 768x460.png

Register for a Free Workshop

Learn to digitize and optimize business processes and connect all your applications to share data in real time.

MPA Licensing.jpg

Ask your licensing questions at the Power Automate AMA!

Join Priya Kodukula and the licensing team, super users and MVPs to find answers to your questions on Power Automate licensing.

Users online (2,950)