Use Azure Active Directory with a custom connector in Power Automate

Azure Resource Manager enables you to manage the components of a solution on Azure—components like databases, virtual machines, and web apps. This tutorial demonstrates how to enable authentication in Azure Active Directory (Azure AD), register one of the Resource Manager APIs as a custom connector, and then connect to it in Power Automate. You can also create the custom connector for Power Apps or Azure Logic Apps.

The process you follow in this tutorial can be used to access any RESTful API that's authenticated by using Azure AD.

Prerequisites

Enable authentication in Azure AD

First, you create an Azure AD application that performs the authentication when calling the Resource Manager API endpoint.

  1. Sign in to the Azure portal. If you have more than one Azure AD tenant, make sure you're signed in to the correct directory by verifying that your user name appears in the upper-right corner.

    User name.

  2. On the left pane, select All services. In the Filter box, enter Azure Active Directory, and then select Azure Active Directory.

    Azure Active Directory.

    The Azure Active Directory blade opens.

  3. On the left pane of the Azure Active Directory blade, select App registrations.

    App registrations.

  4. In the list of registered applications, select New application registration.

    Add button.

  5. Enter a name for your application, and leave Application Type as Web app / API. For Sign-on URL, enter an appropriate value for your organization, such as https://login.windows.net. Select Create.

    Create a new application registration.

  6. Copy the Application ID, because you'll need it later.

  7. The Settings blade should have opened as well. If it didn't, select Settings.

    Settings button.

  8. On the left pane of the Settings blade, select Required permissions. On the Required permissions blade, select Add.

    Required permissions.

    The Add API access blade opens.

  9. On the Add API access blade, select Select an API, and then select Azure Service Management API > Select.

    Select an API.

  10. Under Delegated permissions, select Access Azure Service Management as organization users > Select.

    Delegated permissions.

  11. On the Add API access blade, select Done.

  12. Back on the Settings blade, select Keys. On the Keys blade, enter a description for your key, select an expiration period, and then select Save.

  13. Your new key is displayed. Copy the key value, because you'll need it later.

    Create a key.

There's one more step to complete in the Azure portal, but first you create a custom connector.

Create a custom connector

Now that the Azure AD application is configured, you create the custom connector.

  1. In the Power Automate web app, select Settings (the gear icon) in the upper-right corner of the page, and then select Custom Connectors.

    Find custom connectors.

  2. Select Create custom connector > Import an OpenAPI file.

    Create a custom connector.

  3. Enter a name for the connector, browse to where you downloaded the sample Resource Manager OpenAPI file, and then select Continue.

    Name and file location.

  4. The General page opens. Leave the default values as they appear, and then select the Security page.

  5. On the Security page, enter Azure AD information for the application:

    • Under Client id, enter the Azure AD application ID value you copied earlier.

    • For Client secret, use the value you copied earlier.

    • For Resource URL, enter https://management.core.windows.net/. Be sure to include the resource URL exactly as written, including the trailing slash.

    OAuth settings.

    After entering security information, select the check mark () next to the flow name at the top of the page to create the custom connector.

  6. On the Security page, the Redirect URL field is now populated. Copy this URL so you can use it in the next section of this tutorial.

  7. Your custom connector is now displayed under Custom Connectors.

    Available APIs.

  8. Now that the custom connector has been registered, create a connection to the custom connector so that it can be used in your apps and flows. Select the plus sign (+) to the right of the name of your custom connector, and then complete the sign-in screen.

 Note

The sample OpenAPI doesn't define the full set of Resource Manager operations; currently, it only contains the List all subscriptions operation. You can edit this OpenAPI file, or create another OpenAPI file by using the online OpenAPI editor.

Set the reply URL in Azure

On the Settings blade, select Reply URLs. In the list of URLs, add the value you copied from the Redirect URL field in the custom connector—for example, https://msmanaged-na.consent.azure-apim.net/redirect—and then select Save.

Reply URLs.

 

Add comment