Authenticate Dataverse connector using Service Principal in a Power Automate Flow

Many times, users/admins are not comfortable using their credentials being used as Connections. Some connectors do provide the ability to authenticate using Service Principal.

Let’s jump into this! 😊

Setting Up App Registration for Dynamics 365 CRM

Here’s how you setup an App Service to be used as a Service Principal for Dataverse connector in Power Automate –

  1. Go to the Azure Portal (https://portal.azure.com/) and the look for Azure Active Directory.

  2. In Azure Active Directory, look for App Registrations in the menu.

  3. Now, create a + New registration record.

  4. Now, give this App Registration a suitable name. And you can select your preferences on how the tenant type should be. I’ve left it to Single tenant or simplicity of the example.

  5. Now, once this is created, go to the API Permissions section.

  6. Now, look for a button to Add a permission.

  7. Then, select Dynamics CRM and select it.

  8. Once this is selected, you’ll get to select user_impersonation. Then, clicked Add permissions.
  9. Once added, you’ll see that the Status column is blank. Then, click on Grant admin consent for <TenantName>.

  10. Once you click on Grant admin consent button, you’ll be asked for confirmation. Confirm the same.

  11. Once you confirm, you’ll see the status as Granted as shown below.

  12. Then, go to Certificates and secrets. Once in that, click on + New client secret.

  13. You’ll be asked the the Description, do so and Save it.

  14. Now, you need to copy the value onto Notepad.

  15. Now, let’s move to adding this App Registration to the Power Platform Admin Center so that you can then give appropriate permissions so that it can be used for Authentication into Dataverse.

Add Application User in Power Platform Admin Center

Go to the Power Platform Admin Center (https://admin.powerplatform.microsoft.com/) and the to the Environments section and select the correct Dataverse environment –

  1. Select the environment which will have your Flow that will use the Dataverse connection in question.
    And click Settings.

  2. Now, expand Users + permissions section and look for Application Users.

  3. Now, in Application Users, you’ll need to add the App Registration as a User and give Roles. Now, click on + New app user.

  4. Now, click on + Add an app.

  5. Now, any App Registration that has not yet been created in the current environment as user will automatically appear. Select the one you created – “Dataverse Service Principal” in this case and click on Add.

  6. Now, select the BU.

  7. Next, click on Security Roles’ pencil to give roles.

  8. I’m just giving System Administrator for simplicity of example.

  9. Now, you should be good to create this user. Click on Create.

  10. Finally, your Application Record will look like this –

  11. Now that your Application User is set in Dynamics / Power Platform Admin Center, you are all set to add this to authenticate the Dataverse Connector in Power Automate. Let’s do that!

Authenticating using Service Principle in Dataverse action

Now, let’s say you are starting a Flow with the Dataverse connector –

  1. Select the Dataverse trigger you want to use. I’ll pick a common one.

  2. Now, click on the three dots and look to add a new Connection if it already authenticated using the logged in user which is the default behavior.

  3. Now, you’ll see the option to select –

  4. Now, you’ll see these fields to fill in.

  5. Now, first give the connection itself a suitable name.

  6. Now, for Client ID – Go to the App Registration in Azure and look for the Client ID in the information section. It’ll look like this –


    Paste it in the Client ID field and it’ll look like this –

  7. Now, look for Client Secret – open the Notepad where you saved the Secret we copied while creating the Client Secret record in Azure.

  8. Now, finally – Go to the App Registration record and you’ll find the Tenant ID here –


    And paste is where it says Tenant. Now, Create this connection!
  9. Ensure that the Connection is selected.

  10. I’ll just add an extra variable in order to save this simple Flow and then we’ll create an Account (simple example if you see the screenshot below) in order to Run this Flow.
    My Flow looks ready to be tested.

  11. Now, I’ll create an Account in my Dynamics 365 CRM.

  12. And the Flow would have Run already.

Validate

In order to ensure the connection is run by the Service Principal itself, you can do this –

  1. In advanced options, you can choose to “Run as” as “Flow owner


  2. And when you check the details in the Flow Run, you can check the attribute in the trigger “RunAsSystemUserId

  3. And if you check this GUID, it belongs to the Dataverse Service Principal user we set up.


    And that’s how you can setup to run the Dataverse action to use Service Principal instead of user credentials!

Hope this was useful!

Here are some Power Automate posts you want to check out –

  1. Select the item based on a key value using Filter Array in Power Automate
  2. Select values from an array using Select action in a Power Automate Flow
  3. Blocking Attachment Extensions in Dynamics 365 CRM
  4. Upgrade Dataverse for Teams Environment to Dataverse Environment
  5. Showing Sandbox or Non Production Apps in Power App mobile app
  6. Create a Power Apps Per User Plan Trial | Dataverse environment
  7. Install On-Premise Gateway from Power Automate or Power Apps | Power Platform
  8. Co-presence in Power Automate | Multiple users working on a Flow
  9. Search Rows (preview) Action in Dataverse connector in a Flow | Power Automate
  10. Suppress Workflow Header Information while sending back HTTP Response in a Flow | Power Automate
  11. Call a Flow from Canvas Power App and get back response | Power Platform\
  12. FetchXML Aggregation in a Flow using CDS (Current Environment) connector | Power Automate
  13. Parsing Outputs of a List Rows action using Parse JSON in a Flow | Common Data Service (CE) connector
  14. Asynchronous HTTP Response from a Flow | Power Automate
  15. Validate JSON Schema for HTTP Request trigger in a Flow and send Response | Power Automate
  16. Converting JSON to XML and XML to JSON in a Flow | Power Automate

Thank you!

Log Canvas Power App telemetry data in Azure Application Insights | Power Apps

Here’s how you can register your Canvas Power App in your Azure’s Application Insights and log telemetry data into Azure.

Some basic info about what all you can see in Application Insights is –

  1. Count of Users who used the app
  2. Events logged, Sessions logged
  3. Device info
  4. Region info

It’s quite simple to set it up! Let’s take a look –

Registering in Application Insights in Azure

First, make sure you do have an Azure Subscription. Let’s look at how you can register an Application Insight record.

  1. Look for Application Insights in Azure in the search bar

  2. Then, among other records, you can register a new one which will identify with your Canvas Power App

  3. Review all that you entered and move ahead

  4. It’ll be deployed pretty quickly within a few minutes unlike some heavy Azure resources

  5. Upon completion, you can navigate to the resource and see the details

    Zoomed In


Add Instrumentation Key to Canvas Power App

Next step is to add the Instrumentation Key to the Canvas Power App

  1. Look for the App itself in the Navigation tree

  2. Once you select that, you can then look at it’s Properties on the right hand side. In Instrumentation Key, paste the Instrumentation Key you copied when you created the App in the Azure.

  3. And to go with that, let’s say my Canvas Power App has some basic structure like below

Using Application Insights

As the users use the Canvas App, the following information is logged –

  1. Navigate to the Usage section in the Application Insights you registered and if you scroll down on the main pane, you can see w

  2. And then scroll down to reveal more Insight data


  3. Or, if you see Events, you can see info like this –

    I’m not completely sure why my users showed high when I tried with only 2 users. But perhaps, once I dive more deeper into using Application Insights and how each of the metrics are read, I’ll come back to update this post. 😊

And likewise, if you know how to read the Application Insights, you can customize this to give you what you need to see.

Here is some Microsoft Documentation on Application Insights to help you out –

  1. https://docs.microsoft.com/en-us/azure/azure-monitor/app/usage-segmentation

Hope this was useful. Here are more Azure/Canvas Power App related posts you might want to check –

  1. Call Azure Function from Dynamics 365 CRM using Webhooks
  2. Use Azure App Passwords for MFA enabled D365 authentication from Console App
  3. Call HTTP Request from a Canvas Power App using Flow and get back Response | Power Automate
  4. Launch URL on a Data Table Text column selection in a Canvas PowerApp | SharePoint Lists
  5. Call HTTP Request from a Canvas Power App using Flow and get back Response | Power Automate
  6. Send a Power App Push Notification using Flow to open a record in Canvas App | Power Automate
  7. Aggregate functions in a Canvas Power App | Using on SharePoint Lists
  8. Count of total CDS records returned in a Canvas Power App connection [Quick Tip]
  9. Dependent OptionSets in a Canvas Power App for 1:N related CDS entities | Power Platform
  10. Implement character length validation in a Canvas Power App | Power Platform

Thank you!

Call Azure Function from Dynamics 365 CRM using Webhooks

This is a vast topic to cover in a blog. But I wanted to write from a bird-eye’s view of how this will pan out in an implementation where you perform a certain operation in Dynamics 365 CRM and an Azure Function is called to perform further operations.

This post is written keeping in mind fair knowledge of Azure Functions, Storage accounts and subscriptions in mind.

I’ll try to keep the article short, so stay with me! 🙂

Create a Function App in Azure

  1. Let’s say you have created a Function App in Azure already and want to connect to Dynamics 365 CRM. Click on the big + New Function button in the screenshot below
    resourceOverview_LI
  2. Now, since I want to keep Visual Studio as my driver for coding and deployment, I’ll create a new Project in Visual Studio of type Azure Functions and click Next
    newProj
  3. On the next page, I’ll give a relevant name and hit Create.
    createProjectButton
  4. Since we will be using Webhooks to connect to the Azure Function, the trigger chosen here is Http Trigger.Make sure you select Framework because Microsoft.Xrm.Sdk assemblies don’t work on .NET Code, but on .NETFramework only.And then you should take care of what your Storage Account and Authorization should be – Finally click Create once done.
    frameWorkSelected
  5. The Project will open with 1 .cs file, so make sure you name your plugin initially –
    accountPluginGetsInApp
  6. It’ll take a while to create the Project. Once created, go to the Portal on Azure and click on the Get Publish Profile
    getPublishProf_LI
    It will be downloaded on the computer. Keep it so that you can import it on the Project in Visual Studio to use for Direct Publish.
    downloadedProfile
  7. Now, right click and chose Publish to make your first push as is so that the Account Function gets pushed to Azure App.
    firstPublish
  8. Then, click on Import and import the Publish Profile settings downloaded in step #5 above –
    selectImport
  9. Once imported, you’ll be taken here – simply Publish once.
    quickPublish
  10. Once Publish is successful, check in the Azure App in Portal, the Function should appear.
    accountPluginGetsInApp

 

Modifying code to read Webhook Call from Dynamics 365

  1. To keep it simple, I’m simply reading the context and then, you can flourish your App further to make it work as required.
    captureContextSo, I’m only reading the request into a String and logging it so that we can see it in the logs in the Azure Function app.
  2. You can use RemoteExecutionContext class to actually get all the contextual information into the Function app and then use it further. See below –
    remotecontext
  3. Once ready with your code, Publish it.

Now, let’s Register the Webhook and call the app.

If you’re also looking for remote debugging, this is a great article-Remote Debugging Azure Functions V2 “The breakpoint will not currently be hit. No symbols have been loaded for this document”

Register a Webhook in Plugin Registration Tool

Coming to Dynamics 365 CRM side of things, you can register a Webhook that will trigger on Account Name update to fire off the AccountPlugin Function App created above –

  1. In Plugin Registration Tool, register a new Webhook
    registerWebHook
  2. Enter Webhook Details. Select Authentication type as WebhookKey
    enterWebhookDetails
  3. Now, to get the key, go to the Function App in portal, and look </> Get function URL link.
    getKeyandURL
  4. Copy the same and paste in Notepad, separate the code part from the main URL
    selectCopy
    separateCodePart
  5. Paste the URL part in Endpoint URL and key in the Value field. Click Save.
    registerWebHookWIthDetails
  6. Now, add a Step to the Webhook. For this example, I’ve chosen update of Account‘s Account Name field
    addStepregisterStepInWebhook
    And Register it.

Execution

  1. The purpose was to simply ready Dynamics 365 Account record upon modification of the Account Name
    recordChange
    And save the record.
  2. In a minute or so, the Log will be generated (only the logs take a little longer to generate)
    triggered
    And thus, we are able to send data / or rather, call Azure Function and process Dynamics 365 CRM data using Webhooks.

Some other Azure related post you might like to look at – Use Azure App Passwords for MFA enabled D365 authentication from Console App

Hope this was helpful! Tried my best to keep it basic and short as possible. I’m sure you all will explore way beyond and develop awesome implementations!