Problem: By default, the HTTP with Azure AD connector requires end users to authenticate the connector by providing the Application ID and Base URL for the Azure Function.
Solution: Configure the HTTP with Azure AD connector in the Power Automate flow to authenticate using a service principal. This ensures that all authentication details are managed centrally, removing the need for end-user input.
Step 1: Register an App in Azure AD
- Open the Azure Portal and navigate to Azure Active Directory > App registrations.
- Create a new app registration and note the Application (Client) ID and Directory (Tenant) ID.
- Define the app’s API permissions, such as
Function.ReadWrite, and grant admin consent to ensure all users inherit the permissions.
Step 2: Generate a Client Secret
- Go to the Certificates & secrets section in your app registration.
- Create a new client secret, and securely save the generated value for later use.
Step 3: Configure the HTTP with Azure AD Connector
- In Power Automate, open the HTTP with Azure AD connector settings.
- Enter the following details:
- Base Resource URL: The Azure Function URL.
- Tenant ID: The Azure AD Directory (Tenant) ID.
- Client ID: The Application (Client) ID.
- Client Secret: The client secret created earlier.
Step 4: Update Azure Function Authentication
- In the Azure Function settings, configure Authentication/Authorization to accept requests authenticated via Azure AD.
- Use token validation within the function to verify that incoming requests are authorized by the registered app.