Restricting Users on Power Automate HTTP Triggers

User Review
0 (0 votes)



Microsoft Power Automate, previously known as Microsoft Flow, is a cloud-based service that allows you to automate workflows and integrate various applications and services without the need for extensive coding. It enables you to create automated processes, called flows, that can be triggered by various events, including HTTP triggers.

An HTTP trigger in Microsoft Power Automate allows you to start a flow by making an HTTP request to a specific URL. This can be useful for integrating Power Automate with external systems, services, or applications that can send HTTP requests.

HTTP triggers can be secured using various authentication mechanisms to ensure the security and privacy of your workflows. However, MS just recently began rolling out a new feature that will simplify authentication! It’s not yet available in all regions, so stay tuned if you don’t see it yet in your tenant.

Restricting what users can trigger the flow

This new feature (available with new Http triggers) allows admins to restrict what users (or apps) can trigger the flow. When you first create the “When a HTTP request is received” trigger, you now have an option called “Who can trigger the flow?”. The options for this are:

  • Any user in my tenant
  • Specific users in my tenant (users or service principal object ids)
  • Anyone

The option you choose will depend on your use case, but most cases will benefit from

the first option, “Any user in my tenant”.

Allowing external apps to trigger the flow

If you need an external service or app to trigger the flow, your admin should create an App Registration in your Azure Tenant for them to use. The settings…(read full post on


The post Restricting Users on Power Automate HTTP Triggers appeared first on CRM Software Blog | Dynamics 365.