As Microsoft is still making changes to connection references, I have been trying to get it to work with a service principal account, and account a few interesting points that are important for anyone who will be developing and deploying Power Automate flows using the Service Principal Connection reference.
Let’s start with the basics. I created a flow that will trigger when the Payment Status column of a transaction record is updated to the value of Sent. Once that is done, I retrieve the existing value from the associated Contact record, increment the total transaction amount and then update the total transaction amount on the Contact record.
Let’s start with the trigger. I create an update trigger on the Transactions table (custom), set the filtering attributes to the column that I want it to trigger on, and finally set the Run as triggering user.
I have also set the Connection Reference to use the Service Principal account that I used. Of course there are no issues so far.
Next, I add logic to retrieve the associated contact record (I only need the transaction amount column), check if the value is null and set the value of the Total Transaction Amount in the variable. If the contact record has existing value, I will also increment the variable.
Finally, I will call an Update action on the contact record, and set the Total Transaction Amount column to the value of the variable that I set in the previous step. The final step looks like the image below.
Now for the test. I ran the test two times, and with two different results based on some changes to the action that updates the contact record. The list below shows the two records that were updated in the transaction table:
The first time that I ran the process, I used the Service Principal account that I created.
The results in this situation were that the record that was updated showed that it was modified by the Service Principal account, and not be the user that was set as the Triggering user of the flow. I guess this makes sense, as I should be able to tell the system in each action whether I want it to be executed by the triggering user, or by the Service account itself.
Since I don’t really want to show that this was executed and updated by the Service Principal account, I needed to see what has to be modified in order to get this working. If we take a look at the more options for the Update record action, we see that there is an option to Use invoker’s connection. This will basically execute this action as the same user account that was set on the trigger of the flow. The image below shows the Invoker’s connection set.
Once I changed the second transaction Payment Status to sent, I could see that the second updated record contains the correct modified by value, which is the triggering user.
The next step is to deploy this to a higher environment, as part of the solution. As we already know, when we deploy across environments, and we have flows that are using connection references, we have to provide the connection reference that the flow will use in the higher environment. In that case, we will need to create a new connection reference in each environment and when importing the solution, set it accordingly.
The one thing to notice, is that as connection references are still in preview, there is currently a limit of how many flows can use a single connection reference. At the time of writing this, that limit is 16. I am pretty sure that by the time that connection references are out of preview, that limit will change.
I will update this as we find out new changes on connection references.