Use Azure Active Directory with a custom connector in Microsoft Flow

Azure Resource Manager enables you to manage the components of a solution on Azure - components like databases, virtual machines, and web apps. This tutorial demonstrates how to enable authentication in Azure Active Directory, register one of the Resource Manager APIs as a custom connector, and then connect to it in Microsoft Flow. You could also create the custom connector for PowerApps or Azure Logic Apps.

The process you follow in this tutorial can be used to access any RESTful API that is authenticated using Azure Active Directory.

Prerequisites

Enable authentication in Azure Active Directory

First, you create an Azure Active Directory (AAD) application that performs the authentication when calling the Resource Manager API endpoint.

  1. Sign in to the Azure portal. If you have more than one AAD tenant, make sure you're logged into the correct directory by looking at your username in the upper-right corner.

    User Name

  2. On the left-hand menu, select All services. In the Filter textbox, enter Azure Active Directory, and then select Azure Active Directory.

    Azure Active Directory

    The Azure Active Directory blade opens.

  3. In the menu on the Azure Active Directory blade, select App registrations.

    App registrations

  4. In the list of registered applications, select New application registration.

    Add button

  5. Enter a name for your application, and leave Web app / API selected. For Sign-on URL, enter an appropriate value for your organization, such as https://login.windows.net. Select Create.

    New app form

  6. Copy the Application ID, because you need it later.

  7. The Settings blade should have opened, as well. If it didn't, select the Settings button.

    Settings button

  8. On the Settings blade, select Required permissions. On the Required permissions blade, select Add.

    Required permissions

    The Add API access blade opens.

  9. Select Select an API. In the blade that opens, select the option for the Azure Service Management API, and then Select.

    Select an API

  10. Under Delegated permissions, select Access Azure Service Management as organization users, and then Select.

    Delegated permissions

  11. On the Add API access blade, select Done.

  12. Back on the Settings blade, select Keys. In the Keys blade, enter a description for your key, select an expiration period, and then select Save.

  13. Your new key is displayed. Copy the key value, because you need it later.

    Create a key

There is one more step in the Azure portal, but first you create a custom connector.

Create a custom connector

Now that the AAD application is configured, you create the custom connector.

  1. In the Microsoft Flow web app, select the Settings button at the upper right of the page (the gear icon). Select Custom Connectors.

    Find custom connectors

  2. Select Create custom connector, then Import an OpenAPI file.

    Create custom connector

  3. Enter a name for the connector and browse to where you downloaded the sample Resource Manager OpenAPI file. Select Continue.

    Name and file location

  4. The General page opens. Stay with the defaults here, and select the Security page.

  5. On the Security page, provide AAD information for the application:

  • Under Client id, enter the AAD application ID value you copied earlier.

  • For client secret, use value you copied earlier.

  • For Resource URL, enter https://management.core.windows.net/. Be sure to include the Resource URL exactly as written, including the trailing slash.

    OAuth settings

    After entering security information, select the check mark () next to the flow name at the top of the page to create the custom connector.

  1. On the Security page, the Redirect URL field is now populated. Copy this URL so you can use it in the next section of this tutorial.

  2. Your custom connector is now displayed under custom connectors.

    Available APIs

  3. Now that the custom connector is registered, create a connection to the custom connector so it can be used in your apps and flows. Select the + to the right of the name of your custom connector and then complete the sign-on screen.

Note

The sample OpenAPI does not define the full set of Resource Manager operations and currently only contains the List all subscriptions operation. You can edit this OpenAPI file or create another OpenAPI file using the online OpenAPI editor.

Set the reply URL in Azure

In the Settings blade, select Reply URLs. In the list of URLs, add the value you copied from the Redirect URL field in the customer connector, such as https://msmanaged-na.consent.azure-apim.net/redirect, and select Save.

Reply URLs

Next steps

For more detailed information about using a custom connector, see Use custom connectors in Microsoft Flow.

To ask questions or make comments about custom connectors, join our community.