Use Azure Active Directory with a custom connector in Microsoft Flow
Azure Resource Manager enables you to manage the components of a solution on Azure - components like databases, virtual machines, and web apps. This tutorial demonstrates how to enable authentication in Azure Active Directory, register one of the Resource Manager APIs as a custom connector, and then connect to it in Microsoft Flow. You could also create the custom connector for PowerApps or Azure Logic Apps.
The process you follow in this tutorial can be used to access any RESTful API that is authenticated using Azure Active Directory.
Enable authentication in Azure Active Directory
First, you create an Azure Active Directory (AAD) application that performs the authentication when calling the Resource Manager API endpoint.
Sign in to the Azure portal. If you have more than one AAD tenant, make sure you're logged into the correct directory by looking at your username in the upper-right corner.
On the left-hand menu, select All services. In the Filter textbox, enter Azure Active Directory, and then select Azure Active Directory.
The Azure Active Directory blade opens.
In the menu on the Azure Active Directory blade, select App registrations.
In the list of registered applications, select New application registration.
Enter a name for your application, and leave Web app / API selected. For Sign-on URL, enter an appropriate value for your organization, such as
https://login.windows.net. Select Create.
Copy the Application ID, because you need it later.
The Settings blade should have opened, as well. If it didn't, select the Settings button.
On the Settings blade, select Required permissions. On the Required permissions blade, select Add.
The Add API access blade opens.
Select Select an API. In the blade that opens, select the option for the Azure Service Management API, and then Select.
Under Delegated permissions, select Access Azure Service Management as organization users, and then Select.
On the Add API access blade, select Done.
Back on the Settings blade, select Keys. In the Keys blade, enter a description for your key, select an expiration period, and then select Save.
Your new key is displayed. Copy the key value, because you need it later.
There is one more step in the Azure portal, but first you create a custom connector.
Create a custom connector
Now that the AAD application is configured, you create the custom connector.
In the Microsoft Flow web app, select the Settings button at the upper right of the page (the gear icon). Select Custom Connectors.
Select Create custom connector, then Import an OpenAPI file.
Enter a name for the connector and browse to where you downloaded the sample Resource Manager OpenAPI file. Select Continue.
The General page opens. Stay with the defaults here, and select the Security page.
On the Security page, provide AAD information for the application:
Under Client id, enter the AAD application ID value you copied earlier.
For client secret, use value you copied earlier.
For Resource URL, enter
https://management.core.windows.net/. Be sure to include the Resource URL exactly as written, including the trailing slash.
After entering security information, select the check mark (✓) next to the flow name at the top of the page to create the custom connector.
On the Security page, the Redirect URL field is now populated. Copy this URL so you can use it in the next section of this tutorial.
Your custom connector is now displayed under custom connectors.
Now that the custom connector is registered, create a connection to the custom connector so it can be used in your apps and flows. Select the + to the right of the name of your custom connector and then complete the sign-on screen.
The sample OpenAPI does not define the full set of Resource Manager operations and currently only contains the List all subscriptions operation. You can edit this OpenAPI file or create another OpenAPI file using the online OpenAPI editor.
Set the reply URL in Azure
In the Settings blade, select Reply URLs. In the list of URLs, add the value you copied from the Redirect URL field in the customer connector, such as
https://msmanaged-na.consent.azure-apim.net/redirect, and select Save.
For more detailed information about using a custom connector, see Use custom connectors in Microsoft Flow.
To ask questions or make comments about custom connectors, join our community.