Use Azure Active Directory with a custom connector in PowerApps
Azure Resource Manager (ARM) enables you to manage the components of a solution on Azure - components like databases, virtual machines, and web apps. This tutorial demonstrates how to enable authentication in Azure Active Directory, register one of the ARM APIs as a custom connector, then connect to it in PowerApps. This would be useful if you want to manage Azure resources directly from an app. For more information about ARM, see Azure Resource Manager Overview.
Enable authentication in Azure Active Directory
First, we need to create an Azure Active Directory (AAD) application that will perform the authentication when calling the ARM API endpoint.
Sign in to the Azure portal. If you have more than one Azure Active Directory tenant, make sure you're logged into the correct directory by looking at your username in the upper-right corner.
On the left-hand menu, click More services. In the Filter textbox, type Azure Active Directory, and then click Azure Active Directory.
The Azure Active Directory blade opens.
In the menu on the Azure Active Directory blade, click App registrations.
In the list of registered applications, click Add.
Type a name for your application, leave Web app / API selected, and then for Sign-on URL type
https://login.windows.net. Click Create.
Click the new application in the list.
The Registered app blade opens. Make a note of the Application ID. We'll need it later.
The Settings blade should have opened, as well. If it didn't, click the Settings button.
In the Settings blade, click Reply URLs. In the list of URLs, add
https://msmanaged-na.consent.azure-apim.net/redirectand click Save.
Back on the Settings blade, click Required permissions. On the Required permissions blade, click Add.
The Add API access blade opens.
Click Select an API. In the blade that opens, click the option for the Azure Service Management API and click Select.
Click Select permissions. Under Delegated permissions, click Access Azure Service Management as organization users, and then click Select.
- On the Add API access blade, click Done.
Back on the Settings blade, click Keys. In the Keys blade, type a description for your key, select an expiration period, and then click Save. Your new key will be displayed. Make note of the key value, as we will need that later, too. You may now close the Azure portal.
Add the connection in PowerApps
Now that the AAD application is configured, let's add the custom connector.
In powerapps.com, in the left menu, select Connections. Select the ellipsis (...), then select Manage custom connectors in the upper right corner.
If you can't find where to manage custom connectors in a mobile browser, it might be under a menu in the upper left corner.
Select Create custom connector.
Type a name for your connection, and then upload the sample ARM OpenAPI file. Click Continue.
On the next screen, because the OpenAPI file uses our AAD application for authentication, we need to give PowerApps some information about our application. Under Client id, type the AAD Application ID you noted earlier. For client secret, use the key. And finally, for Resource URL, type
Be sure to include the Resource URL exactly as written above, including the trailing slash.
Your custom connector is now registered and can be consumed within PowerApps or Microsoft Flow.
The sample OpenAPI does not define the full set of ARM operations and currently only contains the List all subscriptions operation. You can edit this OpenAPI file or create another OpenAPI file using the online OpenAPI editor. This process can be used to access any RESTful API authenticated using AAD.
For more detailed information about how to create an app, see Create an app from data.
For more detailed information about how to use a flow in an app, see Start a flow in an app.
To ask questions or make comments about custom connectors, join our community.