How to manage orphan flows when the owner leaves the organization

This article describes how to manage orphan flows when the owner leaves the organization.

Applies to:   Power Automate
Original KB number:   4556130

What are orphaned flows?

A flow turns into an orphaned flow when it doesn't have a valid owner anymore. It often happens when the creator or owner of the flow has left the organization and there's no co-owner. If the flow uses connections that require authentication, then it may start failing because the user identity isn't valid anymore.

Admins can maintain continuity on the business process automated by the flow by adding one or more co-owners to it. Co-owners basically have full control over the flow just like the original owner, and can fix authentication for connections if any and enable the flow if it has been disabled.

How to check if there are orphaned flows

Note

Only privileged users can view flows that don't have any valid owners.

On the environment page from Flow Admin Center, go to Resources tab and then open the Flow list. Orphaned flows display None as their owner.

Select Load more to load the next set of flows so as to ensure you've looked through all flows that might be orphaned.

Assign new co-owner(s) to an orphaned flow

  1. From the flow list, select the orphaned flow to open the flow details page.
  2. Select Manage sharing at the bottom of the Owners list.
  3. Type in a new owner name and select the new owner account.
  4. Select Save to save the changes.

Note

It may be hard to find the orphaned flows if there are a large amount of flows in your organization. In that case, you can also manage orphaned flows through PowerShell cmdlets.

Manage orphaned flows through Power Automate cmdlets for administrators

As an Admin, you can also manage flows by running Power Apps cmdlets for administrators. Make sure you've followed the instructions to complete the installation if you haven't done it before.

Fixing permissions for one flow

You'll need the environment name and flow name (a GUID). Run the Get-AdminFlowOwnerRole cmdlet with environment name and flow name to get the list of users and their roles. Which will enable you to verify the current permissions set for the flow.

To assign a co-owner to a flow, run Set-AdminFlowOwnerRole with the AAD principal object ID of the new owner.

Set-AdminFlowOwnerRole -EnvironmentName <env name> -FlowName <flow name> -PrincipalType User -RoleName CanEdit -PrincipalObjectId <new owner object id>

Note

You can get the AAD principal object id of a user by running Get-AzureADUser cmdlet (which is from AzureAD module).

Run Get-AdminFlowOwnerRole again to verify the new owner is in the list.

Fixing permissions for flows created by a particular user

Get a list of flows created by a given user by running the following cmdlet, and then apply the above section to fix every flow on the list.

Get-AdminFlow -EnvironmentName <env name> -CreatedBy <user AAD object id>

Listing all orphaned flows in an environment

To get all flows that don't have valid users, loop through all flows in one environment, and verify there's at least one owner or co-owner that exists in AAD. The following script provides an example:

$env = "<your environment name>"
$flows = Get-AdminFlow -EnvironmentName $env
foreach ($flow in $flows)
{
    $hasValidOwner = $false
    $permissions = Get-AdminFlowOwnerRole -EnvironmentName $env -FlowName $flow.FlowName
    foreach ($permission in $permissions) 
    {
        $roleType = $permission.RoleType
        
        if ($roleType.ToString() -eq "Owner" -or $roleType.ToString() -eq "CanEdit")
        {
            $userId = $permission.PrincipalObjectId
            $users = Get-AzureADUser -Filter "ObjectId eq '$userId'"

            if ($users.Length -gt 0)
            {
                $hasValidOwner = $true
                break
            }
        }
    }

    if ($hasValidOwner -eq $false)
    {
        $flow
    }
}

You can also inject the Set-AdminFlowOwnerRole cmdlet to assign a co-owner for each flow that doesn't have a valid owner.