Dataverse Service Account Secret Setup

Updated by Sean Ellner

Details
Pre-requisites:
PAD Export AzureAD application already created and configured, we will use this app to configure PowerPlatform access.
Dataverse Environment should have upload of actions log enabled (it’s enabled by default)
For each desktop flow run, there’s a maximum action log capacity of 32 MB. This capacity translates to roughly 50,000 to 80,000 action log entries. Once this limit is reached, any subsequent actions aren't recorded in the log. If you encounter this limitation, you can split your flow into smaller, separate flows.

To import flowsession data (flow runs/traces) in PowerCoE we are using Service Principal/Account with ‘custom’ role to read flowsessions table data for the whole environment (for all desktop flows). To detect desktop flow changes starting from 7.3 release we also need read permissions for 'process (workflow)', desktopflowbinary and user (systemuser) tables. We are using Environment (Dataverse) configured in PAD Export instance setting

Create Power Platform role

  1. Open power platform admin center and select required Environment (configured in Blueprint PAD export)
  1. Click/open Settings in the Toolbar
  1. Open User+Permissions section and then Security Roles
  1. Click New Role in the toolbar
  1. Create new role, update, save
  1. Select Show All Tables (in the tables filter) and search for flowsession
  1. Click on None value in the Read column for Flow Session row (Custom Table) and select Organization in the dropdown box
  1. Search for process (workflow) table and change Read column permission to Organization
  2. Search for desktopflowbinary table and change Read column permission to Organization
  3. Search for systemuser table and change Read column permission to Organization
  4. Click Save and Close in the toolbar

Create Application User

  1. Open Power Platform admin center, select environment, settings, Users + Permissions section, Application User
  1. Click New App User (add application user)
  1. On the Create new app user ‘screen’ click Add an app

 

  1. Search and select AzureAD app from pre-requisite (created for PAD export). And click add 
  2. Click on Security Roles (pencil icon) and select role created on the first section. Click save
  3. Click Create

 

Generate and set service account secret

  1. Open AzureAD application and add new client secret.
    1. Keep/copy the Value column of the generated secret (required for the next step in Blueprint/PowerCoE)
  2. Open Blueprint > Settings RPA Management > Analyze section
    1. Enable Dataverse Synchronization and paste your client secret from the previous step (use Value not client secret id) in the Service Account Secret field
  3. Click Save


How did we do?