Automate PowerApps App Sharing

Problem

Consider you are part of a big organization with thousands of employees, and you or your IT team have created hundreds of PowerApps apps for the employees of different departments.

Now when a new employee joins in, you are being asked to share specific apps with that new joiner. Being app owner or the only user who have access to share the apps with other user and looking at number of apps, and number of new joiners for such a big company – it's a high workload for IT team that too for a non-productive action. Can’t we just automate this app sharing part easily?

Solution

You can do this easily by creating a separate Azure AD group for each PowerApps app and share the app with the group. Keep adding a new joiner to that Azure AD group. Well, this can be one of the options. But what if you want conditional access to be given, what if you want approval process to be involved before granting the access?

In that case we can automate PowerApps apps sharing process with the help of FLOW. With this approach, you are not dependent on admin user. Anyone in the organization can initiate this action easily.

You can also include approval process, in case where you want access to be granted on certain conditions only. And when approved then only grant access to the app.

We are going to make use of simple SharePoint list where any user like HR, recruiter, manager, IT user can add a request to share selected app to selected new joiner.

So, create above list in your environment with two columns, User (person or group) and App (choice with list PowerApps in your environment).

We will create a FLOW which will trigger when a new item is created in the above list.

Create new flow with trigger, as shown above, -> Look for PowerApps for maker connector -> Add Edit App role assignment action

Check the below screenshot to understand what all parameters we need to pass to it.

We will need to pass the below parameters to this action

User email ID – you can get this from User column from the trigger

Environment filter query – you can get this from the URL part of your FLOW portal. If it's the default environment, then include default word in it.

PowerApps app ID – you can get this ID from URL when you run the app in browser

Tenant ID – you can get this from URL when you run the app in browser

User ID – to get this you must add “Get user” Azure AD action as shown below

Notify – add Notify word if you want the notification to be sent to user.

Role – add a string of what role you want to assign. If you want user to grant run permission, then pass CanView string.

If you want user to have run as well share permission, then pass the string as CanViewWithShare.

If you want user to be co-owner of the app who can edit the app then it must be – CanEdit.

This is how the action looks like after configuring all the parameters - 

Save the FLOW and test it. Once FLOW runs successfully navigate to PowerApps portal and verify if the selected app has been shared with selected user or not.

You can use same action to remove the access as well -> just pass the user ID in delete field.

Check out above configuration in detail from this YouTube video.

Summary

Automating app sharing actions will really reduce the workload from IT team and would be much faster compared to manual process of admin doing this job.

Hope this helps you guys. Thanks for reading.