Yannick Reekmans
Please enter at least 3 characters
Feb 12, 2024 2 min read

Force populate a "Microsoft Entra ID"-based Team in Power Platform

Combine the Force Sync user action and the user impersonation on a Dataverse REST API to force populate a Team based on Microsoft Entra ID Security Group in Power Platform, through Power Automate.

Force populate a "Microsoft Entra ID"-based Team in Power Platform
Photo by Steven Libralon / Unsplash

More and more people are using Teams in Power Platform that are connected to a Microsoft Entra ID Security Group or Microsoft Entra ID Office Group. This has the advantage of managing membership through a Security Group in Microsoft Entra ID, and having it automatically be implemented on Power Platform because a Team can have Security Roles and Column Security Profiles associated.

The downside of these Teams is the Just-In-Time population: users will only show up inside such a Team in Power Platform when they login to the environment... This provides challenges when you need them in the Team to have Security Roles applied for additional management purposes (like assigning them as an owner on records). Luckily, you can force the population by impersonating every user in a Dataverse REST API call!

Inspired by a blogpost from Guido Preite where he does this with C#, we can achieve the same thing with Power Automate by combining two of my previous blog posts:

  1. Use Power Automate to force sync an Azure AD user to Dataverse
  2. Call any Dataverse/Dynamics 365 REST API from Power Automate

Preparation

  1. Create a Microsoft Entra ID Security Group and add some people in there
  1. Create a Team in Power Platform that uses this Microsoft Entra ID Security Group as membership source
  1. Validate that none of the users show up inside the Team automatically/immediately

Force Sync Power Automate flow

  1. Create a flow that loops the members of the Microsoft Entra ID Security Group, uses Force Sync to get them in the systemusers table, and impersonation on the WhoAmI call to force them inside the Team in Power Platform (make sure to check out the previous blog posts on this topic).
The UI cuts it off, but you need to use the "Group Members Id" property in both places.
  1. Run the flow!
  1. Validate that all users are now visible inside the Team in Power Platform

A simple Power Automate flow like this can be helpful in situations where you need the Team in Dataverse to accurately reflect new members in the Microsoft Entra ID Security Group, but you don't have the time (or patience!) to wait for them to sign in to the environment. Another time saver!

Power Automate Azure AD Dataverse Dynamics 365
You might also like
Great! You’ve successfully signed up.
Welcome back! You've successfully signed in.
You've successfully subscribed to Yannick Reekmans.
Your link has expired.
Success! Check your email for magic link to sign-in.
Success! Your billing info has been updated.
Your billing was not updated.