Managing Connections
Test, re-authorize, and remove your platform connections.
After setting up a connection, you can test it, re-authorize if tokens expire, or remove it entirely.
Testing a Connection
From the Connections page, each connection card shows its current status. Click the connection to see details, or use the test button to verify that credentials are still valid and the API is reachable.
A successful test confirms:
- Graph API connectivity (organization metadata accessible)
- Power Platform API connectivity (environments visible, if authorized)
Re-authorizing a Microsoft Connection
If a connection shows "Needs Reauth" status:
- Open the connection details
- Click Re-authorize to start a new consent flow
- An admin signs in with Microsoft and grants consent
- The connection status returns to "Authorized"
This happens when the refresh token expires (typically after ~90 days of inactivity) or when the admin revokes consent in Azure.
Removing a Connection
- Navigate to Connections
- Open the connection you want to remove
- Click Delete Connection
- Confirm the deletion
Deleting a connection removes the stored credentials (encrypted client ID, client secret, and tokens) and all associated scan history. This action cannot be undone.
Troubleshooting
| Symptom | Cause | Fix |
|---|---|---|
| "Connection test failed" after entering credentials | Incorrect Tenant ID, Client ID, or Client Secret | Double-check values in Azure portal > App registrations |
| "Needs Reauth" status on a working connection | Refresh token expired or admin revoked consent | Click Re-authorize and have an admin sign in again |
| "AADSTS700016" error during test | App registration not found in the specified tenant | Verify the Client ID matches an active app registration in your tenant |
| "AADSTS7000113" error | App-only token used for Power Platform API | Complete the delegated authorization flow (Authorize with Microsoft button) |
| "AADSTS65001" error | Admin consent not granted | Go to Azure portal > App registrations > API permissions > Grant admin consent |
| "0 environments found" after authorization | Admin account lacks Power Platform Administrator role | The authorizing admin must have Power Platform Administrator or Global Administrator |
FAQ
Q: Can Velnoro modify anything in my tenant? No. Velnoro requests only read permissions. It cannot create, modify, or delete any resources in your Microsoft tenant.
Q: How are my credentials stored? All credentials (client ID, client secret, refresh tokens) are encrypted with AES-256-GCM before storage. The encryption key is stored in environment variables, never in the database. See the Security guide for details.
Q: Can I connect multiple tenants? Yes. Add one connection per Microsoft tenant. Each connection is scanned independently.
Q: What happens if my client secret expires? The connection test will fail. Create a new client secret in Azure, then update the credentials in Velnoro.