velnoro
Sign Up

Microsoft Power Platform Setup

Create an Entra ID app registration, configure permissions, and authorize Power Platform access.

This guide walks you through connecting Velnoro to your Microsoft Power Platform tenant. The process involves creating an app registration in Azure, assigning permissions, and completing a one-time authorization flow.

Account role required: Owner or Admin (members with the "Manage" permission)

Ensure you have the appropriate admin access before starting. See the Permissions Reference for details on what roles and permissions are needed.

Step 1: Navigate to Connections

  1. Open Connections in the Admin section of the sidebar
  2. Click Add Connection
  3. Select Microsoft Power Platform as the platform

Step 2: Create an App Registration

In your Azure portal:

  1. Go to Entra ID > App registrations > New registration
  2. Name it something recognizable (e.g., "Velnoro - Platform Inventory")
  3. Set the supported account type to "Accounts in this organizational directory only"
  4. Click Register

Step 3: Add a Client Secret

  1. In your app registration, go to Certificates & secrets > New client secret
  2. Add a description and choose an expiry period
  3. Click Add
  4. Copy the secret value immediately (it is only shown once)

Step 4: Add API Permissions

In your app registration, go to API permissions > Add a permission:

  1. Microsoft Graph > Application permissions > Organization.Read.All (reads tenant info)
  2. Power Platform API > Delegated permissions > ResourceQuery.Resources.Read (reads resource inventory)
    • Find "Power Platform API" under "APIs my organization uses" (search by name or GUID 8578e004-a5c6-46e7-913e-12f58912df43)
  3. (Optional) Microsoft Graph > Application permissions > User.Read.All (reads user profiles for department-level analysis)

After adding permissions, click Grant admin consent for your organization.

Step 5: Add a Redirect URI

  1. Go to Authentication > Add a platform > Web
  2. Enter the redirect URI: https://app.velnoro.com/api/connections/microsoft/callback
  3. Click Configure

Step 6: Enter Credentials in Velnoro

Back in the Velnoro connection setup form, enter:

  • Tenant ID (found on the Azure portal overview page for your Entra ID tenant)
  • Client ID (from your app registration overview)
  • Client Secret (the value you copied in Step 3)

Click Verify to test the Graph API connection. A successful test confirms Velnoro can read your organization metadata.

Step 7: Authorize Power Platform Access

Click Authorize with Microsoft to complete the Power Platform delegated consent flow:

  1. A Microsoft sign-in window opens
  2. An admin signs in and grants consent
  3. Velnoro stores an encrypted refresh token for background scanning
  4. The connection status changes to "Authorized"

The admin who signs in must have the Power Platform Administrator or Global Administrator role. Their permissions determine which environments and resources Velnoro can see.

What's Next

Once authorized, you can run your first scan to discover all Power Platform assets in your tenant.