Introduction

Logic Apps and Desktop Flows are both powerful services. Logic Apps is a powerful cloud service within Azure that enables the creation and execution of automated workflows, seamlessly integrating applications, data, and services without the need for complex coding. On the other hand, Desktop Flows in Power Automate is a robust tool that allows users to automate repetitive desktop tasks and processes, combining robotic process automation (RPA) capabilities with an intuitive interface to enhance productivity. However, the Desktop Flow connector is not available in Logic Apps to trigger Desktop Flows directly. Additionally, running Desktop Flows through Logic Apps offers a more cost-effective solution, enabling their use in complex integration scenarios while leveraging advanced monitoring and management capabilities.

This article demonstrates how you can use Logic Apps (standard) with Dataverse Web API to trigger desktop flows, enabling seamless orchestration, improved integration, and enhanced workflow automation. It includes step-by-step instructions for setting up the solution, which will accomplish the following objectives:

• Seamless Orchestration: Utilize the Dataverse Web API within Logic Apps to trigger Desktop Flows.
• Security: Leverage the Logic App’s managed identity to securely execute Desktop Flows.
• Enhanced Integration: Integrate Logic Apps with Dataverse Web API to receive notifications on Desktop Flow completion and easily incorporate the results into enterprise systems.

Pre-requisites

• Azure subscription.
• Logic Apps.
• Power Platform in same tenant as Azure subscription with admin access.
• Power Automate (Premium license for Attended RPA or Process license for Unattended RPA). See Premium RPA Features and Types of Power Automate Licenses for more information.
• Machine registered with Power Automate (see Register a new machine) or RPA Hosted Machine (see Create Hosted Machine) with local account.
• Power Automate Desktop on registered machine.

Solution Overview

Our solution consists of Logic Apps (standard) with system-assigned managed identity enabled, and Power Automate Desktop Flow. Logic Apps will utilize the managed identity to authenticate with the Dataverse Web API and use the RunDesktopFlow action to trigger the Desktop Flow. The RunDesktopFlow action requires a connection to run desktop flow, which must be created using a service principal (managed identity). Creating this connection via a service principal is only supported through a direct call to the Power Platform Web API.

Logic App comprises two workflows, which we will refer to throughout this article:

• RunDF: The workflow that triggers the Desktop Flow.
• CompletionNotification: The workflow that receives notifications regarding the completion and status of the Desktop Flow.

For demonstration purposes, we will use simple desktop flow (as shown below), that creates a file “test.txt” with text “This is a test” in the Documents folder. You can either replicate this or use any other desktop flow to test solution.

The solution diagram below illustrates how Logic Apps will trigger Desktop Flow using Dataverse Web API.

 

1. The “RunDF” workflow will authenticate to the Dataverse Web API using system-assigned managed identity, passing information such as the desktop flow id, the connection to be used and the callback URL (URL of CompletionNotification workflow).
   
   
2. Once the Desktop Flow completes execution, Dataverse will send a POST request to “CompletionNotification” workflow, providing details and the status about desktop flow execution.

Note: Machine and Desktop Flow must reside in the same Power Platform environment. Additionally, the managed identity must have the necessary access permissions to the environment, Desktop Flow, and Machine in order to run the Desktop Flow, whether in attended or unattended mode. These steps are covered in more detail below.

At a high level following steps are involved:

1. Setup and Configure Logic Apps (standard).
2. Create the workflows.
3. Test the workflows.

Setup and Configure Logic App (Standard)

In this section, we will create a Logic App (Standard), enable managed identity, and grant it the necessary permissions within the Power Platform environment where the Desktop Flow is located. Finally, we will create a Desktop Flow connection using the managed identity

1. Create Logic App

First, create Logic App (Standard) resource. Ensure that the system-assigned managed identity is enabled (if not already) as show in the screenshot below.

 

2. Create Application User in Power Platform Environment for Logic App Manged Identity 

Next, we will create application user for the Logic App manged identity in the power platform environment where Desktop Flow is located. Assign Environment Maker security role to the managed identity (see screenshot below). To create application user, follow steps outlined in Manage application users in the Power Platform admin center to create the application user.
Tip: If you are unable to locate your Managed Identity use Application ID of Managed Identity. To find application id go to Azure portal -> Microsoft Entra ID ->Click "Enterprise Applications" under Manager, than change "Application type" filter to "Managed Identities". Copy the application id of your managed identity.

 

3. Share Desktop Flow with Logic Apps manged Identity

1. Go to Power Automate (https://make.powerautomate.com).
2. Under “My flows”, click “Desktop Flows” and select desired Desktop flow
   
3. Click “Share” in the top menu and share it with the Logic App managed identity as a “User” (e.g. “laPADDEMO” in our case). For more details, refer to Share desktop flows.

 

4. Give permissions on Registered Machine to Logic Apps manged Identity

1. Go to Power Automate (https://make.powerautomate.com).
   
   
2. Under “My Machines”, select the registered Machine and share with logic apps managed identity as a “User”, then click save. For step-by-step instructions, see “Give permissions on the machine or machine group”.
   

5. Create Power Automate Desktop Connection for Managed Identity

To create Desktop Flow connection using managed identity, we will use Power Platform API. For this we will need to get access token of managed identity and then authenticate to Web API. Follow steps below:

1. Access logic apps (standard) Kudu by navigating to Development Tools -> Advanced Tools and clicking “Go” to open Kudu.
2. In the top panel, click “Debug console” and select “PowerShell”.
   
3. Execute the following PowerShell script, replacing placeholders with appropriate information to create desktop flow connection using the managed identity.
   • {ENVIRONMENT_ID}: Power platform environment id where Desktop Flow is located.
   • {MACHINE_GROUP_ID}: The group ID you want to create the connection for. More information: Get the group ID of the machine or group
   • {MACHINE_ACCOUNT}: The username of the account used to open a Windows session.
   • {MACHINE_PASSWORD}: The password for the account.
   • After executing the script, copy the connection “name” (in GUID format) as shown in screenshot below and save it. You will need this connection “name” later. For further details on creating connection using service principal, refer to Create a connection using your service principal.

 

 

PowerShell Script

# Script for creating Desktop Flow Connection for Managed Identity

# variables
$environmentId = "{ENVIRONMENT_ID}"
$machineGroupId = "{MACHINE_GROUP_ID}" 
$machineUserName = "{MACHINE_ACCOUNT}"
$machinePassword = "{MACHINE_PASSWORD}"

# Get Access Token for Power Platform API
$resourceURI = "https://api.powerplatform.com"
$tokenAuthURI = $env:IDENTITY_ENDPOINT + "?resource=$resourceURI&api-version=2019-08-01"
$tokenResponse = Invoke-RestMethod -Method Get -Headers @{"X-IDENTITY-HEADER"="$env:IDENTITY_HEADER"} -Uri $tokenAuthURI
$accessToken = $tokenResponse.access_token

# Create Desktop Flow Connection for Managed Identity
$connectionId = New-Guid
$environment_id_url = ($environmentId -replace "-", "").Substring(0, ($environmentId -replace "-", "").Length - 2) + "." + $environmentId.Substring($environmentId.Length - 2, 2)
$uri = "https://" + $environment_id_url + ".environment.api.powerplatform.com/connectivity/connectors/shared_uiflow/connections/" + $connectionId + "?api-version=1"

$headers = @{
    "Authorization" = "Bearer $accessToken"
    "Content-Type" = "application/json"
}

$body = @"
{
    "properties":
    {
        "environment":
        {
            "id": "/providers/Microsoft.PowerApps/environments/$environmentId",
            "name":"$environmentId"
        },
        "connectionParametersSet":
        {
            "name":"azureRelay",
            "values":
            {
                "username":{"value":"$machineUserName"},
                "password":{"value":"$machinePassword"},
                "targetId":{"value":"$machineGroupId"}
            }
        }
    }
}
"@

$response = Invoke-RestMethod -Method PUT -Headers $headers -Uri $uri -Body $body
$response

Create the Workflows

In this section we will create two workflows in Logic Apps

1. CompletionNotification Workflow

This will be simple HTTP trigger workflow which will handle notifications from Dataverse upon Desktop Flow completion.

1. Create a new stateful workflow and name it “CompletionNotification”.
2. Add “When a HTTP request is received” tigger (see screenshot below) and save it.
   
3. Copy the HTTP URL generated by the trigger and save it, as it will be used in the next workflow.

2. RunDF Workflow

The “RunDF” workflow will be HTTP trigger to run Desktop Flow. Our workflow will look like below.

1. Create new stateful workflow named “RunDF” and add “When a HTTP request is received” trigger.
   
   
2. Next, add “HTTP” action and configure following parameters, replacing placeholders with the relevant information and save the workflow.
   • {ENVIRONMENT_URL}: Environment URL of environment where Desktop Flow is saved, which can be found in environment detail. See Environment Details for more information.
   • {DESKTOP_FLOW_ID}: The ID of the Desktop Flow. You can get this manually from the URL of desktop flow details page as shown below. Go to Power Automate -> “My Flows” -> Desktop flows” and then select flow.
     
   • {CONNECTION_NAME}: The guid of connection which you saved in [previous step]
   • {CALLBACK_URL}: URL of “CompletionNotification” workflow which you got in “CompletionNotification workflow” step.

Note: If you want to run desktop flow in attended mode change value of runMode property in body to “attended”.

Test the Workflows

1. Run the “RunDF” Workflow
   Open “RunDF” workflow and click “Run”. Wait for both workflow and the Desktop flow to complete.
   
2. Verify the “CompletionNotification” Workflow
   Navigate to “CompletionNotification” workflow, and check the “Run history”. You should see that the workflow was triggered by Dataverse Web API upon completion of the Desktop Flow.
   
3. Inspect the Latest Run
   Open the latest run in “CompletionNotification” workflow and click “When a HTTP request is received” trigger. Review the output in the body, which will display the statuscode value. A statuscode of 4 indicates that the Desktop Flow has “Succeeded”. For more information on status codes, refer to Flowsession statuscode.
   

Conclusion

Integrating Logic Apps with Desktop Flows using the Dataverse Web API offers a powerful solution for automating workflows, combining the strengths of cloud-based and desktop automation. This approach enables seamless orchestration, secure execution, and improved integration across systems, enhancing overall efficiency. By following the step-by-step guide provided in this article, you can set up and test this solution effectively, unlocking the potential to streamline processes and boost productivity. This integration represents a robust and scalable method to modernize enterprise automation while ensuring security and reliability.

Appendix

• Create a connection using your service principal
• Work with desktop flows using code
• Retrieve access token using PowerShell for Managed Identity
• Dataverse Web API

Optional Scripts

List Connections

Use following PowerShell script replacing placeholders to list connections for managed identity.

#Script to list flows
$environmentId = "{ENVIRONMENT_ID}"
$environment_id_url = ($environmentId -replace "-", "").Substring(0, ($environmentId -replace "-", "").Length - 2) + "." + $environmentId.Substring($environmentId.Length - 2, 2)
$uri = "https://" + $environment_id_url + ".environment.api.powerplatform.com/connectivity/connections/?api-version=1&$filter=environment+eq+'" + $environmentId + "'"

# Get Access Token for Power Platform API
$resourceURI = “https://api.powerplatform.com”
$tokenAuthURI = $env:IDENTITY_ENDPOINT + "?resource=$resourceURI&api-version=2019-08-01"
$tokenResponse = Invoke-RestMethod -Method Get -Headers @{"X-IDENTITY-HEADER"="$env:IDENTITY_HEADER"} -Uri $tokenAuthURI
$accessToken = $tokenResponse.access_token
$headers = @{
    "Authorization" = "Bearer $accessToken"
    "Content-Type" = "application/json"
}

$response = Invoke-RestMethod -Method GET -Headers $headers -Uri $uri
$response.value

Delete Connection

Use following PowerShell script replacing placeholders to delete connection for managed identity.

#Script to delete Connection
$connectionId = "{CONNECTION_ID}"
$environmentId = "{ENVIRONMENT_ID}"
$environment_id_url = ($environmentId -replace "-", "").Substring(0, ($environmentId -replace "-", "").Length - 2) + "." + $environmentId.Substring($environmentId.Length - 2, 2)
$uri = "https://" + $environment_id_url + ".environment.api.powerplatform.com/connectivity/connectors/shared_uiflow/connections/" + $connectionId + "?api-version=1"

# Get Access Token for Power Platform API
$resourceURI = “https://api.powerplatform.com”
$tokenAuthURI = $env:IDENTITY_ENDPOINT + "?resource=$resourceURI&api-version=2019-08-01"
$tokenResponse = Invoke-RestMethod -Method Get -Headers @{"X-IDENTITY-HEADER"="$env:IDENTITY_HEADER"} -Uri $tokenAuthURI
$accessToken = $tokenResponse.access_token
$headers = @{
    "Authorization" = "Bearer $accessToken"
    "Content-Type" = "application/json"
}
$response = Invoke-RestMethod -Method DELETE -Headers $headers -Uri $uri
$response