top of page

Recent Posts

Archive

Tags

Power Platform Pipelines - Deploy with SPNs with different Connections than deployer

  • Writer: Matt Collins-Jones
    Matt Collins-Jones
  • 12 minutes ago
  • 2 min read

I have written about changing connections with Pipelines, maybe a couple of times, but in my scenarios I approached it from changing deployments using stage owners. This makes sense because we want any user to be able to deploy but want all solution artifacts and and connections to be owned by a single user/service account. What if you wanted to further increase your security by using SPNs, but don't want to have a mishmash of connections because 1 of your 10 devs did the deployment and you didn't want to share that service account login with everybody.


Basically, can you do a delegated deployment with an SPN as the owner, but change the connection from the person deploying the solution to a service account or a specified account?


Well, after a conversation with my friend Paul Culmsee, we both decided we would try out my connection re-write pattern and see if it worked for this. After confirming it worked, I wanted to detail a few differences and considerations.


Firstly, the setup is the same, you need to have the connections you want to change in your downstream environments, so create those first and store them. Next you need to make sure these connections are shared with the SPN.


To do this, navigate to the environment with the account that owns the connections, go to connections and share.


ree


Search for your SPN and select it.


ree


Once you have shared all your connections, you next need to configure your pipeline to deploy using the SPN.



ree

Once this is configured, you are good to go.


When a user goes to deploy, they will share their connections with the SPN, which is how deployments would work through pipelines, but with the flow to re-write detailed here, we change the connections to ones which are already shared with the SPN, so the flows and connections work automagically in the target environments.


The sharing with the right SPN is key to get this to work with SPNs, but this is not required for connections that are configured with that SPN in a flow already. As SPN enabled connectors are few and fair between...I think this might come in useful for organisations that want to deploy with an SPN. Now that you have deployed with an SPN to own the flow...you've licensed it correctly, right?


Ciao for now

MCJ

 
 
 

Comments

Matt Collins-Jones Blog by Matt. ©2025

bottom of page