I haven't blogged about Power Platform in years, and my website isn't even worth mentioning anywhere at this point, but I still keep it for the same reason my grandmother was hoarding plastic bags – you never know when you'll need one. The difference is that my grandmother didn't have to pay for hosting her bags in the drawer every year 🤷🏻♂️
If you’ve ever been serious about Power Platform governance, you’ve probably reached a point where you asked yourself, "Hey, how can I automate everything related to governance so I don’t end up losing sleep and can actually start enjoying life?" I’m just kidding, of course! Or am I?!
As I grow more annoyed with an inconsiderate driver revving their Lambo under my window, I’m equally unhappy about today’s topic: Dataverse SPN connections.
Please keep reading, as this topic is just as important as gas prices. I wonder how fuel-efficient a Lambo is these days, BTW – beautiful machines nonetheless.
What do you do if you have 100+ SPN connections and the SPN secret is about to expire? Microsoft did a great job adding SPN authentication for Dataverse connections, but they forgot to include a way to update this type of connection. If there’s an out-of-the-box way to do it in the portal at time of wroting this article, I haven’t found it and I apologize profusely. I also think that, if I haven’t found it, then I’m either getting old or I’m losing track of features – are these two connected? Is this why older folks have a hard time finding jobs, or is it because life takes over and work becomes background noise? A sensitive topic for another time.
If you’re brave enough to try to reauthenticate each Dataverse SPN connection manually from the Power Apps or Power Automate portal, then please be kindly informed that this will trigger the SSO auth flow which will use the account you're logged in with, and the result will be exactly zilch. You want to update the secret, not authenticate with your user account. Then, you look at the clock and realize how much time you’ve wasted up to this point, and your connections are still not updated.
Now you panic because you need to open a ticket, and that’s the last thing you want to do. My longest ticket lasted 8 months, but then in the end I got a survey so I guess it was all chill and good vibes.
Back to the issue at hand, you think of putting together a war room to come up with a solution but you remember it's midnight and there's only you with a green dot next to your avatar, and plus you don't recollect if "war" is an acronym, or it actually means war. You immediately have an epiphany and remember that if you create a dummy flow and add a random Dataverse action, you can pick the connection from there, and MAYBE you’ll be able to update the secret. Emphasis on MAYBE.
Did you really think it was that easy? No, little Padawan, your journey has just begun but you immediately got stuck in a "functionality gap" black hole. And we all know what black holes are good at. Eating up time, of course!
To do it in the flow designer, your connections must be broken first. You heard it right. Only then, when you select a connection to use it in your action, will the "update SPN details" experience show up. So you’re faced with an impossible task – you have to delete the soon-to-expire secret so all your connections can break. Who does that?
You immediately brush off this dirty thought, and then you remember about "something something CLI" and go to Google whose PE ratio right now is quite low and would be a good investment, but who is crazy to bet on Gemini, an AI assistant that can't even set an alarm 3O minutes before the next F1 race? If youndon't believe me, try and ask Gemini "set an alarm 30 minutes before the next F1 race" and then observe Gemini asking "ok, what time?" and then throw the phone out the window after you realize you're alone in the house literally talking to your hand when you could be outside enjoying a breath of fresh carbon monoxide.
I digress – the solution is to use the CLI command "pac connection update". We all know CLI was made exactly for those business users turned makers who love to use command line interfaces, because that is what makers want – to use a terminal to update their comnections.
HAHA!