Cloud FlowCloud FlowsIntermediate

Maker Environment Access Request

Microsoft Forms submission triggers an Approvals flow routed to the maker's manager via Office 365 Users manager chain lookup. On approval, adds user to the environment security group and sends confirmation.

Microsoft FormsOffice 365 UsersApprovalsOffice 365 OutlookOffice 365 Groups

Unique name

flowLibsMakerEnvAccessRequest

Publisher

FlowLibs (flowlibs)

Version

1.0.0.1

Components

3 env vars + 1 cloud flow

Request access

Provided as-is, without warranty of any kind. Review and test each pattern in a non-production environment before deploying it to live automations. See our Terms.

What it does

Overview

This flow automates the Power Platform maker environment access request lifecycle. When a maker submits a Microsoft Forms request, the flow retrieves the response details, looks up the requester's manager via Office 365 Users, and routes a Basic approval to that manager. On approval, the flow automatically adds the requester to the target Azure AD security group (via Office 365 Groups connector) and sends confirmation emails to both the requester and the admin team. On rejection, the requester receives the approver's comments and the admin is notified.

Why you'd use it

Use Case

Organizations using the Center of Excellence (COE) model restrict Power Platform environment access behind Azure AD security groups. New makers must request access, which traditionally involves emailing an admin who manually checks with the requester's manager. This flow automates the entire workflow — from form submission through manager approval to automatic security group provisioning — cutting turnaround from days to minutes and creating a full audit trail.

Step-by-step

Flow Architecture

When_a_New_Response_is_Submitted

Microsoft Forms — CreateFormWebhook

OpenApiConnectionNotification webhook fires when a new response is submitted to the Maker Environment Access Request form.

Get_Form_Response_Details

Microsoft Forms — GetFormResponseById

Retrieves the full form response including target environment and business justification.

Init_varSecurityGroupId

Initialize variable

Initializes a string variable with the Azure AD security group GUID from the flowlibs_EnvAccessSecurityGroupId environment variable. Runs in parallel with the other Init action.

Init_varAdminEmail

Initialize variable

Initializes a string variable with the admin notification email from flowlibs_AdminNotificationEmail. Runs in parallel.

Get_Requester_Profile

Office 365 Users — UserProfile_V2

Retrieves the requester's display name and given name for use in approval and email content.

Get_Requester_Manager

Office 365 Users — Manager_V2

Looks up the requester's direct manager so the approval can be routed to them.

Start_Manager_Approval

Approvals — Start and wait for an approval (Basic)

Sends a Basic approval to the manager containing requester details, target environment, and business justification, then waits for the response. Runs after Init_varSecurityGroupId, Init_varAdminEmail, and Get_Requester_Manager all succeed.

Check_Approval_Outcome

If condition

Evaluates outputs('Start_Manager_Approval')?['body/outcome'] equals "Approve".

Solution config

Environment Variables

Schema name	Type	Default	Description
flowlibs_FormsAccessRequestFormId	String	<configure>	Microsoft Forms form identifier for the Maker Environment Access Request form. Set this to the ID of your Forms form.
flowlibs_EnvAccessSecurityGroupId	String	<configure>	Azure AD security group GUID that grants access to the target Power Platform environment. Set this to the GUID of your environment access security group.
flowlibs_AdminNotificationEmail	String	alerts@yourcompany.com	Email address for the admin or COE team that receives access request notifications.

Auth dependencies

Connectors & Connections

Connector	API name	Actions used
Microsoft Forms	shared_microsoftforms	CreateFormWebhook (trigger) GetFormResponseById
Office 365 Users	shared_office365users	UserProfile_V2 Manager_V2
Approvals	shared_approvals	StartAndWaitForAnApproval (Basic approval)
Office 365 Outlook	shared_office365	SendEmailV2 (4 send-email actions across approved/rejected branches)
Office 365 Groups	shared_office365groups	AddMemberToGroup

Note — All connections are referenced as solution connection references; the flow is portable between environments as long as a connection is mapped at import time.

Tweaks & variations

Customization Guide

Almost every realistic variant of this flow can be implemented by changing environment variable values. A few cases require small edits inside the flow definition — those are called out explicitly below.

Set environment variable values: In the solution, set flowlibs_FormsAccessRequestFormId to your Forms ID, flowlibs_EnvAccessSecurityGroupId to your Azure AD group GUID, and flowlibs_AdminNotificationEmail to your COE admin inbox.
Authorize connections: Open the flow in the designer and authorize all five connections (Microsoft Forms, Office 365 Users, Approvals, Office 365 Outlook, Office 365 Groups).
Customize the Forms form: The form should have at minimum: Target Environment (text/choice) and Business Justification (long text). The form field IDs are referenced in the flow as r9ecb3e5f2e57488cbca8857ef7eefdc9 (Target Environment) and r6882a1d19fb44c599990ee1d075ea49b (Business Justification). Update these field references to match your form.
Add manager fallback (optional): The current flow requires a valid manager in Azure AD. To handle users without managers, add a parallel branch on Get_Requester_Manager failure that routes the approval to the admin email instead.
Turn on the flow: Toggle the flow to On once all connections are authorized and env vars are configured.

Helpers & literals

Key Expressions

The flow is intentionally light on Power Fx / WDL gymnastics — the heaviest expressions are the branch-name concatenation and the approval outcome check. They are listed below in the order they appear in the flow.

EXPR.01Target Environment form field

Returns the Target Environment value from the form response. Replace the field ID with your form's field ID.

workflow definition language

outputs('Get_Form_Response_Details')?['body/r9ecb3e5f2e57488cbca8857ef7eefdc9']

EXPR.02Requester identity (UPN)

Returns the submitter's email (UPN), used for manager lookup, group membership add, and confirmation emails.

workflow definition language

outputs('Get_Form_Response_Details')?['body/responder']

EXPR.03Approval outcome

Returns "Approve" or "Reject". Used in the Check_Approval_Outcome condition.

workflow definition language

outputs('Start_Manager_Approval')?['body/outcome']

EXPR.04Approver comments

Approver-supplied comments, surfaced in rejection notification emails.

workflow definition language

outputs('Start_Manager_Approval')?['body/comments']

Overview

Use Case

Flow Architecture

When_a_New_Response_is_Submitted

Get_Form_Response_Details

Init_varSecurityGroupId

Init_varAdminEmail

Get_Requester_Profile

Get_Requester_Manager

Start_Manager_Approval

Check_Approval_Outcome

Environment Variables

Connectors & Connections

Customization Guide

Key Expressions

EXPR.01Target Environment form field

EXPR.02Requester identity (UPN)

EXPR.03Approval outcome

EXPR.04Approver comments

Comments