As Power Automate usage explodes in your organization, so does Shadow IT. Users are building flows that touch sensitive data, and as an Admin, you need to know who is building what before it becomes a problem.
If you are managing a tenant, one of the most critical metrics you can track is the deployment of new flows. If a user in the marketing department suddenly creates a flow that triggers every time a SharePoint list updates and emails an external address, you need to know about it.
In this guide, we're stepping out of basic maker territory and into Governance. We'll look at how to get the exact profile of a user who created a new cloud flow.
The Power Automate Management Connector
To get metadata about flows in your tenant, you cannot use standard connectors. You must step up to the Power Automate Management connector. This is a suite of administrative actions designed for CoE (Center of Excellence) building.
You will specifically need the action: "List My Flows" or "List Flows as Admin".
- Note: "List Flows as Admin" requires elevated privileges in your environment.
The Challenge with the Creator ID
When you pull the details of a flow using the Management connector, you get a massive JSON object detailing the flow's environment, state, triggers, and creator.
However, the creator's identity isn't just a simple user@company.com text field right at the edge of the object. It's often nested, or presented as an Active Directory Object ID (a GUID).
Where to look in the JSON
When using "List Flows as Admin", the output JSON for a specific flow contains a property called creator.
It usually looks like this:
"creator": {
"tenantId": "11111111-2222-3333-4444-555555555555",
"objectId": "66666666-7777-8888-9999-000000000000",
"userId": "66666666-7777-8888-9999-000000000000",
"userType": "ActiveDirectory"
}Notice what is missing? The actual human-readable name and email.
Step-by-Step: Extracting the Real Name
To build an actionable governance alert, a GUID isn't very helpful. You need to convert that objectId into a real user profile.
Step 1: The Trigger
You can set this up on a Recurrence trigger (e.g., run every 24 hours).
Step 2: List the Flows
Add the "List Flows as Admin" action, pointed at your target Environment.
Step 3: Apply to Each
Loop through the value array returned by the List Flows action.
Step 4: Add Error Handling (Condition)
Because some flows might be system-generated or orphaned, the creator's user ID might occasionally be missing. Add a quick condition:
If items('Apply_to_each')?['properties/creator/userId'] is not equal to null
Step 5: Get User Profile (V2)
Inside the "If Yes" branch of your condition, add the "Get user profile (V2)" action from the Office 365 Users connector.
In the User (UPN) field, insert this expression for the creator's User ID:
items('Apply_to_each')?['properties']?['creator']?['userId']
Why this works: The "Get user profile (V2)" action accepts both email addresses and Azure AD Object IDs (GUIDs). The userId returned here acts as their unique identifier and will successfully return the user's Display Name, Job Title, Department, and Email. By using the expression explicitly, you bypass the fact that V2 actions sometimes hide this in the Dynamic Content menu!
Step 6: Log or Alert
Now that you have the user's profile, you can:
- Append all new flows and their creators to an HTML table and email a daily digest to the IT team.
- Add the records to a SharePoint "Flow Inventory" list.
- Check if the creator is part of a blocked department and trigger an auto-disable script.
Summary
Tracking flow creators is a cornerstone of Power Platform governance. Remember that the Management connector returns an Active Directory Object ID, not an email. Simply pass that Object ID into the Office 365 "Get user profile (V2)" action, and you'll have everything you need to audit your tenant.
