Conditional Access Location Flowchart (Power Automate Style)

Conditional Access Location Flow Logic

When an item is created

Site Address: https://genericcorp.sharepoint.com/sites/ConditionalAccessLocationData
List Name: 43d79387-4d36-482a-8987-3ab510a1bc86
Connection: shared_sharepointonline_4

Initialize variable: UserName

Type: String
Value: [Blank]

Initialize variable: StartDateVar

Type: String
Value: [Blank]

Initialize variable: EndDateVar

Type: String
Value: [Blank]

Initialize variable: Current_policy_list

Type: String
Value: [Blank]

Initialize variable: Current_policy_list_remove

Type: String
Value: [Blank]

Send email with options

To: user1@example.com; user2@example.com; admin@example.com
Subject: [Dynamic Content: Trigger Title] Is requesting location access to '[Dynamic Content: Trigger LocationFull]'
User Options: Accept, Deny

Condition: SelectedOption is equal to 'Accept'

If yes

Set variable: UserName

Value: [Dynamic Content: Trigger Body Title]

Set variable: StartDateVar

Value: [Dynamic Content: Trigger Body StartDate]

Set variable: EndDateVar

Value: [Dynamic Content: Trigger Body EndDate]

Create item (Approved Locations)

Site Address: .../ConditionalAccessLocationData
List Name: Approved Locations
Title: [Dynamic Content: Trigger Body Title]
LocationFull: [Dynamic Content: Trigger Body LocationFull]
Location: [Dynamic Content: Trigger Body Location]
StartDate: [Dynamic Content: Trigger Body StartDate]
EndDate: [Dynamic Content: Trigger Body EndDate]

Delete item (Original Request)

Site Address: .../ConditionalAccessLocationData
List Name: 43d79387-4d36-482a-8987-3ab510a1bc86
Id: [Dynamic Content: Trigger Body ID]

Set variable: UserName

Value: [Dynamic Content: Trigger Body Title]

Set variable: StartDateVar

Value: [Dynamic Content: Trigger Body StartDate]

Set variable: EndDateVar

Value: [Dynamic Content: Trigger Body EndDate]

Search for users (V2)

Search term: [Dynamic Content: Output from 'Create item' Title]

Apply to each (Send Approved Emails)

Select an output from previous steps: [Dynamic Content: Output from 'Search for users (V2)' value]

Send an email from a shared mailbox (V2)

Original Mailbox Address: admin@example.com
To: [Dynamic Content: User Email from Loop]
Subject: Location Access Approved: [Dynamic Content: Trigger LocationFull]
Body: User [Variable: UserName] has been approved for location [Dynamic Content: Trigger LocationFull] from [Variable: StartDateVar] to [Variable: EndDateVar]. This location has been added to the approved list.

Send an email from a shared mailbox (V2)

Original Mailbox Address: admin@example.com
To: admin@example.com; user1@example.com; user2@example.com
Subject: Location Added: [Dynamic Content: Trigger LocationFull] for User [Variable: UserName]
Body: Location [Dynamic Content: Trigger LocationFull] has been added to the approved list for user [Variable: UserName] from [Variable: StartDateVar] to [Variable: EndDateVar].

Delay until (Start Date)

Timestamp: [Expression: Trigger Body StartDate]T00:01Z

Get items (Approved Locations)

Site Address: .../ConditionalAccessLocationData
List Name: Approved Locations
Filter Query: [Blank]
Order By: [Blank]
Top Count: [Blank]

Apply to each (Append Policy List)

Select an output from previous steps: [Dynamic Content: Output from 'Get items' value]

Append to string variable: Current_policy_list

Value: [Dynamic Content: Item Field 'field_1' from Loop]

Create file (Policy List)

Folder Path: /ConditionalAccessPolicyFiles
File Name: PolicyList_[Expression: utcNow()].txt
File Content: [Variable: Current_policy_list]

Delay (2 Minutes)

Count: 2
Unit: Minute

Run a flow built with Power Automate for desktop

Desktop flow: [Blank]
Run mode: Attended

Create item (Log List)

Site Address: .../ConditionalAccessLocationData
List Name: Log List
Title: Policy Update Ran for [Variable: UserName] on [Expression: utcNow()]

Delay (2 Minutes)

Count: 2
Unit: Minute

Delay until (End Date)

Timestamp: [Expression: Trigger Body EndDate]T23:59Z

Delete item (Approved Locations)

Site Address: .../ConditionalAccessLocationData
List Name: Approved Locations
Id: [Dynamic Content: Output from 'Create item' ID]

Get items (Approved Locations)

Site Address: .../ConditionalAccessLocationData
List Name: Approved Locations
Filter Query: [Blank]
Order By: [Blank]
Top Count: [Blank]

Apply to each (Append Policy List Remove)

Select an output from previous steps: [Dynamic Content: Output from 'Get items_2' value]

Append to string variable: Current_policy_list_remove

Value: [Dynamic Content: Item Field 'field_1' from Loop]

Compose

Inputs: [Expression: substring(...)]

Set variable: Current_policy_list_remove

Value: [Dynamic Content: Output from 'Compose']

Create file (Policy List Remove)

Folder Path: /ConditionalAccessPolicyFiles
File Name: PolicyList_Remove_[Expression: utcNow()].txt
File Content: [Variable: Current_policy_list_remove]

Delay (2 Minutes)

Count: 2
Unit: Minute

Run a flow built with Power Automate for desktop

Desktop flow: [Blank]
Run mode: Attended

Delay (2 Minutes)

Count: 2
Unit: Minute

Search for users (V2)

Search term: [Dynamic Content: Output from 'Create item' Title] (Note: Uses output from an item potentially deleted earlier in the 'Yes' branch)

Apply to each (Send Removal Emails)

Select an output from previous steps: [Dynamic Content: Output from 'Search for users (V2)' value]

Send an email from a shared mailbox (V2)

Original Mailbox Address: admin@example.com
To: [Dynamic Content: User Email from Loop]
Subject: Location Access Expired/Removed: [Dynamic Content: Trigger LocationFull]
Body: Your temporary access for location [Dynamic Content: Trigger LocationFull] (originally requested by [Variable: UserName]) has expired or been removed from the approved list as of [Variable: EndDateVar].

Send an email from a shared mailbox (V2)

Original Mailbox Address: admin@example.com
To: admin@example.com; user1@example.com; user2@example.com
Subject: Location Removed: [Dynamic Content: Trigger LocationFull] for User [Variable: UserName]
Body: Location [Dynamic Content: Trigger LocationFull] has been removed from the approved list for user [Variable: UserName] as the access period ended on [Variable: EndDateVar].

If no

Set variable: UserName

Value: [Dynamic Content: Trigger Body Title]

Set variable: StartDateVar

Value: [Dynamic Content: Trigger Body StartDate]

Set variable: EndDateVar

Value: [Dynamic Content: Trigger Body EndDate]

Delete item (Original Request)

Site Address: .../ConditionalAccessLocationData
List Name: 43d79387-4d36-482a-8987-3ab510a1bc86
Id: [Dynamic Content: Trigger Body ID]

Search for users (V2)

Search term: [Dynamic Content: Trigger Body Title]

Apply to each (Send Denied Emails)

Select an output from previous steps: [Dynamic Content: Output from 'Search for users (V2)_2' value]

Send an email from a shared mailbox (V2)

Original Mailbox Address: admin@example.com
To: [Dynamic Content: User Email from Loop]
Subject: Location Access Request Denied: [Dynamic Content: Trigger LocationFull]
Body: Your request for location access to [Dynamic Content: Trigger LocationFull] from [Variable: StartDateVar] to [Variable: EndDateVar] has been denied. The original request submitted by [Variable: UserName] has been removed.