Troubleshooting Power Automate Embedded Experiences: Fix Cookie & Pop-up Blocker Errors

Table of Contents

When attempting to utilize Power Automate functionalities embedded within other applications or websites, such as SharePoint, Power Apps, or via custom integrations using the SDK, users may encounter significant difficulties. These issues often manifest as screens that remain blank or endlessly display a loading spinner, preventing access to the expected Power Automate interface or features. Such problems can be disruptive, hindering workflow automation and productivity directly within the context of the applications where users spend most of their time.

Symptoms of Embedded Experience Failure¶

The primary indicators that you are facing configuration-related issues with Power Automate embedded experiences are visual and functional. Typically, you will navigate to a section within an integrating application that is supposed to display a Power Automate flow list, a flow designer canvas, or a flow run history, and instead of the expected content, you see nothing.

Common symptoms include:

• A completely blank area where the Power Automate interface should load.
• A screen that shows a persistent loading spinner or animation without ever resolving to the actual content.
• Error messages related to frames, security zones, or cross-site scripting (though these can have other causes, they sometimes appear alongside cookie issues).
• The embedded component might flash briefly before disappearing or becoming unresponsive.

These symptoms point towards a failure in the browser’s ability to properly load and communicate with the Power Automate service embedded within the host application’s frame or context.

Cause: Browser Security Settings¶

The fundamental reason behind these loading failures is rooted in modern web browser security and privacy settings. Power Automate, when embedded in a third-party context (like an iframe within a SharePoint page), relies on the browser’s capability to store certain information locally. This data includes user session details, identity tokens, user preferences, and other operational data necessary for the embedded experience to function correctly.

A significant portion of this required functionality depends on the browser’s handling of cookies, particularly third-party cookies. Third-party cookies are cookies set by a domain other than the one currently shown in the browser’s address bar. In the case of an embedded Power Automate experience within SharePoint, for instance, the address bar shows the SharePoint domain, but the embedded Power Automate component is served from the make.powerautomate.com domain. If the browser is configured to block third-party cookies, it will prevent the Power Automate service from setting or reading the necessary cookies within the SharePoint context, thus failing to authenticate the user or load the interface.

In addition to cookies, browser pop-up blockers can sometimes interfere, although less frequently for core loading issues and more often for specific actions like opening authentication windows or linked help content. However, ensuring pop-ups are allowed for relevant sites is a prudent step in comprehensive troubleshooting.

Resolution: Adjusting Browser Settings¶

Solving these issues primarily involves configuring your web browser to permit Power Automate and associated Microsoft services to store local data and utilize third-party cookies when embedded in other applications. This typically means either relaxing global third-party cookie restrictions (less recommended for general browsing) or, preferably, adding specific exceptions for the Microsoft domains involved.

The required domains that need permissions to set cookies and potentially open pop-ups generally include:

• make.powerautomate.com (The core Power Automate domain)
• login.microsoftonline.com (Microsoft’s identity and authentication service)
• Other potential related domains might include flow.microsoft.com (older domain), powerapps.com, sharepoint.com, and the domain of the application hosting the embedded experience.

Let’s look at the steps for configuring common web browsers.

Instructions for Microsoft Edge (Chromium-based)¶

Microsoft Edge, being based on the Chromium engine, shares many settings locations with Google Chrome. You have a couple of primary options: enabling third-party cookies universally or creating specific exceptions. Creating exceptions is generally the more secure approach.

Option 1: Enable Storage of Third-Party Cookies for All Sites (Less Recommended)¶

This option is simpler but less secure as it allows all websites to set third-party cookies.

1. Open Settings in Microsoft Edge. You can usually find this by clicking the three horizontal dots (…) in the upper-right corner.
2. In the left-hand navigation pane, select Cookies and site permissions.
3. Under the Cookies and site data section, click on Manage and delete cookies and site data.
4. Locate the toggle switch for Block third-party cookies. Ensure this setting is disabled (the toggle should be in the ‘off’ position).
5. Additionally, check the lists under Sites that can always use cookies, Always clear cookies when you close, and Sites that can never use cookies. If make.powerautomate.com, *.make.powerautomate.com, login.microsoftonline.com, or similar relevant domains are present in the “Block” or “Clear on exit” lists, you must remove them. Click the trash can icon next to any blocked Power Automate or login site entry to remove it.

Option 2: Create Exceptions to Allow Specific Sites (Recommended)¶

This method allows you to keep third-party cookies blocked by default while making specific allowances for necessary services like Power Automate.

1. Open Settings in Microsoft Edge.
2. In the left-hand navigation pane, select Cookies and site permissions.
3. Under the Cookies and site data section, click on Manage and delete cookies and site data.
4. Ensure the Block third-party cookies setting is enabled (the toggle should be in the ‘on’ position). This maintains your default privacy preference.
5. Scroll down to the Sites that can always use cookies section.
6. Click the Add button.
7. Enter the following site addresses, clicking Add after each one:
   • [*.]powerautomate.com (The wildcard [*.] is often sufficient to cover subdomains like make.powerautomate.com)
   • login.microsoftonline.com
   • You may also consider adding the domain of the hosting application (e.g., [*.]sharepoint.com or the specific SharePoint site URL, or your Power Apps domain) if issues persist, although the Power Automate and login domains are usually the critical ones for the embedded component itself.
8. Check the Always clear cookies when you close section. If this is enabled and contains entries like [*.]powerautomate.com or login.microsoftonline.com, these should be removed or added to the “Sites that can always use cookies” list with the “Include third-party cookies on this site” checkbox ticked if available in your Edge version. The newer Edge versions handle exceptions better, but ensuring the necessary sites aren’t explicitly set to clear on close is important.

After making these changes, close and reopen your browser, then try accessing the embedded Power Automate experience again.

Instructions for Google Chrome¶

Google Chrome is also Chromium-based, so the steps are similar to Edge.

Option 1: Enable Storage of Third-Party Cookies for All Sites (Less Recommended)¶

1. Open Settings in Google Chrome (usually via the three vertical dots in the upper-right corner).
2. Navigate to Privacy and security in the left pane.
3. Click on Cookies and other site data.
4. Under General settings, select Allow all cookies or Block third-party cookies in Incognito (if you are not using Incognito mode, the latter effectively allows third-party cookies in standard mode). If you select “Block third-party cookies”, you will need to use Option 2.
5. Review the lists under Sites that can always use cookies, Always clear cookies when windows are closed, and Sites that can never use cookies. Remove any entries related to Power Automate or Microsoft login domains from the “never” or “clear on close” lists.

Option 2: Create Exceptions to Allow Specific Sites (Recommended)¶

1. Open Settings in Google Chrome.
2. Navigate to Privacy and security.
3. Click on Cookies and other site data.
4. Under General settings, select Block third-party cookies or Block all cookies (not recommended) to maintain your default privacy.
5. Scroll down to Customized behaviors.
6. Under Sites that can always use cookies, click the Add button.
7. Enter the following site addresses, making sure to tick the checkbox “Including third-party cookies on this site”:
   • [*.]powerautomate.com
   • login.microsoftonline.com
   • Consider adding the host application’s domain (e.g., [*.]sharepoint.com).
8. Under Always clear cookies when windows are closed, review the list. If [*.]powerautomate.com or login.microsoftonline.com is listed, remove it. Alternatively, you might add them to the “Sites that can always use cookies” list with the third-party option checked to override the clearing behavior.

Restart Chrome and test the embedded Power Automate experience.

Instructions for Mozilla Firefox¶

Firefox has slightly different settings paths but offers similar control over cookies.

Option 1: Standard or Relaxed Enhanced Tracking Protection¶

Firefox uses “Enhanced Tracking Protection” which can be configured.

1. Open Options (or Preferences on macOS) in Firefox. This is usually found via the three horizontal lines menu in the upper-right corner.
2. Select Privacy & Security from the left-hand menu.
3. Under Enhanced Tracking Protection, you will see options like Standard, Strict, and Custom.
4. The Standard setting typically allows third-party cookies from sites you have visited directly, but might still block them in cross-site contexts if classified as trackers.
5. Choosing Custom allows you to specifically uncheck the box next to Cookies. If you select “Cookies,” you can then choose “All third-party cookies” or “Cross-site tracking cookies and isolate other cross-site cookies.” To ensure compatibility, you might need to select a less restrictive option temporarily or proceed to Option 2 (adding exceptions).
6. Ensure that the sites make.powerautomate.com, login.microsoftonline.com, and the host domain are not explicitly added to the “Blocked” list under Manage Exceptions.

Option 2: Add Site Exceptions¶

1. Open Options (or Preferences) in Firefox.
2. Select Privacy & Security.
3. Under Cookies and Site Data, click the Manage Exceptions… button.
4. In the dialog box, enter the address of the sites you want to allow cookies from:
   • https://make.powerautomate.com
   • https://login.microsoftonline.com
   • Consider adding the host application’s specific domain or URL (e.g., https://yourtenant.sharepoint.com).
5. Click Allow Cookies for each site after entering it.
6. Click Save Changes.

Restart Firefox and try loading the embedded Power Automate experience.

Instructions for Apple Safari¶

Safari’s privacy settings are streamlined and focus heavily on preventing cross-site tracking.

Option 1: Disable Prevent Cross-Site Tracking (Less Recommended)¶

1. Open Safari and go to the Safari menu.
2. Select Preferences.
3. Click on the Privacy tab.
4. Uncheck the box that says Prevent cross-site tracking.
5. Ensure Block all cookies is unchecked.

Option 2: Allow Specific Site Data (Limited Control)¶

Safari offers less granular control via exceptions than other browsers. Disabling “Prevent cross-site tracking” is often the most direct way to resolve issues caused by embedded cross-site components like Power Automate. If you are hesitant to disable this globally, ensure you are using the latest version of macOS/iOS and Safari, as they may have improved compatibility or workarounds for known services.

Alternatively, ensuring that you have visited make.powerautomate.com and login.microsoftonline.com directly in your Safari browser might sometimes help Safari’s Intelligent Tracking Prevention learn that these are not unwanted tracking sites, though this behavior is not guaranteed.

After adjusting settings, quit Safari completely and reopen it before testing.

Addressing Pop-up Blocker Issues¶

While less common as a cause for the initial loading failure, pop-up blockers can prevent certain Power Automate actions from completing correctly, especially those that require opening a new authentication window, a file picker, or linking to external help/configuration pages.

If you encounter issues after resolving the cookie problems (e.g., actions fail to complete, links don’t work), check your browser’s pop-up blocker settings.

Generally, you can find pop-up settings within the “Privacy and security” or “Site permissions” sections of your browser settings. Look for a “Pop-ups and redirects” or similar setting.

• Microsoft Edge/Google Chrome: Go to Settings > Cookies and site permissions (Edge) or Privacy and security > Site Settings (Chrome). Find Pop-ups and redirects. Ensure the default is “Blocked (recommended)” but add [*.]powerautomate.com, login.microsoftonline.com, and potentially the host domain to the Allow list.
• Mozilla Firefox: Go to Options > Privacy & Security. Scroll down to the Permissions section and find Block pop-up windows. Click Exceptions… and add https://make.powerautomate.com, https://login.microsoftonline.com, and the host domain to the allow list.
• Apple Safari: Go to Safari > Preferences > Websites. Select Pop-up Windows from the list on the left. Find the host application’s website in the list (or configure the default for all websites) and set the permission to Allow. You may also need to explicitly allow pop-ups for make.powerautomate.com if it appears in the list.

It’s important to restart your browser after making changes to pop-up blocker settings as well.

Additional Troubleshooting Steps¶

If adjusting cookie and pop-up settings doesn’t fully resolve the issue, consider these additional steps:

1. Clear Browser Cache and Cookies: Sometimes corrupted cache or old cookies can cause conflicts. Clear your browser’s cache and cookies for “All time” or at least for the relevant sites (make.powerautomate.com, login.microsoftonline.com, and the host application). Note: This will log you out of most websites.
2. Try an Incognito/InPrivate Window: Open the embedded experience in a browser’s private browsing mode. These modes often have different default security settings or ignore extensions, which can help diagnose if an extension or conflicting cookie is the root cause.
3. Check Browser Extensions: Some browser extensions (especially privacy, ad-blocking, or security extensions) can interfere with site functionality and cross-site communication. Try temporarily disabling your browser extensions one by one to see if one is causing the problem.
4. Verify Browser Version: Ensure you are using a supported and relatively recent version of your web browser. Outdated browsers may not handle modern web technologies or security protocols correctly.
5. Check Host Application Permissions: While less about the browser, ensure your user account has the necessary permissions within the hosting application (SharePoint, Power Apps, etc.) to view and interact with Power Automate components.
6. Network or Firewall Issues: Although less likely to present as a blank screen solely due to cookies, corporate networks or firewalls could potentially block access to necessary Microsoft domains. Consult with your IT department if you suspect network restrictions.

By systematically addressing browser security settings, particularly around third-party cookies and pop-up blockers for the necessary Microsoft domains, and following the additional troubleshooting steps, you should be able to resolve most issues preventing Power Automate embedded experiences from loading correctly.

Having trouble with these steps or still seeing issues? Share your browser, the application where Power Automate is embedded, and the exact symptoms you’re seeing in the comments below. Let’s troubleshoot together!