Flow Migrator is designed to assess customer-provided Nintex workflow exports and generate migration outputs without requiring broad Power Platform tenant administration rights during discovery.
Flow Migrator processes Nintex Automation Cloud export ZIPs, design JSON files, and Nintex for SharePoint .nwf/.wf exports supplied by the customer. These files can contain workflow names, action labels, connector references, expressions, URLs, email addresses, list names, and configuration values that appear in the source workflow definition.
The standard assessment does not require NAC tenant credentials, Power Platform tenant administrator credentials, SharePoint credentials, gateway credentials, SQL passwords, or customer connector secrets. Generated packages still require the customer to reconnect and validate connection references during import.
Tenant-wide NAC scanning is separate from the export-based assessment model. If an enterprise customer wants live NAC inventory discovery, it should be scoped as an approved API/admin-access workstream with the customer security team, Microsoft team, and implementation partner.
Flow Migrator creates assessment artifacts and importable Power Automate packages where supported. Customers import, reconnect, validate, test, and promote flows in their own Power Platform environments according to their ALM and security standards.
| Question | Recommended answer |
|---|---|
| Is PHI or PII expected? | Workflow definitions may include business labels, email addresses, URLs, expressions, and literal configuration values. Customers should review exports before upload and avoid embedding PHI/secrets in workflow definitions. |
| Are credentials collected? | No credentials are needed for export-based analysis. Customer connections are configured in the customer tenant during import and validation. |
| Does Flow Migrator train models on customer data? | Flow Migrator should be positioned as a migration assessment/conversion application, not as a training-data collection process. Confirm the production data-use statement in the customer agreement. |
| What logs are captured? | Operational logs may include upload status, analysis status, errors, workflow metadata, and generated report/package status. They should not include customer connector passwords or Power Platform credentials. |
| Who can access analysis artifacts? | Access should be limited to authorized users in the customer workspace and Horton support/admin roles needed to support the service, subject to the customer agreement. |
