cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Reply
Greg27
Post Prodigy
Post Prodigy

Apps needing permission to use data connectors

‎12-07-2021 05:00 AM

After creating my first app, I shared the app with an end user. That user clicked on the link in the email they received and they were prompted with the following:

 

Almost there...

<App Name> needs your permission to use the following. Please

allow the permissions to proceed.

 

SharePoint

User's email address                                 Switch account

Signed in View permissions

 

Azure AD

Connection by Microsoft                          Sign in

 

 

Office 365 Users

User's email address                                 Switch account

Signed in View permissions

 

 

I am not sure why the end user is prompted to allow the use of connectors as that should be something that we as developers setup. As a developer, we give permissions to what they need to access and they can just access the resources. This is the first time that I have seen an end user having to allow for something that, I as a developer, have already granted them access to. Is there a way to keep this popup form showing up and just allowing them direct access into the app?

Message 1 of 12
3,697 Views
0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
Pstork1
Dual Super User
Dual Super User

‎12-07-2021 05:25 AM

Power Apps is not a security layer.  Users will need whatever permissions are required by the app to the data source.  That fact is clearly stated in the documentation.Share a canvas app with your organization - Power Apps | Microsoft Docs There are ways to auto accept the popup using a PowerShell setting, but the user still needs to be logged in and have the correct permissions to the data source.  Suppress User Consent Popup in PowerApps - Cloud Decoded (anupams.net)



-------------------------------------------------------------------------
If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.

View solution in original post

Message 2 of 12
3,471 Views
11 REPLIES 11
Pstork1
Dual Super User
Dual Super User

‎12-07-2021 05:25 AM

Power Apps is not a security layer.  Users will need whatever permissions are required by the app to the data source.  That fact is clearly stated in the documentation.Share a canvas app with your organization - Power Apps | Microsoft Docs There are ways to auto accept the popup using a PowerShell setting, but the user still needs to be logged in and have the correct permissions to the data source.  Suppress User Consent Popup in PowerApps - Cloud Decoded (anupams.net)



-------------------------------------------------------------------------
If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.
Message 2 of 12
3,472 Views
Jeff_Thorpe
Super User
Super User

‎12-07-2021 05:28 AM

If the connection needs to use the user's credentials to connect to the data source then the user needs to give consent. This is normal behavior in apps that use these type of connectors. There are some connectors that use implicit sharing where a credential is stored in the connection, so it doesn't use the user's credentials and therefore the user doesn't have to give consent.  You can bypass the user consent for an app by using the PowerShell command Set-AdminPowerAppApisToBypassConsent .

 



--------------------------------------------------------------------------------
If this post helps answer your question, please click on “Accept as Solution” to help other members find it more quickly. If you thought this post was helpful, please give it a Thumbs Up.
Message 3 of 12
3,471 Views
Greg27
Post Prodigy
Post Prodigy

‎12-07-2021 11:05 AM

I understand that users need to login. That's totally expected. They have access to write to the SharePoint List that the app writes to and, if they are using the app, they need to pull in names and email addresses from Azure/Office 365. The user that got the popup that asked them to allow access to SharePoint, Azure AD, and Office 365 Users was already authenticated to Azure AD as we use SSO with Azure for almost all of our systems. If they were logged into Azure AD, is there a reason she is being asked to login again? Is there a way to tie SSO into our Power Apps?

Message 4 of 12
3,448 Views
0 Kudos
Pstork1
Dual Super User
Dual Super User
In response to Greg27

‎12-07-2021 11:23 AM

The Popup should only happen the first time the user runs the app.  Since you are using SSO they should be able to just click on the prompt and it will log them in.  But whether they are logged in or not the Popup will come up the first time any user runs the app.  As mentioned in a previous post you can use PowerShell to auto accept the prompt and not display the popup. But that is the only way to avoid the prompt.



-------------------------------------------------------------------------
If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.
Message 5 of 12
3,446 Views
Greg27
Post Prodigy
Post Prodigy
In response to Pstork1

‎12-09-2021 11:31 AM

The PowerShell command worked perfectly, but it still comes up with the Azure AD connector because users are not authenticated. The app doesn't seem to recognize that we are using SSO. Should I create a different question to see if there is a way that we can keep Power Apps from showing the Sign in button on the Allow pop up:

 

Azure AD

Connection by Microsoft                          Sign in

 

If Power Apps works with SSO, do I need to configure anything else? If this should be a new question, I will go ahead and close this question and create the new one.

Message 6 of 12
3,426 Views
0 Kudos
Pstork1
Dual Super User
Dual Super User
In response to Greg27

‎12-09-2021 02:46 PM

Posting it as a new question will get you more responses.  But I don't know any way to get around the prompt other than what I've already mentioned.  When they click on the prompt does it actually prompt them to login with a userID and password?  Or just log them on in the background using SSO?  I guess I'm expecting the second to the be case and I don't think there is any way around that.



-------------------------------------------------------------------------
If I have answered your question, please mark your post as Solved.
If you like my response, please give it a Thumbs Up.
Message 7 of 12
3,423 Views
0 Kudos
Anonymous
Not applicable
In response to Greg27

‎02-11-2022 08:53 AM

I'm currently trying to do the same - did you manage to solve this issue at all? Thanks

Message 8 of 12
3,282 Views
0 Kudos
Greg27
Post Prodigy
Post Prodigy
In response to Anonymous

‎02-11-2022 08:59 AM

@Anonymous 

I stopped using the Azure AD connector and use the Office365Users and Office365Groups. I also ran the PowerShell script and it seems to have worked.

Would you let me know if it works for you?

Message 9 of 12
3,280 Views
0 Kudos
Anonymous
Not applicable
In response to Greg27

‎02-11-2022 09:04 AM

Thanks for your quick reply, Greg. Unfortunately, I'm stuck with using Azure AD to manage my users in this instance, so will look for another option. Thanks!

Message 10 of 12
3,278 Views
0 Kudos

Helpful resources

Announcements
Power Apps News & Annoucements carousel

Power Apps News & Announcements

Keep up to date with current events and community announcements in the Power Apps community.

Community Call Conversations

Introducing the Community Calls Conversations

A great place where you can stay up to date with community calls and interact with the speakers.

Power Apps Community Blog Carousel

Power Apps Community Blog

Check out the latest Community Blog from the community!

View All
Top Solution Authors
View All
Top Kudoed Authors
View All
Users online (2,640)