cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
aluzaja178
Frequent Visitor

How to Retrieve Guest User Group information from Azure AD

Hi mates 🙂

 

Can you please give me a hand with this ?

 

I am retrieving User Groups from Azure by using this method AzureAD.GetMemberGroups(User().Email,false). This is working fine with "Member Users". But when I login to my PowerApps app through guest user, It is returning nothing. Is there anything else which I need to put in case of "Guest Users" ? Thanks

2 ACCEPTED SOLUTIONS

Accepted Solutions

Hi @aluzaja178 ,

Yeah, you are right. When the "Guest" user run the shared app, he would retrieve group info from his own tenant rather than yours.

 

If you want the "Guest" user to retrieve group info from your tenant when he run this shared app, I afraid that there is no way to achieve your needs in PowerApps currently.

 

As an possible solution, you could consider create a custom connector based on Microsoft Graph REST API to achieve your needs. Within the custom connector, you could define a List memberOf action to retrieve groups for a specific user in your tenant:

GET /users/{id | userPrincipalName}/memberOf

 

Within your canvas app, add a connection to this custom connector, then use the custom connector action to retrieve groups in your tenant for this "Guest" user. Then when you share your canvas app to this "Guest" user, the custom connector would be shared to the "Guest" user automatically, then he could also use this custom connector to retrieve related groups for him in your tenant.

 

More details about creating a custom connector in PowerApps based on Microsoft Graph API, please check the following blog:

https://gotoguy.blog/2017/12/17/access-microsoft-graph-api-using-custom-connector-in-powerapps-and-f...

 

More details about "List memberOf" action in Microsoft Graph API, please check the following article:

https://docs.microsoft.com/en-us/graph/api/user-list-memberof?view=graph-rest-1.0&tabs=http

 

Please try above solution, check if it could help in your scenario.

 

Regards,

Community Support Team _ Kris Dai
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

View solution in original post

Thanks a bunch Kris Dai. It worked for me.

View solution in original post

7 REPLIES 7
Alex_10
Super User
Super User

I may be wrong, if you want to use Azure AD connector in Powerapps, all accounts that open the app must have a kind of admin permissions on Azure to make the function work ( that makes a security hole).

krishnags
Super User
Super User

@aluzaja178 

user().Email for a "Guest Account" wont return as a valid email address. So, please validate how a guest account email - take a label and assign User().Email. You can proceed accordingly

 

You can try this https://graph.microsoft.com/v1.0/users?$filter=userType eq ‘Guest’

but then you need to access on your AD. You may need to create an API and get consent for Azure AD and try this.

v-xida-msft
Community Support
Community Support

Hi @aluzaja178 ,

Do you want to retrieve Group Info for a guest user from your current Org?

 

Regarding the needs that you mentioned, I think the AzureAD.GetMemberGroups() function could achieve your needs. When you want to use the AzureAD.GetMemberGroups() function to search related groups to the "Guest" user, you could not type the email address of the "Guest" user as first argument in the AzureAD.GetMemberGroups() function, instead, you should specify the Object Id of the "Guest" user as first argument in the AzureAD.GetMemberGroups() function.

 

I have made a test on my side, please try the following workaround:

5.JPG

1. Firstly, add Office 365 Users connector as data source in your app.

2. Set the OnSelect property of the "Retrieve Groups" button to following:

ClearCollect(
             GroupsCollection, 
             AddColumns(
                         AzureAD.GetMemberGroupsV2(First(Office365Users.SearchUserV2({searchTerm: "Anchxxxxxx@163.com"}).value).Id, false).value, 
                         "GroupName", 
                         AzureAD.GetGroup(Value).displayName
             )
)

On your side, you should modify above formula as below:

ClearCollect(
             GroupsCollection, 
             AddColumns(
                         AzureAD.GetMemberGroupsV2(First(Office365Users.SearchUserV2({searchTerm: User().Email}).value).Id, false).value, 
                         "GroupName", 
                         AzureAD.GetGroup(Value).displayName
             )
)

then related group info would be saved into the GroupsCollection, you could add a Data Table in your app to preview this collection data.

 

Please try above solution, then check if your issue is solved.

 

Regards,

Community Support Team _ Kris Dai
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Thanks for the brief details

@v-xida-msft please correct me if I am wrong. I guess the guest account user's email address retrieves with # included unlike AD user's, due to which we cannot be able to run commands with it. I guess we may need to format it to proceed.

For example a gmail account gets retrieved as live.com#abcd@gmail.com

Hi @aluzaja178 ,

Yeah, you are right. When the "Guest" user run the shared app, he would retrieve group info from his own tenant rather than yours.

 

If you want the "Guest" user to retrieve group info from your tenant when he run this shared app, I afraid that there is no way to achieve your needs in PowerApps currently.

 

As an possible solution, you could consider create a custom connector based on Microsoft Graph REST API to achieve your needs. Within the custom connector, you could define a List memberOf action to retrieve groups for a specific user in your tenant:

GET /users/{id | userPrincipalName}/memberOf

 

Within your canvas app, add a connection to this custom connector, then use the custom connector action to retrieve groups in your tenant for this "Guest" user. Then when you share your canvas app to this "Guest" user, the custom connector would be shared to the "Guest" user automatically, then he could also use this custom connector to retrieve related groups for him in your tenant.

 

More details about creating a custom connector in PowerApps based on Microsoft Graph API, please check the following blog:

https://gotoguy.blog/2017/12/17/access-microsoft-graph-api-using-custom-connector-in-powerapps-and-f...

 

More details about "List memberOf" action in Microsoft Graph API, please check the following article:

https://docs.microsoft.com/en-us/graph/api/user-list-memberof?view=graph-rest-1.0&tabs=http

 

Please try above solution, check if it could help in your scenario.

 

Regards,

Community Support Team _ Kris Dai
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

View solution in original post

Thanks a bunch Kris Dai. It worked for me.

View solution in original post

Helpful resources

Announcements
PA User Group

Welcome to the User Group Public Preview

Check out new user group experience and if you are a leader please create your group

MBAS Attendee Badge

Claim Your Badge & Digital Swag!

Check out how to claim yours today!

secondImage

Are Your Ready?

Test your skills now with the Cloud Skill Challenge.

Top Solution Authors
Top Kudoed Authors
Users online (29,989)