cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Highlighted
Frequent Visitor

How to share a single app with external users while maintaining data security.

I am hoping to share 1 canvas Power Apps with approximately 200 external clients. When a client is on the app, they should only be able to view their specific data and no one else's. Is this possible with Power Apps? If so, can you please guide me on how to do this?

 

Furthermore, some of the clients do NOT have Microsoft licenses. Is there a way that these clients can view the canvas Power Apps? If not, is there a way that I can give all the clients individual access to my Microsoft account while mantling data security?

 

If the clients are on my Microsoft account I would only want to give them access to view the canvas Power Apps and their specific data. Is this possible?

 

Example of what I am looking for: I have about 200 clients that have a weight loss goal for the month. I want to use 1 canvas Power Apps to show each client's weight loss goal for the month. The client will open the app and input their weight loss goal. The client will not see anyone else's weight loss goal. Next month, the client will upload a new weight loss goal. These weight loss inputs will be connected to a SQL server.

 

11 REPLIES 11
Highlighted
Community Champion
Community Champion

Re: How to share a single app with external users while maintaining data security.

Hi @QuestionTime ,

Firstly, if you want to share a canvas app, then all users either need an equivalent MSO365 licence or you have to add them to you tenant, which effectively means adding them to yours.

The security issues you mention are certainly possible in Power Apps however is you comply with the above.

However I believe the best path for your to explore is Power Apps Portals

 

Please click Accept as solution if my post helped you solve your issue. This will help others find it more readily. It also closes the item. If the content was useful in other ways, please consider giving it Thumbs Up.

Highlighted
Community Support
Community Support

Re: How to share a single app with external users while maintaining data security.

Hi @QuestionTime ,

For your first question, the answer is YES. You could consider add a Filter function in your canvas app, then filter your data source records based on current sign in user.

If your data source is a SP List, you could consider try the following formula:

Filter(
       'Your SP List',
       'Created By'.Email = User().Email
)

or

Filter(
       'Your SP List',
       'Created By'.DisplayName = User().FullName
)

So if you use SQL Table as your data source, you could add a column in your table, to store the display name of your external users.

 

For your second question, if you want your external users to run your shared canvas app, each of these external users must own proper PowerApps License. When you add your external users as Guest users in your AAD, you could assign proper PowerApps License to them.

More details about sharing app with guest users in your AAD, please check the following article:

https://docs.microsoft.com/en-us/powerapps/maker/canvas-apps/share-app#share-with-guests

 

In addition, when you share your canvas app to your external users, you could not share your connection to these end users. When these external users run your app, they would be prompted to provide their own credential rather than your own account to create connection to these connectors used in your app. So you could not share your own credential to these external users to create connection in your app.

 

Best regards,

Community Support Team _ Kris Dai
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Highlighted
Frequent Visitor

Re: How to share a single app with external users while maintaining data security.

Thank you for your response. Now it is clear that I can filter out the data that each user of the Power App sees. 

 

However, I am still confused about the last paragraph you wrote. You mentioned "when you share your canvas app to your external users, you could not share your connection to these end users." what exactly does this mean? Does this mean that the external users would see the skeleton of the Power App without any data? or does this mean that the external user will only see the data that they have permission to see (due to the filter)? 

 

Also, you mentioned "When these external users run your app, they would be prompted to provide their own credential rather than your own account to create connection to these connectors used in your app." would this credential pertain to the filter that I create in SQL? Is the credential something that I create; or is it automatically assigned to the external user? Is the credential only a one time use; or does it provide unlimited access to the Power App?  

 

Also, you mentioned "So you could not share your own credential to these external users to create connection in your app." I am not entirely understanding what this means. I want each external user to have their own login to the Power App. Each user should only see their personal data ( due to the filter ). And the user should only have the ability to view the Power App; they should not have access to the database. I believe your sentence goes along with that?

 

Sorry, I am new to Power Apps.

 

Highlighted
Community Champion
Community Champion

Re: How to share a single app with external users while maintaining data security.

Hi @QuestionTime ,

We share some of our data with our customer (we are a contractor). Our data source is SharePoint and we also have to share this with each external user so they can see the data. This is not an issue as SharePoint can be externally shared, however some other data sources may not have the same ability. The user is initially prompted for their own login (in our case the customer also has an equivalent O365 licence) and then it all works. If you add them to your tenant, they will still have the same initial login process.

So essentially you need to also share your data at whatever level (ours is read only) you are prepared to give to these users.

 

Please click Accept as solution if my post helped you solve your issue. This will help others find it more readily. It also closes the item. If the content was useful in other ways, please consider giving it Thumbs Up.

Highlighted
Community Support
Community Support

Re: How to share a single app with external users while maintaining data security.

Hi @QuestionTime ,

Currently, within PowerApps, some connections (such as SQL Server with SQL or Windows authentication) are implicitly shared with the app when you share the app with other users. Other connections require users to create their own connections and explictly grant security privleges (such as security roles for the Common Data Service, OneDrive for Business, SQL Server with Azure AD authentication).

Please check the following article for more details:

https://docs.microsoft.com/en-us/powerapps/maker/canvas-apps/share-app-resources#connections

 

If you add a On-premises SQL Connection in your canvas app with SQL or Windows authentication, when you share this app to your end users, the SQL Connection would be  implicitly shared to these users automatically. But if you add SP List connection, OneDrive connection, SQL Server with Azure AD authentication connection, .... in your canvas app, when you share your canvas app to your end users, these users would be prompted to use their own credential (Office 365 account) to create connection to these connectors used in your app.

 

For these SP List connection, OneDrive connection, SQL Server with Azure AD authentication connection, .... which require users to create their own connections and explictly grant security privleges, these users must provide their own credential (Office 365 account) to create connection to these connector rather than use yours. In other words, you could not share your own SP List connection you created in your canvas app to these end users, to let them access your SP List using your SP List connection.

 

More details about sharing app resource in PowerApps, please check the following article:

https://docs.microsoft.com/en-us/powerapps/maker/canvas-apps/share-app-resources

 

Best regards,

Community Support Team _ Kris Dai
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Highlighted
Community Champion
Community Champion

Re: How to share a single app with external users while maintaining data security.

Thanks @v-xida-msft for the expansion.

@QuestionTime , this really depends on your data source if not SharePoint.

Highlighted
Community Champion
Community Champion

Re: How to share a single app with external users while maintaining data security.

Hi @QuestionTime ,

Just checking if you got the result you were looking for on this thread. Happy to help further if not.

Please click Accept as solution if my post helped you solve your issue. This will help others find it more readily. It also closes the item. If the content was useful in other ways, please consider giving it Thumbs Up.

Highlighted
Community Support
Community Support

Re: How to share a single app with external users while maintaining data security.

Hi @QuestionTime ,

Is the reply I provided above is helpful in your scenario?

 

If the reply is helpful in your scenario, please consider go ahead to click "Accept as Solution" to identify this thread has been solved.

 

Best regards,

Community Support Team _ Kris Dai
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Highlighted
Frequent Visitor

Re: How to share a single app with external users while maintaining data security.

I still have one question: How do I make a user only see the data that is linked to their login on the SQL query?

 

When a client is on the app, they should only be able to view their specific data and no one else's. Is this possible with Power Apps? If so, can you please guide me on how to do this?

Helpful resources

Announcements
secondImage

Demo-Extravaganza 2020

Check out these cool Power Apps & vote on your favorite!

secondImage

Community Highlights

Check out whats happening in Power Apps

secondImage

Community User Group Member Badges

FIll out a quick form to claim your community user group member badge today!

secondImage

Power Platform 2020 release wave 2 plan

Features releasing from October 2020 through March 2021

Top Solution Authors
Top Kudoed Authors
Users online (12,976)