How do I load Azure AD Users or Groups into the Contacts entity without having to wait for users to log in the first time (via AAD authentication) to show up in Contacts?
Microsoft documentation says Contacts are not provisioned automatically, and they are added at "run-time" or when users log in for the first time via AAD authentication, but there has to be a way to push or load Azure AD users into the portal proactively as Contacts.
My end goal is to load Azure AD users into portal Contacts so that I can assign them web roles.
Thanks!
Solved! Go to Solution.
I found the way to pre-register contacts with an email, assign them to a web role, and upon the user signing in, the contact record will be automatically associated with the Azure AD external identity.
Create the following site setting, which is not preloaded to the portal by default:
Authentication/OpenIdConnect/AzureAD/AllowContactMappingWithEmail
You would have to write something that created the Contact based on a user being added to AAD etc for that Contact also create an External Identities record (this is what links the Contact to the External Identity Provider) and populate it with the respective Azure AAD GUID of the user and the AAD url (or use the email address mapping setting on your setup in the Portal - but understand that depending on your scenario there may be risks with this mapping).
@Fubar thank you for your response. I tried creating a Contact record and manually added the external identity with AAD's object ID as username, but when I went to the portal and tried to log on with Azure AD an error came up saying there was an existing user with that object ID.
However, the goal is to load all the AAD users at once into the Contacts entity without having to add them one by one.
This might be a duplicate of What is the best way to load a bulk of users in th... - Power Platform Community (microsoft.com)
I am just adding here for reference
Power Pages Super User | MVP
@jakesh double check that you are just Signing in, and not Registering. Only other thing I can think is there is a checkbox on the Contact - can't remember exactly what it is called off the top of my head something like Enabled for Portal OR Portal User.
I found the way to pre-register contacts with an email, assign them to a web role, and upon the user signing in, the contact record will be automatically associated with the Azure AD external identity.
Create the following site setting, which is not preloaded to the portal by default:
Authentication/OpenIdConnect/AzureAD/AllowContactMappingWithEmail