cancel
Showing results for 
Search instead for 
Did you mean: 
Support-PP

Power Pages - Behind the scenes integration with Azure and Dataverse

Power Pages is built on top of Dataverse and all configurations made in the design Studio are stored as records/rows in Dataverse.

 

Components used in Power Pages such as Lists and Forms connect to Dataverse forms and views. In order to configure lists/forms in Power Pages a good understanding of dataverse data modelling is required.Pro developers can use Power Pages Web API to interact with Dataverse data directly from JavaScript and create richer user experience inside Power Pages site.

 

In this section, let's look at how Power Pages connects to Dataverse.

When a Power Pages site is created using any of the templates within a Dataverse environment behind the scenes the following components are created:

  1. An Azure Active directory app registration

  2. An application User

  3. Authentication Key

Azure AD App Registration

 As part of the portal provisioning process an application is created in Azure AD and is registered with the Dataverse environment. Each portal has a separate Azure Active Directory application associated with it, whether it's connected to the same Dataverse environment or not. The default Azure Active Directory authentication provider created for a portal uses the same Azure Active Directory application to authenticate the portal. Authorization is enforced by web roles assigned to the user accessing the portal.

For eg: if you have created a portal as shown below with the name as Starter Portal

SupportPP_0-1685440641837.jpeg

 

 An app with the name "Portals -<Portal Name" with the same application id as the portal will be created in Azure AD App registration. As you can see in screenshot below the name of the App registration is "Portals-Starter portal" and it has the same application id as the portal (highlighted above in red)

 

SupportPP_1-1685440641634.jpeg

 

The application has the following configuration:

1. The owner of the application is the user who created the portal

2. The redirect url is set to the portal url

3. Certificate which expires in 2 years

4. Has following Api permissions

  • Azure Active Directory Graph -> User.Read with Delegated permission

  • Microsoft Graph -> User.Read with delegated permissions

Note: Don't delete or modify this application, or you might break the portal functionality. You must be the application owner to manage a portal from the Power Apps Portals admin center.

 

Dataverse User accounts

Portal sites use an Dataverse application user that will be automatically created as part of the site creation process. The app user is called # Portals - site name.

 

The application user will appear in Dataverse and will have the following roles,

  • Portal Application User

  • Service Writer

  • Service Deleter

Note: Do not modify the security roles in Dataverse for the application user

 

SupportPP_2-1685440641964.jpeg

 

Authentication Key / Certificate

As seen in point 1, a Portal connects to Dataverse using an Azure Active Directory application through an authentication key. This key is generated when you provision a portal and the public part of this key is automatically uploaded to the Azure Active Directory application. The key can be updated using the Portal Admin center.

SupportPP_4-1685440799378.png

Note :

The authentication key will expire in two years. It must be renewed every two years to ensure that your portal will continue to connect to the Dataverse environment. If you do not update the key, the portal will stop working.

Comments