cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
BO55VXR
Advocate II
Advocate II

Role Based Access - Requesting Access to application

We use Role Based Access in our company and users who have a need to access a Power App are granted permission using Azure Active Directory groups. These groups are managed automatically by our service request system
 
However, if a user does not currently have access and tries to access an application they get prompted with the following screen and an option to "Request Access"
 
BO55VXR_0-1614763108966.jpeg

 

 
They then click on the "Request Access" link which sends an email to the Owner of the application but the owner is the person who created the app, in this case and internal development team who have no authority to grant access.
 
Can this screen be customised to show the "Business Process" that would need to be followed to obtain access .... e.g. a "Raise a Service Request with the Company Support Centre"
 
7 REPLIES 7
RusselThomas
Microsoft
Microsoft

Hi @BO55VXR ,

I don't believe you can customise that screen - however you might want to consider some alternative ways to deal with this.  I can think of one off the top of my head for example;

Owners of an app can use flow to trigger off user access requests - the flow can reply explaining the process and perhaps forwarding the request to the correct team, or even just add them directly to the relevant group, tossing in an approval process if required and letting the user know when it's done.  If this isn't doable, perhaps using RPA to go and capture the request on the relevant service request system on behalf of the user... the point is, some or even all of the onboarding process can potentially be automated. You can get the user id, app id and environment id all off the request email that PowerApps sends to the owner, so this should be relatively easy to achieve.

 

There are possibly some other automation tricks you can use to get this done, (such as an 'open to all' hub app that checks for access before launching the relevant app) - but they may be perhaps less elegant.  I think the above is the most elegant as it combines the 'out-the-box' request access feature with some automation that can be quite seamless for the user.

Probably a few other ways to do this, but customising the redirect screen is unfortunately not one of them.

 

Hope this helps,

RT

BO55VXR
Advocate II
Advocate II

Thanks @RusselThomas -

I had already thought of the automated response email using Power Automate and I've implemented that today.

 

The trick is that you cannot just "reply" to the email as it comes from Microsoft ... so you have to delve into the message body to extract the email address of the requester and then use that (a Regular Express action would have been so helpful for this but that's a different story)

 

Thnx

RusselThomas
Microsoft
Microsoft

Hi @BO55VXR ,

Yep, the workflow definition language is not a pretty sight at the best of times, and the extract formulas hurt your brain and your eyes -  but once done, they're done (until some bright spark changes the notification email 😉).

This might help get you started with the flow expressions if you haven't done it already - this was mine, so by no means the best approach, just one I found worked for me.  Trigger in this case is the email:

EnvironmentID

substring(triggerOutputs()?['body/body'], 
	add(indexOf(triggerOutputs()?['body/body'], 'https%3A%2F%2Fmake.powerapps.com%2Fenvironments%2F'), 50),
	sub(indexOf(triggerOutputs()?['body/body'], '%2Fapps%2F'), 
		add(indexOf(triggerOutputs()?['body/body'], 'https%3A%2F%2Fmake.powerapps.com%2Fenvironments%2F'), 50)
	)
	
)

AppID

substring(triggerOutputs()?['body/body'], 
	add(indexOf(triggerOutputs()?['body/body'], '%2Fapps%2F'), 10),
	sub(indexOf(triggerOutputs()?['body/body'], '%2Fshare'), 
		add(indexOf(triggerOutputs()?['body/body'], '%2Fapps%2F'), 10)
	)
	
)

 

Hope this helps,

 

RT

Not really the Environment / App ID that was needed, it was the email address of the requester ... 

 

So, here's what I did to get the email address from the request ... 

 

Step 1: Compose Action (Remove all text before the request text)

substring(triggerOutputs()?['body/body'],indexOf(triggerOutputs()?['body/body'],'You’ve received a request from'), 200)

Step 2: Compose Action (Find the start of the email address)

add(indexOf(outputs('Remove_all_text_before_the_request_text'),'('),1)


Step 3: Compose Action (Find the end of the email address)

indexOf(outputs('Remove_all_text_before_the_request_text'),')')


Step 4: Compose Action (Extract email address)

substring(outputs('Remove_all_text_before_the_request_text'),outputs('Find_the_start_of_the_email_address'),sub(outputs('Find_the_end_of_the_email_address'),outputs('Find_the_start_of_the_email_address')))


Once I had the email address, it was simply a case of sending an automated email to that person with details on what they need to do to obtain access

RusselThomas
Microsoft
Microsoft

Hi @BO55VXR 

Looks similar to my spaghetti-can of flow expressions 🙂

AppId and EnvironmentID I use to automatically assign them access - for my use case, there's no 'control' required on who can use the app and who can't, we just haven't shared it with "everyone" by default - so the first time they try and use it, the flow goes and gives them access, then tells them they can use it now.

Turnaround time from the time they click the button to getting access is around 3min, which is all based on email service times, so reasonably slick from a user perspective.

Kind regards,

RT

Unfortunately, I cannot just give access to anyone who requests it as we have Role Based Security where the apps are shared using Azure Active Directory and the user has to follow a specific business process to gain access.

 

 

Helpful resources

Announcements
UG GA Amplification 768x460.png

Launching new user group features

Learn how to create your own user groups today!

Community Connections 768x460.jpg

Community & How To Videos

Check out the new Power Platform Community Connections gallery!

M365 768x460.jpg

Microsoft 365 Collaboration Conference | December 7–9, 2021

Join us, in-person, December 7–9 in Las Vegas, for the largest gathering of the Microsoft community in the world.

Users online (3,105)