cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
ManojAhuja
Frequent Visitor

sharing canvas apps with external users

Hi, 

I need help in sharing canvas app with my clients.

I am following the below route

  • Design a app
  • create a user in my organization
  • sharing the app with this new user.
  • extending the user rights of this user account to a client
  • Now will it be also possible that my client uses his gmail credentials to use the app?
  • If yes please advise how it can be done?

If expectations seem to be out of normal way of working ,will apreciate a piece of advise.How to manage this situation?

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions

Hi @ManojAhuja ,

You are 100% correct - as you might see, sharing an app 'externally' still requires you to create an external user inside your AD and assign a license to them - their authentication might be with their org to provide a token to your org, but they essentially log into your tenant. 

As long as their guest account can also be given permissions to the data sources they can run the app using that account - but again their identity has to be registered inside your AD, and their license is coming from your license pool.  

 

For them to use Google OAuth as the identity provider is a little out of my experience, I honestly cannot say how hard or easy this might be to achieve, or what the implications for accessing O365 resources might be.  

 

Some orgs also limit access to their tenant access to registered domain devices only, which makes this kind of sharing even more complicated.

 

In some cases you can surface the App in a Teams tab for them to run it from there, but probably the biggest barrier in this setup is the license cost which you incur on behalf of your client.

 

If you're happy with the setup, then following the steps in the video should get you there?

 

Kind regards,

RT

 

View solution in original post

3 REPLIES 3
RusselThomas
Microsoft
Microsoft

Hi @ManojAhuja ,

Firstly, licensing is a field of study all on its own - so disclaimer first, this is just an opinion which may differ from reality - I'm no licensing specialist.

 

That said, you can make use of Power Apps Portals to create customer facing apps.  The authentication method you choose for your portal will determine how you manage customer identities.

 

For someone to make use of a canvas PowerApp, well let's just say that the Power Platform is for the most part internally facing - it is not natively designed to share with outside parties, with the exception of portals mentioned above. 

To use a canvas app, the user needs to have an account in your AD - whether this is a localised account or guest account will probably depend on your security team. 

They then also need to have an enterprise license that allows them to use PowerApps.

"Enterprise" licensing typically excludes the use of personal email domains like gmail.com - so it's unlikely he would be able to authenticate with your app using his gmail credentials.

You might be able to surface the app up in Teams and add him to the Team as an external user, after his account has been provisioned on your AD as an external user - however you would need to make sure the external user has access to the app and its data sources and no guarantees it will even work - there are way too many moving parts to predict how successful this would be.

A lot of "ifs mights and maybes", but like I said, it's not natively focused on external user participation - your best bet is to look at portals.

Kind regards,

RT

Hi, Thanks Russel,

Your reply is quite clear but the below video link gave me an impression as if there are some changes in how the canvas apps can be shared with external users.

https://youtu.be/RKl4nLL4tcQ.

Further on authorizing a google user to use my app I came across following documentations from Microsoft

https://docs.microsoft.com/en-us/azure/app-service/configure-authentication-provider-google.

Being someone with a little  IT background I thought getting some advise to understand whether above road can lead to success if time is spent in this direction or I selected some wrong options for such a use case.

Portals of course if a prescribed option but keeping in view the cost commitments I thought of exploring the possibility of canvas apps.

Thanks once again for your initiative and support.

 

 

Hi @ManojAhuja ,

You are 100% correct - as you might see, sharing an app 'externally' still requires you to create an external user inside your AD and assign a license to them - their authentication might be with their org to provide a token to your org, but they essentially log into your tenant. 

As long as their guest account can also be given permissions to the data sources they can run the app using that account - but again their identity has to be registered inside your AD, and their license is coming from your license pool.  

 

For them to use Google OAuth as the identity provider is a little out of my experience, I honestly cannot say how hard or easy this might be to achieve, or what the implications for accessing O365 resources might be.  

 

Some orgs also limit access to their tenant access to registered domain devices only, which makes this kind of sharing even more complicated.

 

In some cases you can surface the App in a Teams tab for them to run it from there, but probably the biggest barrier in this setup is the license cost which you incur on behalf of your client.

 

If you're happy with the setup, then following the steps in the video should get you there?

 

Kind regards,

RT

 

View solution in original post

Helpful resources

Announcements
UG GA Amplification 768x460.png

Launching new user group features

Learn how to create your own user groups today!

Community Connections 768x460.jpg

Community & How To Videos

Check out the new Power Platform Community Connections gallery!

M365 768x460.jpg

Microsoft 365 Collaboration Conference | December 7–9, 2021

Join us, in-person, December 7–9 in Las Vegas, for the largest gathering of the Microsoft community in the world.

Users online (1,666)