My end goal is to replace the process of creating an individual Contacts that can be used in Web Roles by assigning users to AAD Security Groups. I would like to create AAD Security Groups, load them into the Power Pages/Apps Portal, and assign them to Web Roles so that the users in that group are restricted to specific pages.
I was able to create a Team in my environment based on an AAD Security Group but I haven't found a way to assign this team to a web role so that the users in this team are restricted to seeing a specific page in the portal. Also, these users are authenticated through AAD, but the web role cannot be set to yes for authenticated users because it would not let them see the page at all.
What is the best way to load a bulk of users in the portal using Azure AD that can be used to assign web roles to restrict specific pages to different AAD security groups?
You can't associate the Web Roles with AAD Security Groups directly
You might be able to achieve this using Microsoft Graph API, you could maybe retrieve the security group and than associate your Web Role (perhaps based on a Matrix setup in Dataverse)
If you need this to be sync, you would have to do it via sync Plugin, if you are happy for it to be async, you might be able to use Power Automate Flows
I can't think that any solution would be very easy, it would probably take a good bit of time to setup
A few links that might help:
@OliverRodrigues thanks for your response. I will look into this.
I've also been looking into "Force Sync Azure Active Directory Group members to specified CDS instance". Have you tried this?
I haven't used that, but it's probably related to sync AAD users to Dataverse (CDS/D365) users, and not Power Pages Users.
Basically the way Power Pages works is that a user is always represented by a Contact record, this is the same for either internal or external users.
When a user signs in via Azure AD, the Power Pages automatically creates a Contact record for that user.
You have to manually design and map and integrate your Authorization Management solution concept into the Power Pages concepts.
I recommend customers to always design this a pre-load system and consider a more proactive invitation process for your users too, this way they are aware and invited to login. You can have a job that regularly synchronizes your portal users (Contacts and checks their associated Web Roles) triggered from Azure AD Group membership changes. Here also new users would get welcome emails and instructions to access your website.
Please stay away from synchronous (Dataverse plugin) routes as those are more complex and taxing. Primarily syncronous plugins would hold a transaction in Dataverse and website at the same time, so they can be detrimental to your website performance, especailly at scale.