cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Reply
jakesh
Helper I
Helper I

What is the best way to load a bulk of users in the portal using Azure AD that can be used to assign web roles to restrict specific pages to different AAD security groups?

‎06-28-2022 11:03 AM

My end goal is to replace the process of creating an individual Contacts that can be used in Web Roles by assigning users to AAD Security Groups. I would like to create AAD Security Groups, load them into the Power Pages/Apps Portal, and assign them to Web Roles so that the users in that group are restricted to specific pages.

 

I was able to create a Team in my environment based on an AAD Security Group but I haven't found a way to assign this team to a web role so that the users in this team are restricted to seeing a specific page in the portal. Also, these users are authenticated through AAD, but the web role cannot be set to yes for authenticated users because it would not let them see the page at all.

 

What is the best way to load a bulk of users in the portal using Azure AD that can be used to assign web roles to restrict specific pages to different AAD security groups?

 

Please help.

 

Thanks.

Labels:
Message 1 of 5
210 Views
0 Kudos
4 REPLIES 4
OliverRodrigues
Super User
Super User

‎07-02-2022 07:22 AM

You can't associate the Web Roles with AAD Security Groups directly

You might be able to achieve this using Microsoft Graph API, you could maybe retrieve the security group and than associate your Web Role (perhaps based on a Matrix setup in Dataverse)

If you need this to be sync, you would have to do it via sync Plugin, if you are happy for it to be async, you might be able to use Power Automate Flows

 

I can't think that any solution would be very easy, it would probably take a good bit of time to setup

 

A few links that might help:

Power Automate Flow: Calling MS Graph API - TechNet Articles - United States (English) - TechNet Wik...

Use the Microsoft Graph API - Microsoft Graph | Microsoft Docs




If you like this post, give a Thumbs up. Where it solved your request, Mark it as a Solution to enable other users find it.

Power Pages Super User | MVP


Oliver Rodrigues


 

Message 2 of 5
195 Views
0 Kudos
jakesh
Helper I
Helper I

‎07-02-2022 07:10 PM

@OliverRodrigues thanks for your response. I will look into this.

 

I've also been looking into "Force Sync Azure Active Directory Group members to specified CDS instance". Have you tried this?

https://powerautomate.microsoft.com/en-US/templates/details/6e4162ca7afc48479e3ad1caadc6c1e6/force-s...

Message 3 of 5
188 Views
0 Kudos
OliverRodrigues
Super User
Super User

‎07-03-2022 03:58 AM

I haven't used that, but it's probably related to sync AAD users to Dataverse (CDS/D365) users, and not Power Pages Users.

 

Basically the way Power Pages works is that a user is always represented by a Contact record, this is the same for either internal or external users.

When a user signs in via Azure AD, the Power Pages automatically creates a Contact record for that user.




If you like this post, give a Thumbs up. Where it solved your request, Mark it as a Solution to enable other users find it.

Power Pages Super User | MVP


Oliver Rodrigues


 

Message 4 of 5
182 Views
0 Kudos
NikitaPolyakov
Microsoft
Microsoft

‎07-18-2022 10:39 AM

You have to manually design and map and integrate your Authorization Management solution concept into the Power Pages concepts.

 

I recommend customers to always design this a pre-load system and consider a more proactive invitation process for your users too, this way they are aware and invited to login. You can have a job that regularly synchronizes your portal users (Contacts and checks their associated Web Roles) triggered from Azure AD Group membership changes. Here also new users would get welcome emails and instructions to access your website.

 

Please stay away from synchronous (Dataverse plugin) routes as those are more complex and taxing. Primarily syncronous plugins would hold a transaction in Dataverse and website at the same time, so they can be detrimental to your website performance, especailly at scale.  

Message 5 of 5
149 Views
0 Kudos

Helpful resources

Announcements
Carousel Community Blog

Check out the Community Blog

Read all about the most recent blogs in the community!

Carousel News & Announcements

What's New in the Community?

Check out the latest News & Events in the community!

View All
Users online (3,463)