cancel
Showing results for 
Search instead for 
Did you mean: 

Azure SQL to PowerApps Connector | AAD doesn't work for guest accounts

<Due to current authentication pipeline limitations, AAD guest users aren't supported when using AAD type connections to SQL Server. As a workaround, use SQL/Windows auth type connections.>

 

Hi, folks,  this has been an identified issue since Feb '21.  It is a very problematic constraint to anyone looking to make applications available across different organisations.   Is there any news on when it might be resolved?

 

Many thanks

Status: New
Comments
seadude
Memorable Member

Do you have a reference for what is working? Docs, etc.

robgauldie
Advocate I

I have a powerapps application which refers to an Azure SQL database.

 

Users within the same tenancy can see the data in the application, using the AAD authentication included within the Powerapps to Azure SQL connector.   Users are added to a security group that is granted permissions on the database.... all good.

 

Guest users, i.e. those with an EXT account from other organisations, can access the database when added to the same security group using other applications (eg. PowerBI or Microsoft SQL Server Manager), however, they cannot see the data through the powerapp.   The application simply opens and no data is displayed.

 

This is a known issue with the PA to Azure SQL connector (and has been for quite a while).   We are just looking for a timeframe for resolution and to understand if this is on a roadmap (or we have to look for an alternative way to do this).

ashoktholiya
New Member

Alternative way : Create AAD user and use it in PowerApps with required RBAC roles - permissions.

robgauldie
Advocate I

Thanks, Ashoktholiya,  yes that's more or less where we have ended up with this, however, it's a pretty inelegant solution for external users, who then have to run multiple AAD logins.   

 

It is also additional work to manage the additional accounts, with MFA etc.   I really don't understand why this limitation isn't being addressed.