Introduction
Hello Everyone,
Hope you all are staying safe and healthy.
Today, I am going to share a very useful
#PowerGuideTip14 related to PowerApps Portals Authentication, which will help you to design a process, where you require to automate your PowerApps Portals Authentication.
You might know, Portal Users has following ways to access PowerApps Portals:
Local Authentication: User hits the Portal URL in browser > Register and Can start accessing the Portals through their chosen Username and Password.
External Authentication: User hits the Portal URL in browser > Register through either Social Media Accounts, Azure AD, B2C, B2B account and can start accessing the Portals.
In both the type of authentications, any type of audience is allowed to Register and Start accessing the Portal. However, sometimes you want to restrict your Portal traffic and want to allow accessing the Portal to the Invited users only.
Here comes, the Portal Invitation Process.
Portal Invitation is the process where your organisation decides, who'll access the portal by sending the personal email invitation.
Now, this invitation could be sent to either
New Users or your
Existing Users (Contacts).
You can have a look at
this article to know more about the PowerApps Portal Invitation process.
While sending the Portal Invitation there might be a business need where you might require to send
Autogenerated Username and Temporary Password. So today in this article, I am going to share the solution of the same.
Requirement
1. Send Autogenerated Username and Password to the Portals Invited Users.
2. Redirect User to Password Reset Page immediately after the successful login.
Local Authentication
Solution
I have designed a Real-Time Workflow (that you can download from my
Git Hub repo) to auto-generate the username and password for the portal users. You can update the workflow steps as per your business need.
Solution Component
Workflow Name: Portals - Auto Generate Username and Password
Trigger Point: On-demand (configure the trigger point as per your business need, like on creating of contact record or you can trigger it on the update of any field also)
Scope: Organisation
Type: Real-Time
This workflow has 4 steps
Step 1- Generate a Unique Temporary Password (OOB Custom Workflow of AdxStudio)
Step 2 - Update Contact record with relevant information, that is required to access the Portals. Like
- Turn On the Login Enabled and Lockout Enabled Field.
- Copy email address from the Email (emailaddress1) field to the Username field
Step 3 - Update the uniquely generated password (Step1) in the Contact record in the Hash format. (OOB Custom Workflow of AdxStudio)
Step 4 - Generate a Security Stamp, which is mandatory to be generated for the generated password and portal login (OOB Custom Workflow of AdxStudio)
Step 5 - Send an Email to User with Username and Password
Pre-requisites to use the solution
- You need to have PowerApps Portal installed (any portal type) in your Dynamics 365 Instance.
- Managed Solution (Download it from my Git Hub Repo).
Usage Steps
Dynamics 365:
- Import the Managed Solution downloaded from Git Hub
- Open any existing Contact record (must have unique emailaddress)
- Go To the Flow from the Ribbon Bar
- Choose Portals - Auto Generate Username and Password workflow from the list
- Provide the confirmation
- Open the Portal Contact form > Go to Web Authentication Tab.
- You'll see the portal authentication-related information has got updated on the form.
- Check the email or can directly open the email record from Timeline.
- You'll see the Username (email address) and a temporary password has got generated.
PowerApps Portal:
- Hit the Portal URL in the browser.
- Enter the username and password received in the email
- Once logged In successfully, you'll be redirected to Password Reset Page, where you can reset the password as per your wish.
Note: In order to redirect the user to the Password Reset page immediately after the login, I have written the following script on the Profile Webpage. However, you need to call this code only the first time after the login, not every time. Otherwise, every time when user tried to open the profile page, it'll take the user to the Password Reset page,
May be to do that, you can create a custom field (two option) on Contact entity and update its values to true, as soon as user resets the password (can update the field in OOB Action called- 'Send Password Reset To Contact') and in your Profile webpage, you can put the condition:
If {{user/ firstlogin != 'true'}}
{
window.location.href='/en-US/Account/Manage/ChangePassword/'
}
Live Demo
External Authentication
For External Authentication, if you are allowing customers to register/login on Portal through their Social Media accounts like Yahoo, Gmail, LinkedIn, Twitter, Facebook, etc. Then there is no need to send the autogenerated username and password. Because they already have their username and password for all their social media account.
However, for Azure AD B2C and Azure AD B2B authentication. You need to create the guest user account in your Azure Active Directory. In the normal process, the User chooses Azure AD B2C as a Login option, Sign Up in Azure AD B2C, and then log in to PowerApps Portal. This created a guest user in your Azure AD tenant.
However, if you don't want to allow external users to register on the portal through Azure AD B2C and only want to allow when you send them the invitation then you might need to generate username and password in Azure AD.
Can check
this article for more details about Azure AD B2C setup in PowerApps Portals.
In order to automatically create a user in Azure AD B2C, you have only two options available.
either uses Microsoft Graph API or use the Powershell command. As I am always in favour of Low Cede No Code solution, hence I would recommend going with Microsoft Graph API.
Microsoft Graph API can also be triggered based on your business need either through Power Automate or C# code.
I have provided a Power Automate solution that automatically creates a Guest User (Azure AD B2C) in your Azure AD tenant along with Username and Password and sends them the invitation as well.
Pre-Requisites
In order to use this Power Automate Solution, you need to consider following pre-requisites
- Appropriate License to use Power Automate
- Download my Power Automate solution from Git Hub Repository.
- Azure AD B2C setup in Azure and Portals both. Can check this article for more details.
- Trigger Point to trigger the Power Automate solution. I have kept my Power Automate trigger is Manual, however you can trigger it as per your business need)
Usage Steps
- Import the Power Automate Solution downloaded from Git Hub
- Update the Azure AD configurations like Clientid, Secret Key, Tenant ID etc
- Change the Power Automate Trigger as per your business need.
- Run the Power Automate
To know everything about Microsoft Graph API, it's setup, and how to call it using Power Automate, Please check my following article and can watch my 365 Saturday session recording as well.
Demo
Git Hub Repository
Local Authentication - Autogenerate Username & Password
https://github.com/arpitdynamics/Dynamics365Code/blob/master/PortalLocalAutogenerateUsernamePassword_1_0_0_0_managed.zip
Azure AD B2C Authentication - Autogenerate Username & Password
https://github.com/arpitdynamics/Dynamics365Code/blob/master/Portals-AzureADB2CAutogenerateUsername%26Password_20200713142409.zip
Important Points
- This article is just a guidance to autogenerate username & password, I am using contact record Guid for unique temporary password generation> However, if you have a need to generate the temporary password more complex, or in a specific format (including Uppercase/Lowercase/Special Character) or as per your business need. You can use Power Automate as well.
- I have kept Real-Time Workflow and Power Automate Solution On-Demand. Hence, change the trigger point and run it as per your business need.
- Once you import the managed solution (downloaded from git hub) in your Dynamics 365 instance. Real-time Workflow may be available in Draft mode. You need to Activate it after making the configuration as per your organization need.
Hope you find this article useful and helpful to solve your business need.
Stay Tuned for my next #PowerGuideTip15
Cheers