Monday, 13 July 2020

PowerApps Portals - Send Auto Generated Username & Password to Invited Portal Users





Introduction

Hello Everyone,

Hope you all are staying safe and healthy.

Today, I am going to share a very useful #PowerGuideTip14 related to PowerApps Portals Authentication, which will help you to design a process, where you require to automate your PowerApps Portals Authentication.

You might know, Portal Users has following ways to access PowerApps Portals:

Local Authentication: User hits the Portal URL in browser > Register and Can start accessing the Portals through their chosen Username and Password.

External Authentication: User hits the Portal URL in browser > Register through either Social Media Accounts, Azure AD, B2C, B2B account and can start accessing the Portals.

In both the type of authentications, any type of audience is allowed to Register and Start accessing the Portal. However, sometimes you want to restrict your Portal traffic and want to allow accessing the Portal to the Invited users only.

Here comes, the Portal Invitation Process.

Portal Invitation is the process where your organisation decides, who'll access the portal by sending the personal email invitation.

Now, this invitation could be sent to either New Users or your Existing Users (Contacts).

You can have a look at this article to know more about the PowerApps Portal Invitation process.

While sending the Portal Invitation there might be a business need where you might require to send Autogenerated Username and Temporary Password. So today in this article, I am going to share the solution of the same.

Requirement

1. Send Autogenerated Username and Password to the Portals Invited Users.
2. Redirect User to Password Reset Page immediately after the successful login.

Local Authentication

Solution

I have designed a Real-Time Workflow (that you can download from my Git Hub repo) to auto-generate the username and password for the portal users. You can update the workflow steps as per your business need.

Solution Component

Workflow Name: Portals - Auto Generate Username and Password
Trigger Point: On-demand (configure the trigger point as per your business need, like on creating of contact record or you can trigger it on the update of any field also)
Scope: Organisation
Type: Real-Time

This workflow has 4 steps

Step 1- Generate a Unique Temporary Password (OOB Custom Workflow of AdxStudio)
Step 2 - Update Contact record with relevant information, that is required to access the Portals. Like

  • Turn On the Login Enabled and Lockout Enabled Field.
  • Copy email address from the Email (emailaddress1) field to the Username field

Step 3 - Update the uniquely generated password (Step1) in the Contact record in the Hash format. (OOB Custom Workflow of AdxStudio)
Step 4 - Generate a Security Stamp, which is mandatory to be generated for the generated password and portal login (OOB Custom Workflow of AdxStudio)
Step 5 - Send an Email to User with Username and Password

Pre-requisites to use the solution

  1. You need to have PowerApps Portal installed (any portal type) in your Dynamics 365 Instance.
  2. Managed Solution (Download it from my Git Hub Repo).
Usage Steps

Dynamics 365:

  1. Import the Managed Solution downloaded from Git Hub
  2. Open any existing Contact record (must have unique emailaddress)
  3. Go To the Flow from the Ribbon Bar
  4. Choose Portals - Auto Generate Username and Password workflow from the list
  5. Provide the confirmation
  6. Open the Portal Contact form > Go to Web Authentication Tab.
  7. You'll see the portal authentication-related information has got updated on the form.
  8. Check the email or can directly open the email record from Timeline.
  9. You'll see the Username (email address) and a temporary password has got generated.
PowerApps Portal:
  1. Hit the Portal URL in the browser.
  2. Enter the username and password received in the email
  3. Once logged In successfully, you'll be redirected to Password Reset Page, where you can reset the password as per your wish.
Note: In order to redirect the user to the Password Reset page immediately after the login, I have written the following script on the Profile Webpage. However, you need to call this code only the first time after the login, not every time. Otherwise, every time when user tried to open the profile page, it'll take the user to the Password Reset page,

May be to do that, you can create a custom field (two option) on Contact entity and update its values to true, as soon as user resets the password (can update the field in OOB Action called- 'Send Password Reset To Contact') and in your Profile webpage, you can put the condition:

If {{user/ firstlogin != 'true'}}
{
window.location.href='/en-US/Account/Manage/ChangePassword/'
}


Live Demo




External Authentication

For External Authentication, if you are allowing customers to register/login on Portal through their Social Media accounts like Yahoo, Gmail, LinkedIn, Twitter, Facebook, etc. Then there is no need to send the autogenerated username and password. Because they already have their username and password for all their social media account.

However, for Azure AD B2C and Azure AD B2B authentication. You need to create the guest user account in your Azure Active Directory. In the normal process, the User chooses Azure AD B2C as a Login option, Sign Up in Azure AD B2C, and then log in to PowerApps Portal. This created a guest user in your Azure AD tenant.

However, if you don't want to allow external users to register on the portal through Azure AD B2C and only want to allow when you send them the invitation then you might need to generate username and password in Azure AD.

Can check this article for more details about Azure AD B2C setup in PowerApps Portals.

In order to automatically create a user in Azure AD B2C, you have only two options available.
either uses Microsoft Graph API or use the Powershell command. As I am always in favour of Low Cede No Code solution, hence I would recommend going with Microsoft Graph API.

Microsoft Graph API can also be triggered based on your business need either through Power Automate or C# code.


I have provided a Power Automate solution that automatically creates a Guest User (Azure AD B2C) in your Azure AD tenant along with Username and Password and sends them the invitation as well.

Pre-Requisites

In order to use this Power Automate Solution, you need to consider following pre-requisites

  1. Appropriate License to use Power Automate
  2. Download my Power Automate solution from Git Hub Repository.
  3. Azure AD B2C setup in Azure and Portals both. Can check this article for more details.
  4. Trigger Point to trigger the Power Automate solution. I have kept my Power Automate trigger is Manual, however you can trigger it as per your business need)


Usage Steps
  1. Import the Power Automate Solution downloaded from Git Hub
  2. Update the Azure AD configurations like Clientid, Secret Key, Tenant ID etc
  3. Change the Power Automate Trigger as per your business need.
  4. Run the Power Automate
To know everything about Microsoft Graph API, it's setup, and how to call it using Power Automate, Please check my following article and can watch my 365 Saturday session recording as well.



Demo




Git Hub Repository

Local Authentication - Autogenerate Username & Password

https://github.com/arpitdynamics/Dynamics365Code/blob/master/PortalLocalAutogenerateUsernamePassword_1_0_0_0_managed.zip

Azure AD B2C Authentication - Autogenerate Username & Password

https://github.com/arpitdynamics/Dynamics365Code/blob/master/Portals-AzureADB2CAutogenerateUsername%26Password_20200713142409.zip


Important Points


  • This article is just a guidance to autogenerate username & password, I am using contact record Guid for unique temporary password generation> However, if you have a need to generate the temporary password more complex, or in a specific format (including Uppercase/Lowercase/Special Character) or as per your business need. You can use Power Automate as well.
  • I have kept Real-Time Workflow and Power Automate Solution On-Demand. Hence, change the trigger point and run it as per your business need.
  • Once you import the managed solution (downloaded from git hub) in your Dynamics 365 instance. Real-time Workflow may be available in Draft mode. You need to Activate it after making the configuration as per your organization need.



Hope you find this article useful and helpful to solve your business need.

Stay Tuned for my next #PowerGuideTip15

Cheers

14 comments:

  1. Hi Arpit, I have followed your steps for Local authentication. I don't see the workflow which you have mentioned. But, i have imported your managed solution. Please help me.

    ReplyDelete
    Replies
    1. Once you import the solution, you must seen a new workflow added in your existing workflow list.

      Note: It may be possible that workflow is available in draft mode. You may need to configure as per your instance/user configuration.

      Hope it helps

      Thanks

      Delete
    2. Yes. you are correct. my workflow was in draft status and did modification as per my requirement. Awesome work by you. great. thaks a lot.

      Delete
  2. Hi Arpit,

    Thank you so much for the work and effort you put into this blog, it has helped me endlessly! There's just one section I can't get working, redirecting the user to the Change Password screen when logging in using the generated credentials.

    I created the two option field for managing this process as suggested but I do not know where to provide the custom JavaScript or how to access the value of this field using JavaScript. I've tried placing some sample code in the Custom JavaScript option within the Profile Web Page entity record but this is not working.

    Would you please be able to provide the sample code for this functionality, or even highlight how I can access the name of the two option field I created.

    Thank you!

    ReplyDelete
  3. Wow, that was strange. I just wrote a really long comment but after I clicked submit my comment didn't show up. Grrrr... well, I'm not writing all that over again. Anyways, just wanted to say fantastic blog!
    cash for cars brisbane
    cash for cars gold coast
    cash for cars sydney
    cash for cars Ipswich

    ReplyDelete
  4. This comment has been removed by the author.

    ReplyDelete
  5. This comment has been removed by the author.

    ReplyDelete
  6. Excellent post, its amazing that its necessary really but it is. I think Iarfhlaith's point about bigger buttons attracting more comments is very true. I'm subtle that way.
    cash for cars ipswich
    sell your car Ipswich

    ReplyDelete
  7. Cash for cars Adelaide is a convenient and rewarding option for you to sell your car. You can sell your used, scrap, unwanted or broken car almost immediately. There are many ways you can use this cash for cars Adelaide' options such as selling your car towing services, private traders, car auctions, online dealerships etc.
    Regard: cars for cash adelaide

    ReplyDelete
  8. I used to be able to find good info from your blog posts.
    cash for cars ipswich
    ipswich cash for cars

    ReplyDelete
  9. Wonderful post! We are linking to this great article on our site. Keep up the good writing.
    skip bin hire ipswich
    skip bins ipswich

    ReplyDelete
  10. I couldn’t resist commenting. Exceptionally well written!
    cash for cars QLD
    QLD cash for cars

    ReplyDelete

Blogger Widgets