Introduction
Hello Everyone,
Hope you all are staying safe and healthy.
Today, I am going to share a very useful #PowerGuideTip14 related to PowerApps Portals Authentication, which will help you to design a process, where you require to automate your PowerApps Portals Authentication.
You might know, Portal Users has following ways to access PowerApps Portals:
Local Authentication: User hits the Portal URL in browser > Register and Can start accessing the Portals through their chosen Username and Password.
External Authentication: User hits the Portal URL in browser > Register through either Social Media Accounts, Azure AD, B2C, B2B account and can start accessing the Portals.
In both the type of authentications, any type of audience is allowed to Register and Start accessing the Portal. However, sometimes you want to restrict your Portal traffic and want to allow accessing the Portal to the Invited users only.
Here comes, the Portal Invitation Process.
Portal Invitation is the process where your organisation decides, who'll access the portal by sending the personal email invitation.
Now, this invitation could be sent to either New Users or your Existing Users (Contacts).
You can have a look at this article to know more about the PowerApps Portal Invitation process.
While sending the Portal Invitation there might be a business need where you might require to send Autogenerated Username and Temporary Password. So today in this article, I am going to share the solution of the same.
Requirement
1. Send Autogenerated Username and Password to the Portals Invited Users.
2. Redirect User to Password Reset Page immediately after the successful login.
Local Authentication
Solution
I have designed a Real-Time Workflow (that you can download from my Git Hub repo) to auto-generate the username and password for the portal users. You can update the workflow steps as per your business need.
Solution Component
Workflow Name: Portals - Auto Generate Username and Password
Trigger Point: On-demand (configure the trigger point as per your business need, like on creating of contact record or you can trigger it on the update of any field also)
Scope: Organisation
Type: Real-Time
This workflow has 4 steps
Step 1- Generate a Unique Temporary Password (OOB Custom Workflow of AdxStudio)
Step 2 - Update Contact record with relevant information, that is required to access the Portals. Like
- Turn On the Login Enabled and Lockout Enabled Field.
- Copy email address from the Email (emailaddress1) field to the Username field
Step 3 - Update the uniquely generated password (Step1) in the Contact record in the Hash format. (OOB Custom Workflow of AdxStudio)
Step 4 - Generate a Security Stamp, which is mandatory to be generated for the generated password and portal login (OOB Custom Workflow of AdxStudio)
Step 5 - Send an Email to User with Username and Password
Pre-requisites to use the solution
- You need to have PowerApps Portal installed (any portal type) in your Dynamics 365 Instance.
- Managed Solution (Download it from my Git Hub Repo).
Dynamics 365:
- Import the Managed Solution downloaded from Git Hub
- Open any existing Contact record (must have unique emailaddress)
- Go To the Flow from the Ribbon Bar
- Choose Portals - Auto Generate Username and Password workflow from the list
- Provide the confirmation
- Open the Portal Contact form > Go to Web Authentication Tab.
- You'll see the portal authentication-related information has got updated on the form.
- Check the email or can directly open the email record from Timeline.
- You'll see the Username (email address) and a temporary password has got generated.
PowerApps Portal:
- Hit the Portal URL in the browser.
- Enter the username and password received in the email
- Once logged In successfully, you'll be redirected to Password Reset Page, where you can reset the password as per your wish.
Note: In order to redirect the user to the Password Reset page immediately after the login, I have written the following script on the Profile Webpage. However, you need to call this code only the first time after the login, not every time. Otherwise, every time when user tried to open the profile page, it'll take the user to the Password Reset page,
May be to do that, you can create a custom field (two option) on Contact entity and update its values to true, as soon as user resets the password (can update the field in OOB Action called- 'Send Password Reset To Contact') and in your Profile webpage, you can put the condition:
If {{user/ firstlogin != 'true'}}
{
window.location.href='/en-US/Account/Manage/ChangePassword/'
}
Live Demo
External Authentication
For External Authentication, if you are allowing customers to register/login on Portal through their Social Media accounts like Yahoo, Gmail, LinkedIn, Twitter, Facebook, etc. Then there is no need to send the autogenerated username and password. Because they already have their username and password for all their social media account.
However, for Azure AD B2C and Azure AD B2B authentication. You need to create the guest user account in your Azure Active Directory. In the normal process, the User chooses Azure AD B2C as a Login option, Sign Up in Azure AD B2C, and then log in to PowerApps Portal. This created a guest user in your Azure AD tenant.
However, if you don't want to allow external users to register on the portal through Azure AD B2C and only want to allow when you send them the invitation then you might need to generate username and password in Azure AD.
Can check this article for more details about Azure AD B2C setup in PowerApps Portals.
In order to automatically create a user in Azure AD B2C, you have only two options available.
either uses Microsoft Graph API or use the Powershell command. As I am always in favour of Low Cede No Code solution, hence I would recommend going with Microsoft Graph API.
Microsoft Graph API can also be triggered based on your business need either through Power Automate or C# code.
I have provided a Power Automate solution that automatically creates a Guest User (Azure AD B2C) in your Azure AD tenant along with Username and Password and sends them the invitation as well.
Pre-Requisites
In order to use this Power Automate Solution, you need to consider following pre-requisites
- Appropriate License to use Power Automate
- Download my Power Automate solution from Git Hub Repository.
- Azure AD B2C setup in Azure and Portals both. Can check this article for more details.
- Trigger Point to trigger the Power Automate solution. I have kept my Power Automate trigger is Manual, however you can trigger it as per your business need)
Usage Steps
- Import the Power Automate Solution downloaded from Git Hub
- Update the Azure AD configurations like Clientid, Secret Key, Tenant ID etc
- Change the Power Automate Trigger as per your business need.
- Run the Power Automate
To know everything about Microsoft Graph API, it's setup, and how to call it using Power Automate, Please check my following article and can watch my 365 Saturday session recording as well.
Demo
Git Hub Repository
Local Authentication - Autogenerate Username & Password
https://github.com/arpitdynamics/Dynamics365Code/blob/master/PortalLocalAutogenerateUsernamePassword_1_0_0_0_managed.zip
Azure AD B2C Authentication - Autogenerate Username & Password
https://github.com/arpitdynamics/Dynamics365Code/blob/master/Portals-AzureADB2CAutogenerateUsername%26Password_20200713142409.zip
Important Points
- This article is just a guidance to autogenerate username & password, I am using contact record Guid for unique temporary password generation> However, if you have a need to generate the temporary password more complex, or in a specific format (including Uppercase/Lowercase/Special Character) or as per your business need. You can use Power Automate as well.
- I have kept Real-Time Workflow and Power Automate Solution On-Demand. Hence, change the trigger point and run it as per your business need.
- Once you import the managed solution (downloaded from git hub) in your Dynamics 365 instance. Real-time Workflow may be available in Draft mode. You need to Activate it after making the configuration as per your organization need.
Hope you find this article useful and helpful to solve your business need.
Stay Tuned for my next #PowerGuideTip15
Cheers
Hi Arpit, I have followed your steps for Local authentication. I don't see the workflow which you have mentioned. But, i have imported your managed solution. Please help me.
ReplyDeleteOnce you import the solution, you must seen a new workflow added in your existing workflow list.
DeleteNote: It may be possible that workflow is available in draft mode. You may need to configure as per your instance/user configuration.
Hope it helps
Thanks
Yes. you are correct. my workflow was in draft status and did modification as per my requirement. Awesome work by you. great. thaks a lot.
DeleteHi Arpit,
ReplyDeleteThank you so much for the work and effort you put into this blog, it has helped me endlessly! There's just one section I can't get working, redirecting the user to the Change Password screen when logging in using the generated credentials.
I created the two option field for managing this process as suggested but I do not know where to provide the custom JavaScript or how to access the value of this field using JavaScript. I've tried placing some sample code in the Custom JavaScript option within the Profile Web Page entity record but this is not working.
Would you please be able to provide the sample code for this functionality, or even highlight how I can access the name of the two option field I created.
Thank you!
Wow, that was strange. I just wrote a really long comment but after I clicked submit my comment didn't show up. Grrrr... well, I'm not writing all that over again. Anyways, just wanted to say fantastic blog!
ReplyDeletecash for cars brisbane
cash for cars gold coast
cash for cars sydney
cash for cars Ipswich
This comment has been removed by the author.
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteExcellent post, its amazing that its necessary really but it is. I think Iarfhlaith's point about bigger buttons attracting more comments is very true. I'm subtle that way.
ReplyDeletecash for cars ipswich
sell your car Ipswich
Cash for cars Adelaide is a convenient and rewarding option for you to sell your car. You can sell your used, scrap, unwanted or broken car almost immediately. There are many ways you can use this cash for cars Adelaide' options such as selling your car towing services, private traders, car auctions, online dealerships etc.
ReplyDeleteRegard: cars for cash adelaide
I used to be able to find good info from your blog posts.
ReplyDeletecash for cars ipswich
ipswich cash for cars
Wonderful post! We are linking to this great article on our site. Keep up the good writing.
ReplyDeleteskip bin hire ipswich
skip bins ipswich
I couldn’t resist commenting. Exceptionally well written!
ReplyDeletecash for cars QLD
QLD cash for cars
Saved as a favorite, I really like your web site!
ReplyDeletebroken car removal
scrap car removal brisbane
Excellent blog! Are you looking for Used car buyer, Old car buyer
ReplyDelete