Introduction:
Welcome to the Power Guide Blog series. Hope you all are doing great and staying safe!
In the past few days, I have got several queries regarding controlling the PowerApps Portal access to a particular group/subsidiaries or business unit.
Let's understand this with the help of the following business use case.
As we all know that PowerApps Portal supports Azure AD authentication, which allows all Azure AD users to directly login to the portal without being registered on the portal. However, sometimes we want to restrict portal access only to a specific group of users instead of all Azure AD users.
For example, Power Guide is an organization that has two departments let say: Helpdesk and HR Department. The helpdesk department has around 50 support agents who need PowerApps Portals access to handle queries and resolution of tickets. However, the HR department requires to have access only to Microsoft Teams. Now, If the organization wants to give portal access only to the Helpdesk department, not to the HR department then how can you handle that scenario?
In this article, I will share PowerGuideTip27 and will tell you a tip to handle such scenarios using Azure AD Conditional Access Policies.
What is Azure AD Conditional Access
Check this article to know about Microsoft's Azure AD Conditional Access.
Pre Requisites:
- Azure AD Subscription (Trial is also fine)
- Dynamics 365 License (Trial is also fine)
- PowerApps Portals (of any type)
Implementations Steps:
1. Create a Dynamics 365 Free Trial.
2. Create a trial (subscription-based) environment in the Power Platform admin center.
3. Install PowerApps Portal (ignore if you already have). Click here for the installation steps.
4. Configure Azure AD Conditional Access Policy.
2. Create a trial (subscription-based) environment in the Power Platform admin center.
3. Install PowerApps Portal (ignore if you already have). Click here for the installation steps.
4. Configure Azure AD Conditional Access Policy.
Step 1: Go to https://portal.azure.com/ and sign with your Dynamics 365 trial credentials
Note: Make sure you have Global Administrator rights.
Step 2: Click on View under Manage Azure Active Directory.
Step 3: Click on Properties
Step 4: Click on Manage Security defaults
Note: if the + New Policy option is disabled, that means you don't have an Azure AD Premium P2 subscription. Click on the -> arrow and Activate it.
Include - Users whom you want to restrict from accessing the portal
Exclude - User whom you want to give access to the portal
Under Include > Select users and groups > choose Users and group checkbox > Search the user or group that you want to keep out of this policy and then Select to add them in the Include list.
Under Exclude > Select users and groups > choose Users and group checkbox > Search the user or group that you want to keep out of this policy and then Select to add them in the Exclude list.
Note: If you have fewer users, then you can search and choose them individually from the list, otherwise create a security group, add all these users in that group and then search the group name and choose the group from the list. By doing that, this policy will be applied to all the members of that particular group.
Click on Include and Choose Select apps.
Search and choose all those apps that you want to restrict and apply this policy to.
Since we want to restrict only PowerApps Portal, therefore we will search Microsoft CRM Portals and add only that to the Include list.
Similarly, if you also want to restrict PowerApps and Power Automate then you can search for PowerApps and Microsoft Flow app respectively, and add them too to the include list
Test and Demo
Hope you found this PowerGuideTip helpful.
Stay tuned for the next interesting Power Guide Tip.
Cheers.
No comments:
Post a Comment