Monday, 22 March 2021

PowerApps - Share Canvas App with External Users



Introduction

Have you ever got a need to share your Canvas App with external organization users? It's a very common business requirement, where you may want to share your app with external users.

For example, You are designing a Canvas App for the Sales Person who works in your organization. However, there are some users like external business partners, vendors, contractors, etc who are not actually part of your organization but they still work for you, and therefore you want them to access your canvas apps.

There are various organizations like Uber, Amazon, Subway, Macdonald, etc who work in the same fashion. They not only work with the users who are part of their organization but also work with their vendors and partners as well.

Today, I am going to share #PowerGuide28 where you'll learn how to share your app with external organization users using the Azure AD B2B collaboration.


What is Azure AD B2B?

Azure Active Directory (Azure AD) business-to-business (B2B) collaboration is a feature within External Identities that lets you invite guest users to collaborate with your organization. With B2B collaboration, you can securely share your company's applications and services with guest users from any other organization, while maintaining control over your own corporate data. Work safely and securely with external partners, large or small, even if they don't have Azure AD or an IT department.
A simple invitation and redemption process lets partners use their own credentials to access your company's resources.

With Azure AD B2B, the partner uses their own identity management solution, so there is no external administrative overhead for your organization. Guest users sign in to your apps and services with their own work, school, or social identities.
  • The partner uses their own identities and credentials; Azure AD is not required.
  • You don't need to manage external accounts or passwords.
  • You don't need to sync accounts or manage account lifecycles.

Pre-Requisites
  • Azure Active Directory  Subscription (Trial is also fine)
  • Power Platform Environment (Trial is also fine)
  • Canvas App (create a new app or use an existing one that you want to share with external users)

Solution Design


Implementation Steps

Go to Azure Portal https://portal.azure.com and Open Active Directory.



Click on Users from the left panel




Click on + New guest User


Choose the Invite user option and fill out all external user details to whom you want to share the canvas app. and hit the Invite button





Open newly created guest user


Click on Licenses from the left panel.


Click on +Assignments and assign an appropriate license to the guest user.


Go to https://make.powerapps.com and share the canvas app with the guest user.



Important Note: Guests can only be assigned the User role, and not the Co-owner role, for apps shared with them. That means, they cant edit the app, they can only run the app.


Test and Demo

Open the invitation email and Accept the Invitation.



Open the app that is being shared with you.




Considerations and limitations for guest access
  • Guests can only be assigned the User role, and not the Co-owner role, for apps shared with them.
  • Power Apps can't recognize guests that authenticate by using Azure AD direct federation or email one-time passcode authentication.
  • Power Apps per-app plans are scoped to apps in a specific environment, so they can't be recognized across tenants.

Useful Resources





Hope you found this Tip helpful

Stay tuned for #PowerGuideTip29

Cheers

4 comments:

  1. Thanks for such a valuable and information keep sharing !if you want best auditors bangalore ca firms bangalore click on it

    ReplyDelete
  2. Special thanks to (hackingsetting50@gmail.com) for exposing my cheating husband. Right with me i got a lot of evidences and proofs that shows that my husband is a fuck boy and as well a cheater ranging from his text messages, call logs, whats-app messages, deleted messages and many more, All thanks to

    (hackingsetting50@gmail.com), if not for him i will never know what has been going on for a long time.

    Contact him now and thank me later.

    ReplyDelete

Blogger Widgets