Category Archives: PowerApps

Portal Authentication using External Identity Provider

06 Thursday Feb 2020

Posted by in Dynamics 365 CE Online, Dynamics 365 Portals, Power Platform, PowerApps, Uncategorized

1 Comment

Tags

In the article we looked at aspects of Portal Authentication in the following section explains use of third-party identity providers for Portal Authentication.

External authentication using third-party identity providers use OAuth 2.0 protocol to grant access. First we briefly look at underlying concepts of OAuth 2.0.

OAuth 2.0 is a protocol that provides a user with limited access to resources on site. Access Tokens in string format hold the permissions granted to a user to access the resource.  The access tokens are generated in JSON Web Token (JWT) format the three parts of JWT include:

  • Header: Containing metadata about token and cryptographic algorithm
  • Payload: Set of claims, expiration time
  • Signature: Used for token validation

More information about OAuth 2.0 can be obtained from  here. In the context of Dynamics 365 CE portals (power apps portals) the supported Identity Providers (IDP’s) that use OAuth 2.0 are listed here

For demonstration the portal url that will be used is https://spaceflight.powerappsportals.com this is portal provisioned on Dynamics 365 CE Instance.

Consider we want to use Google as third-party identity provider the high level the steps are:

  • Register application
  • Obtain “Client ID” and “Client Secret” pair after registration
  • Configure Client ID and Client Secret in portal site settings to establish secure connection

Registering Application

Logon on GoogleDeveloperConsole here and create a new project

ExternalIDP1

ExternalIDP2

ExternalIDP3

Once the project is successfully created click on “Create Credentials” and choose OAuth client ID as we require “Client ID” & “Client Secret” that are to be used in portal settings

ExternalIDP4

You will be prompted to set a product name on consent screen

ExternalIDP6

ExternalIDP7

In the OAuth consent screen enter the application details

ExternalIDP8

After OAuth consent details are set (this step is kind of similar to what one would do while setting up ADFS Relying Party Trust) select Application Type > Web application

ExternalIDP9

At this stage Client ID and Client Secret will be generated

ExternalIDP10

The above two can always be retrieved from:

ExternalIDP11

ExternalIDP12

There is an option to download the settings as a JSON file.

After the preceding steps above we have essentially set up our portal as a Relying Party and got a reference to Client ID and Client Secret that OAuth 2.0 generates and these now need to be referenced in Portal settings.

ExternalIDP13

ExternalIDP14

The existing OAuth 2.0 providers will be listed as per below

ExternalIDP15

For Google to be used as identity provider add the following OpenIdConnect settings more information can be found here

ExternalIDP16

As a final step Restart the portal from PowerApps Portals admin center

ExternalIDP17

 

Once restart is complete accessing the portal should display Google as the external identity provider

ExternalIDP18

In the next article we will register a external user and login into portal using Google as identity provider.

Portals using PowerApps

23 Thursday Jan 2020

Posted by in Dynamics 365 CE Online, PowerApps

Leave a comment

Tags

, ,

Portals provide a UI for end users to interact with Dynamics 365 data. Previously Dynamics 365 portal was an add-on in an instance that was needed to be installed and configured under Applications

Portal1

Now portals are available within Power Apps here

Portal2

 

The Environments map to the instances and a portal can be created from the template available “Portal from blank” enter the name, address, and click on Create. Once provisioned it will be listed in the Apps grid

Portal3

The portal can be edited from the context menu

Portal4

What this will translate to in Dynamics 365 is an installation of series of Managed solutions in the Instance

Portal5