web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

Welcome to the Power Platform Communities
🚀 Season of Sharing Community Challenge Launch!
Ask A Community Pro - Series II
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Pages / Syncing an existing co...
Power Pages
Answered

Syncing an existing contact on CRM CE to AD in order to allow portal access

(0) ShareShare
ReportReport
Posted on by LuckyTeckani 41

Scenario - 

A project I am working on has over 1000 registered contacts on dynamics CRM CE. We are rolling out a self-service portal to all of these contacts. Now normally, if it were a new portal user, they could just go to the Azure sign-in page and register on the portal.  However, these contacts already have AD registration done as a part of an existing domain and we need to ensure that the contact history is maintained so we can't just create a new contact and instead have to map their existing contact from Dynamics CE to the existing AD credentials.

 

My understanding of how portal contacts work is limited at best but what I know for sure is that during the AD login the portal will search for existing contacts in CRM to see if any user name field on Contact table in CE matches the registered email or the GUID of the AD credential of the login. If no matching contact is found then it creates a new contact in CRM and assign it to the AD login. This is only applicable to active contacts. So if a valid contact is deactivated, portal will just go and create a new contact and assign the AD login to that contact. I tried working around this issue by overwriting the fields from a new contact after the first AD portal login but this doesn't seem to work even if everything matches for both contacts. In this scenario I keep getting the error that the email id and user name are taken.

 

So far I have searched Microsoft documentation for syncing contacts between D365 and AD but only references I could find online are for flows to copy an AD contact to Dynamics 365 CE/F&O or vice versa.

 

Any suggestions please?

 

 

 

Categories:
Power Apps portals
I have the same question (0)
  • Verified answer
    Christian Leverenz Profile Picture
    Christian Leverenz 1,214 on at

    Hi @LuckyT ,

    external identies are linked to the contacts with the table, well, "External Identity" 🙂 .

    So, for external users you enable external login globally and state your AD as a loginprovider (see the documentation for details, but i think you already have it).

    Then you create for each contact you like to have AD-driven acess an entry in the external identity table with the reference to the contact, the id of the external provider (in my case something like https://sts.windows.net/01234567-89ab-cdef-0123-aaaabbbbcccc ) , the external userid (the objectid from the AD) as the username (usually a guid).

    When an external login is made to the portal, the portal looks in the extrnal identiy for a mathcing entry for the provider and the username and logs in that contact.

     

    Give it a try. I did it manually and it worked and we use this also in customerprojects (even, if it is not documented as far as i know and so it could be unsupported 🙂 )

     

    The only challenge you have is to match the AD-users with the contacts. This is usually done by using the email, but it can give you quite a good headache 😞

     

    Hope this helps,

      Christian

  • Christian Leverenz Profile Picture
    Christian Leverenz 1,214 on at

    Ah, just came to my mind @LuckyT :

    you can also give the users a standard login for the portal and ask them to link their account to the AD-account.

    As you have to send them information about the new portal they could do it by themselves.

    I am not sure whether this also works when they redeem an invitation. may be other people here know this.

    Cheers,

      Christian

  • LuckyTeckani Profile Picture
    LuckyTeckani 41 on at

    😀Thanks @chleverenz .

    This was exactly what I was looking for.

    I fully agree with the undocumented part. But seeing as this is something that is a very common occurrence for projects, I don't see any other option but to go ahead with this approach.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities
🚀 Season of Sharing Community Challenge Launch!
Ask A Community Pro - Series II

Quick Links

Season of Sharing Community Challenge Launch!

Jump in, show your community spirit, and win prizes!

Kudos to our 2025 Community Spotlight Honorees

Expanding mentorship, skilling, and AI innovation

Congratulations to the May Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Pages

#1
11manish Profile Picture

11manish 42

#2
omkarsupreme Profile Picture

omkarsupreme 37

#3
Valantis Profile Picture

Valantis 35

Last 30 days Overall leaderboard

Featured topics

Solution to LinkedIn Authentication in Power Apps Portals
Welcome to the Power Pages forum!

Product updates

Microsoft Power Platform Community release plans