You’re offline. This is a read only version of the page.
11
I've inherited a Power Apps Portal with the Azure Active Directory Identity provider enabled. We want users from our own AAD tenant to be able to authenticate, but not users from any other AAD tenant. Right now, anyone can enter in credentials from any AAD tenant and get into the portal to register their user.
For more context here's the current login flow: User goes to site.powerappsportals.com, clicks on Sign In, Clicks on the "Azure AD" sign in button. They're brought to our Tenant's AAD sign in screen (it has our background image), and they can enter in any AAD tenant account and authenticate.
Thanks for any thoughts on how to limit this to our own tenant.
Hi @Jinseng ,
When you create a power apps portal it register the application in "Azure App Registrations" as a "CRM Portals"
1. Login to https://portal.azure.com/
2. Choose App Registrations > Owned Applications > You can see the CRM portals if you have created it.
3. Click on the relevant portal registration
4. Under Authentication > Supported Account types> Make sure the first option is selected ( Single tenant only)
5. Once this option is enabled > You need to clear the cache by going in to the following URL:
https://Yourportal.powerappsportals.com/_services/about ( as a Admin )
6. In portal studio > Do the sync configuration.
and finally make sure you have not added any of the domain you mentioned as guest users in Azure AD. May be please have a look at my below post.
PS: If so remove all the external domain users from Guest and re do the steps from 1 to 5.
Hope it helps.
------------
If you like this post, give a Thumbs up. Where it solved your request, Mark it as a Solution to enable other users find it.
Silly question but are you sure they are signing in using the Azure AD option? or are they clicking on the Register tab/button and writing a username/pwd?
All,
I'll call our AAD Tenant MyCompany.com. The portal is being used as an internal HelpDesk ticket creation and tracking tool. Employees of MyCompany.com sign in with their AAD credentials, add some information to their profile, and then create and track Internal IT helpdesk tickets. Filling out a profile creates a Contact in CE that all their cases are connected to.
We thought that login was restricted to just MyCompany.com since we never set up any B2B authentication. But we tested again recently with OtherCompany.com, ThirdCompany.com, BobsCompany.com and all are able to authenticate and create a profile.
The only identity provider enabled is Azure Active Directory. I feel like there must be a simple setting somewhere and it was missed or misconfigured, but I haven't worked with this before so I'm not sure where to look.
You should actually get the below message when trying to sign-in via a different Azure domain.
by any chance did you setup any trust (B2B) between these Azure Tenants?
@Jinseng how do you like to restrict with examples? it will help us to understand your requirement. @ragavanrajan
Hope this post helps!
If you like this post, give a "Thumbs up". Where it solved your request, Mark it as a "Solution" to help other users to find it.
Many Thanks!
Maniraj.
Connect Me: LinkedIn
#1
Lucas001
60
Super User 2025 Season 1
#2
Fubar
55
Super User 2025 Season 1
#3
surya narayanan
35
Share
Report
All responses (
Answers (
