Answered

How to set web role to user logined by Google Oauth2

(0) Share

Report

Posted on by Tam5sense

I have followed the above post, and the user can successfully login with google mail. But I want to set permissions for that user using webrole. I guess the users will be managed in the contacts table, but I don't see any google logged in users in the contacts table.

In powerpages, how to set webrole to user logined by google authentication.
https://srinathpega.com/2022/03/25/power-apps-portal-9-portal-authenticationoauth-2-0-with-gmail/

Categories:

Security

I have the same question (0)

All responses (7)

Answers (1)

Saud Ali 812 Super User 2024 Season 1 on at

Like (0)

Report
Copy link

Link copied!

Hi @Tam5sense ,

Have you checked Web Roles tab in contact table? Like by opening you contact, then on Related Tab -> Web Roles?

Thanks,
Saud

If you like this post, give a Thumbs up. Where it solved your request, Mark it as a Solution to enable other users find it.

Was this reply helpful? Yes No
Tam5sense 39 on at

Like (0)

Report
Copy link

Link copied!

The problem is that I don't see any users in the contacts table. Whether the users logged in with sso not be stored and managed in the contacts table?

Was this reply helpful? Yes No
Saud Ali 812 Super User 2024 Season 1 on at

Like (0)

Report
Copy link

Link copied!

Hi @Tam5sense ,

When users log in with SSO, the identity provider (in this case, Google) handles the authentication process and validates the user's credentials. After successful authentication, the identity provider sends back a token to the Power Portal, confirming the user's identity. The portal can use this token to identify the user and grant access accordingly.
In such scenarios, the user's information is not stored within the portal's local contacts table. Instead, the portal relies on the identity provider (Google) to manage and store the user's information. The portal uses the provided identity token to authenticate the user and control their access to specific portal resources.

Thanks,
Saud

If you like this post, give a Thumbs up. Where it solved your request, Mark it as a Solution to enable other users find it.

Was this reply helpful? Yes No
Tam5sense 39 on at

Like (1)

Report
Copy link

Link copied!

thanks for your answer. So is there any way I can authorate for users logged in by sso? (Seem like set webrole to user in the contacts table)

Was this reply helpful? Yes No
Saud Ali 812 Super User 2024 Season 1 on at

Like (0)

Report
Copy link

Link copied!
Hi @Tam5sense ,

It's important to note that the implementation details for SSO and user authorization in a Power Portal can vary depending on the identity provider you are using (Google in this case) and the specific setup of your portal. The Power Platform provides various authentication and authorization options, and you may need to use custom code or plugins to integrate with your chosen identity provider.

Here's a general outline of the steps to authorize users logged in with SSO:
Obtain the Identity Provider Token: When a user logs in with SSO, the identity provider will send an authentication token back to the portal. The portal can validate this token to ensure its authenticity and extract user information from it.
Extract User Attributes: From the identity provider token, you can extract relevant user attributes, such as the user's email, unique identifier, roles, or any custom claims.
Map User Attributes to Portal Roles: Once you have the user attributes, you can map them to specific roles or permissions within the portal. For example, you can assign users with a specific role, such as "Customer" or "Admin," based on their attributes.
Set Portal Roles or Permissions: Use the mapped user attributes to set the appropriate roles or permissions for the user within the portal. Depending on your Power Portal configuration, this may involve updating user records in the contacts table or using other mechanisms to manage user roles.
Implement Authorization Logic: Throughout your portal, you can implement authorization logic to control access to certain pages, content, or functionality based on the user's assigned roles or permissions.
For more information, please follow below link.

https://learn.microsoft.com/en-us/office/dev/add-ins/develop/use-sso-to-get-office-signed-in-user-token?tabs=vs2019#run-the-add-in

Thanks,
Saud

If you like this post, give a Thumbs up. Where it solved your request, Mark it as a Solution to enable other users find it.

Was this reply helpful? Yes No
Verified answer

Fubar 8,487 Super User 2026 Season 1 on at

Like (0)

Report
Copy link

Link copied!

Your Portal User will have a Contact record in Dataverse, if claims mapping is not setup correctly or you are not forcing them to complete the Portals Profile Page you may find the Contact record has no name fields populated.

External Identity providers are linked to the Contact via a Table: External Identities (note: it is possible to have multiple identities eg. if you have setup multiple providers one Contact could technically have multiple such as one for Facebook and another for Google and another for Azure AD). Technically you could trigger a real-time workflow or plugin on create of external identity and assign a Web Role (if you don't have an existing custom workflow activity or Action to assign a Web Role you would need to find one or code it yourself), but they may not get instantaneous access to the Table Permissions in the Web Role due to the Portals Caching mechanism.

Was this reply helpful? Yes No
Tam5sense 39 on at

Like (0)

Report
Copy link

Link copied!

Sorry for my stupidity, I saw google login user in contact table. Simply click on the active contacts tab

Was this reply helpful? Yes No