Only allow certain domains to register

(0) Share

Report

Posted on by Community Power Pla...

Greetings,

I was wondering if it is possible to only allow certain domains to register in a power portal.

For example:

john@contoso.com is allowed to register, but john@example.com is not allowed to.

Thanks in advance!

Kind regards,

Derk

Categories:

Power Apps portals

I have the same question (0)

All responses (5)

Answers (1)

OOlashyn 3,496 Most Valuable Professional on at

Like (2)

Report

Hi @Anonymous ,

Can you tell what type of authentication are you using on your portal? Is it local or you are using custom provider? As far as I know there is no setting that allow you to do this with custom development. If you are using local authentication I assume you can do it by creating a Dataverse plugin that will run synchronously on creation and if email of the contact is wrong throw an error thus interrupting registration process. If you are using custom provider this approach might also be applicable, but it would be better to handle on the provider side.

Was this reply helpful? Yes No
Community Power Pla... on at

Like (0)

Report

Hi OOLashyn,

Thanks for your reply! We are not using a provider yet, since we are looking for the best solution. We are open to options, though it is preferred if the provider does not charge extra on top of the costs of the portal.

You suggested using the local authentication with a Dataverse plugin. Will the local auth option be removed soon, seeing that it is deprecated here: https://docs.microsoft.com/en-us/powerapps/maker/portals/configure/set-authentication-identity?

Thanks for the trouble!

Kind regards,
Derk

Was this reply helpful? Yes No
Verified answer

justinburch Microsoft Employee on at

Like (3)

Report
Hi @Anonymous,

Local accounts won't necessarily be removed "soon," but last I heard it definitely will be at some point.
One way that I've had teams workaround this is through a rather complicated custom effort:
Replace the Sign In button with a custom dialog to accept the email address
User inputs the email address
Logic Runs against whitelist
If whitelisted, continue to login page (typically Azure AD or B2C), else show error
In the event the user finds the login page anyway, e.g., through checking the site source...
Ensure Contacts require a Web Role - i.e., do not grant permissions to the 'Authenticated' Web Role
Optional: Have a plugin/Power Automate/etc. validate against the same white list and grant an expected Web Role
Note that this can cause some delay in the user seeing data. We've also used this same method if we needed to split providers and didn't just want to show users their own options as most are open registration - e.g., external (Azure B2C) and internal (Azure AD).

Was this reply helpful? Yes No
Pranjali on at

Like (1)

Report

Hello @Anonymous ,

As mentioned by @justinburch and @OOlashyn you can choose to let customer register and have a custom plugin in place to validate their domain or you can also use the invitation based registration.

Considering you haven't yet decided on the provider, for the meantime, you can explore invitation based registration [ https://docs.microsoft.com/en-us/powerapps/maker/portals/configure/invite-contacts ]and hide the default register page on your Portal.

Cheers,

Pranjali

Was this reply helpful? Yes No
Community Power Pla... on at

Like (1)

Report

Hi @Pranjali, @justinburch, @OOlashyn,

Thank you all for your help! I decided on using the local auth with some javascript that replaces the register form, linking to a flow that checks if the domain is allowed to register. The only problem I'm currently running into, is sending a confirmation e-mail. The confirmation e-mail sending process returns an error, so I will look into that now.

I used parts of Arpit's answer here:

https://community.dynamics.com/crm/f/microsoft-dynamics-crm-forum/263073/customizing-the-registration-crm-portal-registration-page

Kind regards,
Derk

Was this reply helpful? Yes No