Skip to main content

Notifications

Power Pages - Security
Suggested answer

Power pages website for large number of internal users

Like (0) ShareShare
ReportReport
Posted on 13 Jan 2025 10:51:48 by

I am exploring security options for a Power Pages (+ Dataverse) website that will be accessed exclusively by my organization's internal users (on Azure AD). The website will serve two primary groups:

  1. A majority of users (500+) will use the website to submit tickets.
  2. A smaller group (200+) will use the website to take actions on those tickets.

I would appreciate insights and best practices on the following topics:

  1. Authentication: Since the website will need to be accessed by more than 50 organizational users, it appears the site visibility must be set to "Public." If this is correct, what are the available options and best practices to:

    • Restrict access to a predefined set of internal users in the organization's Azure AD?
    • Prevent access to website guests or unauthenticated users?
      (Note: I think there is 50-user limit for granting access to Private websites.)
  2. Registration: Is it possible to pre-register users along with their web roles, rather than requiring them to self-register? (Note: The website will have users assigned to three different roles.)

  3. Roles and Authorization: Will it be necessary to replicate the web-role security permissions in Dataverse roles, or is there a better approach?

Thanks in advance for your guidance!

 
 
Categories:
  • Lucas001 Profile Picture
    Lucas001 2,085 on 16 Jan 2025 at 06:14:16
    Power pages website for large number of internal users
    Hi,
     
    as you are not mentioning that the also have to work in the backend.
    Use a PowerAutomate Flow to get the teams with the respected security settings and assign the needed webrole.
    This way you can make the needed pages available for each user group.
  • Suggested answer
    SaiRT14 Profile Picture
    SaiRT14 1,770 on 14 Jan 2025 at 21:32:30
    Power pages website for large number of internal users
     
    Authentication - Use Azure AD as the identity provider and enforce access policies for specific user groups.
    User Management - Pre-register users in Dataverse with mapped roles using Power Automate or Excel import.
    Authorization - Configure both Web Roles and Dataverse Security Roles with minimal required permissions.
    Security - Enable session timeouts, logging, and auditing to track and secure access.
     
    thanks

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

End of Year Newsletter…

End of Year Community Newsletter…

Tuesday Tip #12 Start your Super User…

Welcome to a brand new series, Tuesday Tips…

Tuesday Tip #11 New Opportunities…

Welcome to a brand new series, Tuesday Tips…

Leaderboard

#1
WarrenBelz Profile Picture

WarrenBelz 144,654

#2
RandyHayes Profile Picture

RandyHayes 76,287

#3
Pstork1 Profile Picture

Pstork1 64,440

Leaderboard

Featured topics

Loading started