Skip to main content

Notifications

Power Pages - Security
Suggested answer

Power pages website for large number of internal users

(0) ShareShare
ReportReport
Posted on by

I am exploring security options for a Power Pages (+ Dataverse) website that will be accessed exclusively by my organization's internal users (on Azure AD). The website will serve two primary groups:

  1. A majority of users (500+) will use the website to submit tickets.
  2. A smaller group (200+) will use the website to take actions on those tickets.

I would appreciate insights and best practices on the following topics:

  1. Authentication: Since the website will need to be accessed by more than 50 organizational users, it appears the site visibility must be set to "Public." If this is correct, what are the available options and best practices to:

    • Restrict access to a predefined set of internal users in the organization's Azure AD?
    • Prevent access to website guests or unauthenticated users?
      (Note: I think there is 50-user limit for granting access to Private websites.)
  2. Registration: Is it possible to pre-register users along with their web roles, rather than requiring them to self-register? (Note: The website will have users assigned to three different roles.)

  3. Roles and Authorization: Will it be necessary to replicate the web-role security permissions in Dataverse roles, or is there a better approach?

Thanks in advance for your guidance!

 
 
Categories:
  • Lucas001 Profile Picture
    Lucas001 2,089 on at
    Power pages website for large number of internal users
    Hi,
     
    as you are not mentioning that the also have to work in the backend.
    Use a PowerAutomate Flow to get the teams with the respected security settings and assign the needed webrole.
    This way you can make the needed pages available for each user group.
  • Suggested answer
    SaiRT14 Profile Picture
    SaiRT14 1,926 on at
    Power pages website for large number of internal users
     
    Authentication - Use Azure AD as the identity provider and enforce access policies for specific user groups.
    User Management - Pre-register users in Dataverse with mapped roles using Power Automate or Excel import.
    Authorization - Configure both Web Roles and Dataverse Security Roles with minimal required permissions.
    Security - Enable session timeouts, logging, and auditing to track and secure access.
     
    thanks

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Microsoft Kickstarter Events…

Register for Microsoft Kickstarter Events…

Announcing Our 2025 Season 1 Super Users!

A new season of Super Users has arrived, and we are so grateful for the daily…

Announcing Forum Attachment Improvements!

We're excited to announce that attachments for replies in forums and improved…

Leaderboard

#1
WarrenBelz Profile Picture

WarrenBelz 145,445

#2
RandyHayes Profile Picture

RandyHayes 76,287

#3
Pstork1 Profile Picture

Pstork1 64,741

Leaderboard

Featured topics