I am exploring security options for a Power Pages (+ Dataverse) website that will be accessed exclusively by my organization's internal users (on Azure AD). The website will serve two primary groups:
- A majority of users (500+) will use the website to submit tickets.
- A smaller group (200+) will use the website to take actions on those tickets.
I would appreciate insights and best practices on the following topics:
-
Authentication: Since the website will need to be accessed by more than 50 organizational users, it appears the site visibility must be set to "Public." If this is correct, what are the available options and best practices to:
- Restrict access to a predefined set of internal users in the organization's Azure AD?
- Prevent access to website guests or unauthenticated users?
(Note: I think there is 50-user limit for granting access to Private websites.)
-
Registration: Is it possible to pre-register users along with their web roles, rather than requiring them to self-register? (Note: The website will have users assigned to three different roles.)
-
Roles and Authorization: Will it be necessary to replicate the web-role security permissions in Dataverse roles, or is there a better approach?
Thanks in advance for your guidance!