Hi mates 🙂
Can you please give me a hand with this ?
I am retrieving User Groups from Azure by using this method AzureAD.GetMemberGroups(User().Email,false). This is working fine with "Member Users". But when I login to my PowerApps app through guest user, It is returning nothing. Is there anything else which I need to put in case of "Guest Users" ? Thanks
Hi @aluzaja178 ,
Yeah, you are right. When the "Guest" user run the shared app, he would retrieve group info from his own tenant rather than yours.
If you want the "Guest" user to retrieve group info from your tenant when he run this shared app, I afraid that there is no way to achieve your needs in PowerApps currently.
As an possible solution, you could consider create a custom connector based on Microsoft Graph REST API to achieve your needs. Within the custom connector, you could define a List memberOf action to retrieve groups for a specific user in your tenant:
GET /users/{id | userPrincipalName}/memberOf
Within your canvas app, add a connection to this custom connector, then use the custom connector action to retrieve groups in your tenant for this "Guest" user. Then when you share your canvas app to this "Guest" user, the custom connector would be shared to the "Guest" user automatically, then he could also use this custom connector to retrieve related groups for him in your tenant.
More details about creating a custom connector in PowerApps based on Microsoft Graph API, please check the following blog:
More details about "List memberOf" action in Microsoft Graph API, please check the following article:
https://docs.microsoft.com/en-us/graph/api/user-list-memberof?view=graph-rest-1.0&tabs=http
Please try above solution, check if it could help in your scenario.
Regards,
@v-xida-msft please correct me if I am wrong. I guess the guest account user's email address retrieves with # included unlike AD user's, due to which we cannot be able to run commands with it. I guess we may need to format it to proceed.
For example a gmail account gets retrieved as live.com#abcd@gmail.com
Thanks for the brief details. But the problem is: When a guest user is logged into the PowerApps app and he initiates the request for retrieving his own group info, He gets nothing.
Hi @aluzaja178 ,
Do you want to retrieve Group Info for a guest user from your current Org?
Regarding the needs that you mentioned, I think the AzureAD.GetMemberGroups() function could achieve your needs. When you want to use the AzureAD.GetMemberGroups() function to search related groups to the "Guest" user, you could not type the email address of the "Guest" user as first argument in the AzureAD.GetMemberGroups() function, instead, you should specify the Object Id of the "Guest" user as first argument in the AzureAD.GetMemberGroups() function.
I have made a test on my side, please try the following workaround:
1. Firstly, add Office 365 Users connector as data source in your app.
2. Set the OnSelect property of the "Retrieve Groups" button to following:
ClearCollect(
GroupsCollection,
AddColumns(
AzureAD.GetMemberGroupsV2(First(Office365Users.SearchUserV2({searchTerm: "Anchxxxxxx@163.com"}).value).Id, false).value,
"GroupName",
AzureAD.GetGroup(Value).displayName
)
)
On your side, you should modify above formula as below:
ClearCollect(
GroupsCollection,
AddColumns(
AzureAD.GetMemberGroupsV2(First(Office365Users.SearchUserV2({searchTerm: User().Email}).value).Id, false).value,
"GroupName",
AzureAD.GetGroup(Value).displayName
)
)
then related group info would be saved into the GroupsCollection, you could add a Data Table in your app to preview this collection data.
Please try above solution, then check if your issue is solved.
Regards,
user().Email for a "Guest Account" wont return as a valid email address. So, please validate how a guest account email - take a label and assign User().Email. You can proceed accordingly
You can try this https://graph.microsoft.com/v1.0/users?$filter=userType eq ‘Guest’
but then you need to access on your AD. You may need to create an API and get consent for Azure AD and try this.
I may be wrong, if you want to use Azure AD connector in Powerapps, all accounts that open the app must have a kind of admin permissions on Azure to make the function work ( that makes a security hole).