web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Apps / Deploying Application ...
Power Apps
Unanswered

Deploying Application User for Multi-tenent server-to-server authentication

(0) ShareShare
ReportReport
Posted on by ternarywat 15

Hello,

 

I am a developer working on building an integration for my web app to query the Common Data Service APIs. I have been following the docs on how to authenticate with CDS and set up my application Azure Active Directory, but I am very confused on how to make this easy for my users to set up. I ultimately want my users to install a solution from AppSource, authenticate through my web app, and start using the integration as needed.

 

I'm specifically confused with the last section of the multi-tenant authentication docs that recommend the following:

 

You must include a custom security role which defines what privileges your application requires and then make sure that the application user is associated to that custom security role. Because a custom security role can be included in a solution, you should prepare a managed solution which contains the definition of the custom security role and any other solution components your application requires.

 

> However, the application user cannot be included with a solution so you will need to provide a way to create this application user and associate it with the custom security role.

> There are several ways that you can achieve this, including writing your own program using the web services and having the subscriber run the program.

 

I understand what a "managed solution" does, but where I'm confused from the above is:

 

* Can I write code that runs as part of the installation process of my Appsource package? If so, where are the docs to help get me started on that?

* If I am not able to write code, how do folks generally handle the creation of the user? Do you share a script with your customers to run, have them create it manually, or do something else?

 

Thank you!

 

Categories:
Microsoft Dataverse with Power Apps
I have the same question (0)
  • Ben Thompson Profile Picture
    Ben Thompson 1,400 on at
    Before replying with details exactly how is your application going to talk to the CDS instance.

    Will the CDS instance call your azure function to perform a task or will your azure function be sending the data to the CDS instance directly?
  • ternarywat Profile Picture
    ternarywat 15 on at

    >Will the CDS instance call your azure function to perform a task or will your azure function be sending the data to the CDS instance directly?

     

    My application will be sending data to the CDS instance directly.

     

    IDK if this helps, but this is a separate web application running outside of Azure (e.g. a python web app), so I don't plan on using an azure function. 

     

     

  • Verified answer
    EricRegnier Profile Picture
    EricRegnier 8,720 Most Valuable Professional on at

    Hi @ternarywat,

    I'm pretty sure you can include an install package with the CDS managed solution, deployment guide (readme) and scripts (e.g. PowerShell) in AppSource or even direct users to your company's web page to download and install the package. You'll only need to submit the app and go through a review and approval process at https://appsource.microsoft.com/en-us/partners/signup. You can submit a support ticket to get more help about AppSource at https://support.microsoft.com/en-us/supportforbusiness/productselection?sapId=48734891-ee9a-5d77-bf29-82bf8d8111ff.

    Below are answers to your questions:

    1. "a custom security role can be included in a solution, you should prepare a managed solution" You'll need to create a custom security role in CDS and assign that role to the app user after it's created in CDS. The custom role has to be included in the managed solution that your customers will download and install so that the role exists in their environment to successfully assign the role.
    2. the application user cannot be included with a solution so you will need to provide a way to create this application user. Unlike my previous point #1 where you can include a security role to a CDS solution, unfortunately you can't include an app user (or other types of users) in a solution. Those are considered as data, so the best way to automatically create the user and assign the role is to script it, such as with PowerShell. There are a few CDS PowerShell modules to facilitate the scripts such as: https://github.com/seanmcne/Microsoft.Xrm.Data.PowerShell

    Hope this makes sense!

     

  • Ben Thompson Profile Picture
    Ben Thompson 1,400 on at

    As you app is sending data to the CDS system you system will need credentials to login to the CDS instance - that might be a problem as a lot of companies will not allow direct remote access into their systems and they will have to configure the credentials for you - it is not possible to do it within CDS without manual intervention as the important part would be a secret key created within Azure Active Directory. https://docs.microsoft.com/en-us/azure/marketplace/partner-center-portal/commercial-marketplace-lead-management-instructions-dynamics shows how Microsoft does it and you would need to do something similar.

     

    The way I've got around it for one of the things I'm working on is to use a Scheduled Power Automate / Flow task that gets a secret key (which you can generate in CDS) and passes that key as part of the scheduled request to our servers. In the response to the request we then send all the new and updated objects in an JSON object that the next step in the Flow processes.

     

    *In reality the scheduled task calls an action within the CDS instance and the action does all the work but I know there are other options available.

  • Verified answer
    ternarywat Profile Picture
    ternarywat 15 on at

    I'm pretty sure you can include an install package with the CDS managed solution, deployment guide (readme) and scripts (e.g. PowerShell) in AppSource or even direct users to your company's web page to download and install the package

     

    This was the clue I was looking for and I missed while exploring the docs. I've been researching Managed Solutions, when I actually need to be looking into Packages. This reference led me to this section of the docs:

     

    https://docs.microsoft.com/en-us/powerapps/developer/common-data-service/introduction-solutions#deploy-solution-packages

     

    which then led me to this tutorial:

     

    https://docs.microsoft.com/en-us/powerapps/developer/common-data-service/package-deployer/create-packages-package-deployer#Step2

     

    Is that the correct documentation page I should reference to write the code to create a user as part of my package?

  • EricRegnier Profile Picture
    EricRegnier 8,720 Most Valuable Professional on at

    Yep, that's exactly it. You can write C# code after different stages of the CDS solution import process, include data import files and include HTML pages to guide the user at the different steps of the installation. That's also the package I believe you can submit to Microsoft Appstore review.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!

Quick Links

Forum hierarchy changes are complete!

In our never-ending quest to improve we are simplifying the forum hierarchy…

Ajay Kumar Gannamaneni – Community Spotlight

We are honored to recognize Ajay Kumar Gannamaneni as our Community Spotlight for December…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Apps

#1
WarrenBelz Profile Picture

WarrenBelz 717 Most Valuable Professional

#2
Michael E. Gernaey Profile Picture

Michael E. Gernaey 329 Super User 2025 Season 2

#3
Power Platform 1919 Profile Picture

Power Platform 1919 268

Last 30 days Overall leaderboard

Featured topics

Auto-Populate field Power Pages
Gallery Tabs - Show or Hide Tabs based on Field Value
How to patch multiple records at once
Enable Copilot for end users in model-driven apps
Question for everyone : How are you using Create Text GPT in AI Builder?
Community content - sample components, blogs etc. - Link to this page (http://aka.ms/PCFdemos)
Welcome to the Power Apps forum!

Product updates

Microsoft Power Platform Community release plans