web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Pages / Automatically Assign W...
Power Pages
Unanswered

Automatically Assign Web Roles to Contact through OpenID claims in JWT Token

(0) ShareShare
ReportReport
Posted on by Mel-R 2

Hello,

 

Hi currently I am creating a power pages which requires authentication and has custom roles which defines what pages and resources a user can access. Here is the scenario.

 

  • We are using a 3rd party IDP Service which we have added using OpenID in power pages as an identify provider. 
  • We are not using self registration.
  • Currently Authentication from our power pages to the IDP works and a Contact record is created.
  • Account creation is done where we manually  create the account and assign custom roles with specific roles assigned to that account on the 3rd party IDP side. The idea this would sync these roles our power pages and other platforms (single place for user management)
  • We created matching custom roles in power pages (where names match keys on the IDP side).
  • Certain power pages and resources are accessible by users who belong to that role.
  • In the JWT token returned from the IDP after the user successfully logs in, it contains in the claims, a JSON property "roles" which contains the JSON array of all the roles that the user has assigned (circled in white  below of "JWT explorer" debugging extension, there is 2 roles).

MelR_0-1694473790009.png

Question, since this is using OpenID with power pages, is there a way to sync the claims roles so that the matching PP web roles are added/updated to the contact? The roles are being returned in the token. I am wondering if I am missing something or if there is an easy way of doing this?

 

Thanks

 

Categories:
Security
I have the same question (0)
  • oliver.rodrigues Profile Picture
    oliver.rodrigues 9,368 Most Valuable Professional on at

    I haven't done, but what I would try is:

    • Map the claims against a contact column (text)
    • Trigger a plugin or something (real-time) that will read that field on the creation of the contact o external identity, and then find/assign the web roles to the contact 

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!

Quick Links

Forum hierarchy changes are complete!

In our never-ending quest to improve we are simplifying the forum hierarchy…

Ajay Kumar Gannamaneni – Community Spotlight

We are honored to recognize Ajay Kumar Gannamaneni as our Community Spotlight for December…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Pages

#1
Jerry-IN Profile Picture

Jerry-IN 71

#2
Fubar Profile Picture

Fubar 62 Super User 2025 Season 2

#3
sannavajjala87 Profile Picture

sannavajjala87 31

Last 30 days Overall leaderboard

Featured topics

Solution to LinkedIn Authentication in Power Apps Portals
Welcome to the Power Pages forum!

Product updates

Microsoft Power Platform Community release plans