Autocreation of a Contact - Authenticated User

Hi,

I've inherited a site that has many mysteries that I'm trying to unravel. I'm not sure this is the right place to post, but I'm starting here.

Here's what's happening:

1. AAD authenticated users can access the site (yah! expected)

2. The user is auto created in Dataverse as a Contact (yah! also expected) (the profile page has been removed)

3. Sometime the user's email is not correct. I have a bunch of theories as to why/how this is happening, but its not optimal and breaks other functionality.

So, my PowerPages friends, please help me with the following:

1. How do I control what information is added to the Contact record on creation? I see that the email address is automatically filled in, can I add other information? Or can I update it to NOT fill in the email?

2. How can I tell what records are created by the Portal? Is there a field that I don't know about? Or a related table? If I could figure out how fields are getting populated on the Contact creation, I could populate that with a value, but see item 1.

3. In the Identity providers section of the make.powerpages.microsoft.com, I've disabled local sign in and have only Azure Active Directory enabled. Anything else I should look at?

4. I've changed all the Page permissions to Authenticated users only.

I'm hoping that the security changes stop the non-authenticated emails, but I need to figure out a way to fix them if they do happen. Thanks for your help in advance.

@kittydreadfully wrote:

1. How do I control what information is added to the Contact record on creation? I see that the email address is automatically filled in, can I add other information? Or can I update it to NOT fill in the email?

You configure claims mapping on your Identity Provider configuration in Power Pages (there is an Additional settings section that is usually collapsed by defauilt) wee the bullet "Registration claims mapping and Login claims mapping" and the link in that bullet https://learn.microsoft.com/en-us/power-pages/security/authentication/openid-settings#additional-settings-in-power-pages

2. How can I tell what records are created by the Portal? Is there a field that I don't know about? Or a related table? If I could figure out how fields are getting populated on the Contact creation, I could populate that with a value, but see item 1.

The Created By user on the record will not be a normal user, is now a user name that reflects the Portal making the create.update

3. In the Identity providers section of the make.powerpages.microsoft.com, I've disabled local sign in and have only Azure Active Directory enabled. Anything else I should look at?

May depend on exactly what you are wanting, e.g. if you are only wanting a subset of your AD users you can configure the App in Azure (each Portal gets its own App created in Azure) so that it will only let a particular Group register/login. Similarly, if you already know the users, you can turn off Open Registration, and then create Contact records for the users and send them Invitations (i.e. turning off Open Registration means you can only register if you have an Invitation).

Quick Links