Customer Engagement & Dynamics CRM Forum

Expand all | Collapse all

Community Portal - how to tie security to O365 account?

  • 1.  Community Portal - how to tie security to O365 account?

    GOLD CONTRIBUTOR
    Posted 9 days ago
    Morning all,

    I am looking at setting up the Community Portal specifically for the Ideas functionality. We want our 800+ users to be able to submit and vote on ideas for enhancements to Dynamics.

    I have the basic portal up and running, but before we roll it out, I want to make sure that the only people that can see the site and its content are our internal staff. To do that I want to put all the content and features behind the O365 logins that are also tied to their Dynamics account. I did some searching, and have not as yet found any documentation that talks about how to do this. Can any of you point me in the right direction?

    ------------------------------
    Peter Gulka
    National Manager, Systems Enhancement and Training
    Big Brothers Big Sisters of Canada
    Burlington ON
    ------------------------------


  • 2.  RE: Community Portal - how to tie security to O365 account?

    MICROSOFT MVP
    Posted 9 days ago
    Hey Peter

    I don't have and end to end walk through for your scenario but I think the solution lies in implementing Azure B2C and then linking it to Azure AD (Office 365).  I am not an authentication expert but this is where I would start in your particular use-case.

    Note if this is staff (employees) then make sure you have the right licensing in place.

    Azure AD B2C provider settings for portals in Dynamics 365
    Microsoft remove preview
    Azure AD B2C provider settings for portals in Dynamics 365
    In this article Azure Active Directory (Azure AD) powers Office 365 and Dynamics 365 services for employee or internal authentication. Azure Active Directory B2C is an extension to that authentication model that enables external customer sign-ins through local credentials and federation with various common social identity providers.
    View this on Microsoft >


    Cheers
    Nick



    ------------------------------
    Nick Doelman
    Microsoft MVP
    Manager of CRM Solution Development
    BDO Canada LLP
    Ottawa ON
    ------------------------------



  • 3.  RE: Community Portal - how to tie security to O365 account?

    Posted 8 days ago
    Hi Peter,

    First of all, a Portal typically comes pre-configured out of the box with Azure AD (which is what O365 uses for authentication) as a security provider.  This is how the Portal allows you to login as a portal administrator using the user you used to set it up.

    That being said, if you want to link your portal to a different Azure AD tenant (or for some reason you're not seeing the default Azure AD option), it's pretty easy to setup, since Azure AD supports the Open ID Connect protocol.  Microsoft includes information on how to do this in their documentation:

    Configure OpenID Connect provider settings for a portal in Dynamics 365
    Microsoft remove preview
    Configure OpenID Connect provider settings for a portal in Dynamics 365
    In this article This topic applies to Dynamics 365 portals and later versions. OpenID Connect external identity providers are services that conform to the Open ID Connect specifications. Integrating a provider involves locating the authority (or issuer) URL associated with the provider.
    View this on Microsoft >


    There is also a blog post with specific instructions:

    https://community.dynamics.com/crm/b/debajitcrm/archive/2017/06/12/dynamics-365-portal-authentication-with-external-identities-part-i-authentication-with-azure-active-directory

    Nick Doelman's answer is also correct - if you can add Azure AD as one of your providers in Azure AD B2C, then that is another route.  But I thought it would be good to mention that you can have it as it's own provider without leveraging Azure AD B2C.

    Hope that helps.



    ------------------------------
    Nicholas Hayduk
    Engineered Code Consulting Inc.
    Regina SK
    ------------------------------



  • 4.  RE: Community Portal - how to tie security to O365 account?

    GOLD CONTRIBUTOR
    Posted 8 days ago
    Thanks lads - you are correct that the Azure AD authentications is set up out-of-the-box, but what I am trying to figure out is how to restrict the viewing of content on the site to logged in users.

    So in the context of the Ideas functionality - it correctly forces people to log in to submit an idea and vote on it, but I can see all the ideas even if I am not logged in. I want to prevent that. I'm sure this is one silly setting somewhere I am simply not seeing :(

    ------------------------------
    Peter Gulka
    National Manager, Systems Enhancement and Training
    Big Brothers Big Sisters of Canada
    Burlington ON
    ------------------------------



  • 5.  RE: Community Portal - how to tie security to O365 account?

    Posted 7 days ago
    Hi Peter,

    Ah, sorry we misunderstood you.

    What you're looking for is Web Roles and Web Page Access Permissions:

    https://docs.microsoft.com/en-us/dynamics365/customer-engagement/portals/webpage-access-control

    You can probably just leverage the out-of-the-box Authenticated Users role.  Then all you need to do is create a Web Page Access Control Rule with "Restrict Read" permissions on the Ideas page, and associate it with that rule.  Once that rule is in place, that page will disappear for anyone who is not logged in.

    ------------------------------
    Nicholas Hayduk
    Engineered Code Consulting Inc.
    Regina SK
    ------------------------------