Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Trying to force credentials on a powerapps through azure AD, URL modifiers

Copper Contributor

Hello!

 

Powerapps guy here. Tried posting this question on the powerapps community with little response.  I think I might do better here. 

 

What I'm trying to do: I'm trying to find a way to force credentials for a powerapp (canvas in browser) each time a user clicks the link to open it.  In this world of everyone having work/personal accounts and teams, it's anything but elegant to tell a user to open a private browsing session first to avoid account confusion. Not everyone is computer savvy and knows how to setup multiple browsing profiles, and unfortunately SSO while trying to be helpful, doesn't always make it clear for the user what's happening and why they need different credentials. It feels like a clunky hand-off for apps that are made to be user friendly.

Admittedly I'm much less experienced with azure AD than powerapps. So far I've been able to do some helpful things with the URL. However they don't seem to work with the typical powerapps weblinks (I could be doing it wrong). But I know there is a solution in here somewhere. I feel close.  After much searching I've mashed together a bunch of links with varying results.

 

I registered an app (lets call it Jumper) in azure AD that I'm using as a redirect to the powerapp. I can't seem to force credentials on the raw powerapps link, but using the Jumper app authentication endpoint, coupled with &login_hint, I'm able to give a personalized link that does prompt a user with the correct credential, only requesting their password. Then it redirects to the powerapp. Unfortunately from this point the redirect to the powerapp seems to lose track of which account is using it. So if they are signed in with multiple accounts (even though they just signed into the login_hint account) it can default to another causing the app to fail to load its data. I'm guessing the prompt for credentials is only valid for the registered app. I'm wondering if the solution requires the use of tokens and if so, how might I want to set that up.

 

Or if anyone just has a simple URL modifier up their sleeve, or powershell trick, that would allow me to force credentials with each launch of a weblink powerapp, you would be my hero. 

 

Many thanks for any insight provided. 

 

Cheers!

 

0 Replies