Edit

Share via

Share a canvas app with your organization

  • Article

When you create a canvas app, you can define which users in your organization can use the app, modify it, and even re-share it. You can specify individual users by name or designate a security group in Microsoft Entra ID.

Prerequisites

Before you share an app, you must save it (not locally) and then publish it.

  • Give your app a meaningful name and a clear description, so that people know what your app does and they can easily find it in a list. Select Settings > specify a name, and then enter a description.

  • Whenever you make changes, you must save and publish the app again if you want others to see those changes.

Important

For a shared app to function as you expect, you must also manage permissions for the data source or sources on which the app is based, such as Microsoft Dataverse or Excel. You might also need to share other resources on which the app depends, such as flows, gateways, or connections.

Share an app from Power Apps

  1. Sign in to Power Apps.

  2. On the left navigation pane, select Apps.

  3. Select the app that you want to share.

  4. On the command bar, select Share. Or select the Commands menu next to your app name and then select Share.

  5. In the Share dialog box, type the names or alias of the user or security groups in Microsoft Entra ID.

  6. Select the down arrow to choose permissions for the app. Options include:

    • User: Can use the app only.

    • Co-Owner: Can use, edit, and share the app but not delete or change owners.

      share with a co-owner

  7. Optional steps:

    • Select the overflow menu (...) at the top-right corner and then select Upload app image to include an image of the app in the email.

    Add an app image .

    • Select Manage access to displays app access details, including current users and co-owners. You can also edit user access here. The Additional data access tab shows app connections to data sources like Dataverse tables or Excel files on OneDrive for Business. To manage security roles for Dataverse tables, use the classic sharing experience. For other data sources, such as Excel files on OneDrive, ensure you share these data sources with the app users.

      Manage app access

  8. Add an optional message and then select Share.

App sharing limitations

Managing security roles for Dataverse tables.

Note

Classic app sharing experience

You can still use the classic app sharing experience by selecting the classic sharing option.

  1. Sign in to Power Apps.

  2. On the left navigation pane, select Apps.

  3. Select the app that you want to share.

  4. On the command bar, select Share. Or select the Commands menu next to your app name and then select Share

  5. Select the overflow menu (...) at the top-right corner and then select Use classic sharing.

    Share app using classic sharing

  6. Specify the name or alias the users or security groups in Microsoft Entra ID with whom you want to share the app.

    You can share an app with a list of aliases, friendly names, or a combination of those (for example, Meghan Holmes <meghan.holmes@contoso.com>) if the items are separated by semicolons.

    If several people have the same name but different aliases, the first person found is added to the list. A tooltip appears if a name or alias already has permission or can't be resolved.

    Screenshot that shows what happens when you search for a name in the search field on an app page.

    Note

    • You can't share an app with a distribution group in your organization or with a group outside your organization.
    • To ensure efficient management experiences, use a security group when sharing the app with over 100 users.

  7. If your app contains premium components, such as a map or address input, users must have a Power Apps license to use the app. To request licenses for the users of your app, select Request licenses, which submits the request to your admin.

    Request Power Apps licenses for your users.

    Note

    You can't request licenses for security groups or distribution lists. For more information about requesting licenses, see Request Power Apps licenses for your app users.

  8. If you want to allow users to edit and share the app, select the Co-owner check box.

    Screenshot that shows where to check the box for Co-owner.

    In the sharing interface, you can't grant Co-owner permission to a security group if you created the app from within a solution. However, its possible to grant co-owner permission to a security group for apps in a solution by using the Set-PowerAppRoleAssignment cmdlet.

  9. If your app connects to data for which users need access permissions, specify security roles as appropriate.

    For example, your app might connect to a table in a Dataverse database. When you share such an app, the sharing panel prompts you to manage security for that table.

    Assign a security role.

    For more information about managing security for a table, go to Manage table permissions.

    If your app uses connections to other data sources—such as an Excel file hosted on OneDrive for Business—ensure that you share these data sources with the users you shared the app with.

    Share an Excel file on OneDrive for Business.

    For more information about sharing canvas app resources and connections, go to Share canvas app resources.

  10. If you want to help people find your app, select the Send an email invitation to new users check box.

    Send an email invitation.

  11. At the bottom of the share panel, select Share.

    Users can now run the app by using Power Apps Mobile on a mobile device or from AppSource on Microsoft 365 in a browser. Co-owners can edit and share the app in Power Apps.

    If you sent an email invitation, users can also run the app by selecting the link in the invitation email:

    • If a user selects the Open the app link on a mobile device, the app opens in Power Apps Mobile.
    • If a user selects the Open the app link on a desktop computer, the app opens in a browser.
    • If a user selects the Microsoft Teams link, the app opens in Microsoft Teams.

    If you selected Co-owner while sharing, the recipients will see a link for Power Apps Studio that will open the app for editing using Power Apps Studio.

To change permissions for a user or a security group

  • To allow co-owners to run the app but no longer edit or share it, clear the Co-owner check box.
  • To stop sharing the app with that user or group, select the Remove (x) icon.

Share apps using Teams

You can share a link to your app in a Teams chat. The user that you share the app with needs to be on the same tenant and have access to the app that you're sharing.

Note

  • To add canvas apps to Teams using the web player:
  • If you're the sender or receiver and get a This app cannot be found error when you select Add app to Teams, this means you don't have access to the app. To get access, contact your admin.
  • If you're the sender and you don't have the Power Apps personal app installed in Teams, then a preview card will appear with a Show Preview button. To unfurl the full adaptive card, select Show Preview.

To share the app, copy the app link from your web browser and paste it into the Teams chat. Before you send the link, you'll see a preview of your message.

Share your app using Teams.

Legend:

  1. Link to app: Select the web link to open the app.
  2. Collapse preview: Select to close the preview. When you collapse the preview then the user that you send the link to will only get a web link to open the app. They won't see the buttons to add the App to Teams or Launch app in web.
  3. Name of app: Shows the name of the app.
  4. Add app to Teams: Select to add the app to Teams.
  5. Launch app in Web: Open the app directly in your browser.

Request licenses for your users

When sharing an app that requires a license for use, you can request Power Apps licenses for your users. For more information, see Request Power Apps licenses for your app users.

Security group considerations

  • All existing members of the security group inherit the app permissions. New users joining the security group will inherit the security group permissions on the app. Users leaving the group will no longer have access through that group, but those users can continue to have access either by having permissions assigned to them directly or through membership in another security group.

  • Every member of a security group has the same permissions for an app as the overall group does. However, you can specify greater permissions for one or more members of that group to allow them greater access. For example, you can give Security Group A permission to run an app. And then, you can also give User B, who belongs to that group, Co-owner permission. Every member of the security group can run the app, but only User B can edit it. If you give Security Group A Co-owner permission and User B permission to run the app, that user can still edit the app.

  • Users must explicitly be a member of the security group. If a user is an owner of the group, they must also assign themselves as a member of the group to inherit app permissions.

Share an app with Microsoft 365 groups

You can share an app with Microsoft 365 groups. However, the group must have security enabled. Enabling security ensures that the Microsoft 365 group can receive security tokens for authentication to access apps or resources.

To check whether a Microsoft 365 group has security enabled

  1. Ensure that you have access to the Microsoft Entra ID cmdlets.

  2. Go to Azure portal > Microsoft Entra > Groups, select the appropriate group, and then copy the Object Id.

  3. Connect to Microsoft Entra ID by using the Connect-AzureAD PowerShell cmdlet.

    Connect-AzureAD.

  4. Get the group details by using Get-AzureADGroup -ObjectId <ObjectID\> | select *.
    In the output, ensure that the property SecurityEnabled is set to True.

    Check the SecurityEnabled property.

To enable security for a group

If the group isn't security-enabled, you can use the PowerShell cmdlet Set-AzureADGroup to set the SecurityEnabled property to True:

Set-AzureADGroup -ObjectId <ObjectID> -SecurityEnabled $True

Set SecurityEnabled to True.

Note

You must be the owner of the Microsoft 365 group to enable security. Setting the SecurityEnabled property to True doesn't affect how Power Apps and Microsoft 365 features work. This command is required because the SecurityEnabled property is set to False by default when Microsoft 365 groups are created outside of Microsoft Entra ID.

After a few minutes, you can discover this group in the Power Apps sharing panel and share apps with this group.

Manage table permissions for Dataverse

If you create an app based on Dataverse, you must also ensure that the users you share the app with have the appropriate permissions for the table or tables used by the app. Particularly, those users must belong to a security role that can do tasks such as creating, reading, writing, and deleting relevant records. In many cases, you'll want to create one or more custom security roles with the exact permissions that users need to run the app. You can then assign the role to each user as appropriate.

Note

  • You can assign security roles to individual users and security groups in Microsoft Entra ID, but not to Microsoft 365 groups.
  • If a user isn't in the Dataverse root business unit, you can share the app without providing a security role, and then set the security role directly.

Prerequisite

To assign a role, you must have System administrator permissions for a Dataverse database.

To assign a security group in Microsoft Entra to a role

  1. In the sharing panel under Data permissions, select Assign a security role.

  2. Select the Dataverse roles that you want to apply to the selected Microsoft Entra users or groups.

    Security role list.

Note

When you share an app that's based on an older version of Dataverse, you must share the runtime permission to the service separately. If you don’t have permission to do this, see your environment administrator.

Next steps

Share a canvas app with guest users

See also

Edit an app
Restore an app to a previous version
Export and import an app
Delete an app