Portals connectivity to a Microsoft Dataverse environment

Note

Effective October 12, 2022, Power Apps portals is Power Pages. More information: Microsoft Power Pages is now generally available (blog)
We will soon migrate and merge the Power Apps portals documentation with Power Pages documentation.

A portal connects to a Dataverse environment using an Azure Active Directory application. The application is created in the same tenant where the portal is provisioned. The application is registered with the Dataverse environment during the portal provisioning process.

Connecting a portal with Dataverse environment.

Each portal has a separate Azure Active Directory application associated with it, whether it's connected to the same Dataverse environment or not. The default Azure Active Directory authentication provider created for a portal uses the same Azure Active Directory application to authenticate the portal. Authorization is enforced by web roles assigned to the user accessing the portal.

You can see the associated portal application in Azure Active Directory. The name of this application will be Portals- with the GUID of the web site record. For example; Portals-907807dd-951d-4deb-a9cf-28d76bed06a0

Note

Portals created earlier than 2022 will appear as Microsoft CRM Portals. Some app registrations may appear as Power Apps portals or Power Apps portals - portalname. Changing the portal name will not update the portal application name in Azure Active Directory.

The portal ID is in the App ID URI field in the Azure Active Directory application. The person who provisions the portal owns this application. Don't delete or modify this application, or you might break the portal functionality. You must be the application owner to manage a portal from the Power Apps Portals admin center.

Dataverse user accounts

Sites created earlier than mid-2022 use a special Dataverse user called SYSTEM to allow communication between the site Azure Active Directory application and Dataverse. For more information on the SYSTEM user, see System and application users.

Going forward, sites will use an Dataverse application user that will be automatically created as part of the site creation process. The app user is called # Portals - site name.

Warning

The application user will appear in Dataverse and will have the following roles, do not remove these roles from the application user:

  • Portal Application User
  • Service Writer
  • Service Deleter

Note

Existing sites will be migrated from using the SYSTEM user to the application user. Customizations built that have dependencies or interactions specifically with the SYSTEM account should be refactored to work with the new Dataverse application user.

Understanding authentication key in portals

For a portal to connect to Dataverse using an Azure Active Directory application, it requires an authentication key connected to the Azure Active Directory application. This key is generated when you provision a portal and the public part of this key is automatically uploaded to the Azure Active Directory application.

Important

The authentication key will expire in two years. It must be renewed every two years to ensure that your portal will continue to connect to the Dataverse environment. If you do not update the key, the portal will stop working.

See also

Manage portals authentication key