When using the PowerApps portal that is configured with Azure Active Directory as an external authentication, you might encounter a scenario where you want to restrict some users from login into the Portal.
This can be easily setup using Conditional Access in Azure Active Directory. Here is my example on how to do it on my Portal:
Step 1: Go into Portals Admin Center of the portal you want to setup the restriction and get its Application ID
Step 2 (optional/for ease of access):
- Access portal.azure.com -> Azure Active Directory -> App registrations -> Search for the above Application ID
- Select the Microsoft CRM Portals you found on the result -> On the left side select Branding -> Change the name of app for easier accessing in the future.
The reason I suggest doing this is because all the Portal in the App Registrations always have the default name of “Microsoft CRM Portals”, which will be impossible to identify once you had created a number of them. Renaming them will help you to skip Step 1 the next time doing this.
Step 3: In Azure Portal -> Azure Active Directory -> Security (on the left side) -> Conditional Access -> Create a new Policy.
- Setup the Name, Users or Groups you the policy to applied to.
- Most importantly, Cloud apps select the Portal App you want the policy to applied to.
- For Access controls/Grant, I setup a “Block access” for the one of my user in the AAD.
- Remember to Enable the policy once you had done configured it.
Step 4: I had successfully blocked an user from login into the Portal!
Any questions regarding these steps, do let me know on the comments below.
I hope that this can be helpful!