Creating a Power Platform User On-boarding Strategy
Once an organization has determined that they are going to adopt the Power Platform, they are quite anxious to get started. While some organizations may want to on-board users in an ad hoc fashion, it is important to develop a strategy so that the experience is consistent across users and environments.
There are many considerations that go into provisioning access including:
- Environment access
- Microsoft Dataverse (CDS) Roles
While not explicitly listed above, leveraging Security Groups can simplify and streamline the onboarding experience. Let’s further discover how. If you would prefer to watch a video walkthrough of this, please watch this YouTube video.
Azure Active Directory supports the ability to assign licenses to a security group. For example, if we want to assign a Power Automate Attended RPA license to a user, we can create a group for those users and then create a license assignment that will automatically assign this RPA license to each user that is added to this security group. Should you need to remove that license from that user, you just need to remove them from the security group and the license will be returned.
Security groups can also be used to onboard users to an environment. Within the Power Platform Admin Center, you can assign a security group to an environment. When members are added this group, they will have environment access. Do note, this can take a couple hours for this sync to take place. However, using the Power Apps Admin connector and the Force Sync user action, this synchronization can happen immediately.
Microsoft Dataverse (CDS) Roles
When a user is added to an environment, they don’t have any permissions to do anything in that environment. However, we can fix that by assigning roles using the Common Data Service (current environment) connector. This can be accomplished by looking up the User, the Environment Maker Security role and then Relating the two records together. We can also use this approach when applying the Basic User role (to run Power Apps) and custom roles.
While there are a few moving parts to make all this work, we can take advantage of Power Automate to orchestrate all these actions. Please check this YouTube video where I will walk you through all of this in more details.
Managing access to the Power Platform may involve multiple steps, but we can leverage tools like security groups, Power Platform Admin connectors and Power Automate to ensure we are onboarding new users in an efficient and consistent manner.