Description

Introduction

This training provides a deep dive into securing Power Portals (Power Pages) by implementing robust authentication, authorization, and role-based access control. Participants will learn how to protect portal data, manage user identities, and enforce security best practices using Dataverse and Azure AD.

Prerequisites

• Basic understanding of Power Portals (Power Pages)

• Familiarity with Microsoft Dataverse concepts

• Basic knowledge of Dynamics 365 or Power Platform

• Awareness of web security fundamentals is beneficial

Table of Contents

1. Power Portals Security Overview
  1.1 Security Architecture of Power Portals
  1.2 Portal Users vs Internal Users
  1.3 Dataverse Security Model Basics

2. Authentication in Power Portals
  2.1 Local Authentication (Username & Password)
  2.2 Azure Active Directory Authentication
  2.3 External Identity Providers (OAuth, OpenID Connect)
  2.4 Social Login Configuration (Microsoft, Google, LinkedIn)
  2.5 Authentication Settings & Portal Configuration

3. User Registration & Identity Management
  3.1 User Sign-Up, Sign-In & Profile Management
  3.2 Invitation-Based User Access
  3.3 Contact Records & Identity Mapping
  3.4 Account Association & Self-Service Access

4. Authorization & Access Control
  4.1 Understanding Web Roles
  4.2 Assigning Web Roles to Users
  4.3 Entity Permissions Explained
  4.4 Table Permissions: Read, Create, Update, Delete
  4.5 Scope Levels: Global, Contact, Account, Parent

5. Securing Portal Content
  5.1 Page-Level Security
  5.2 Web File & Document Security
  5.3 Securing Forms and Lists
  5.4 Conditional Access to Portal Components

6. Role-Based Scenarios & Use Cases
  6.1 Anonymous vs Authenticated Users
  6.2 Customer, Partner & Employee Portals
  6.3 Multi-Role Access Design
  6.4 Least Privilege Access Strategy

7. Advanced Security Controls
  7.1 Field-Level Security in Dataverse
  7.2 Liquid Security Tags & Conditional Rendering
  7.3 Secure APIs & Web Roles Integration
  7.4 Preventing Data Leakage

8. Monitoring, Auditing & Compliance
  8.1 Portal Activity Logging
  8.2 Dataverse Auditing for Portal Users
  8.3 Security Troubleshooting & Common Issues
  8.4 Compliance & Governance Best Practices

9. Security Best Practices & Design Patterns
  9.1 Secure Portal Architecture
  9.2 Common Security Misconfigurations
  9.3 Performance vs Security Considerations
  9.4 Production Readiness Checklist

This training equips learners with the skills to design, implement, and manage secure Power Portals using industry-standard authentication and role-based authorization. By applying best practices and real-world scenarios, participants can confidently protect portal data while delivering secure digital experiences.