Power Apps Controls with Office 365 Security Group

There are different ways you could show/hide controls in a Power App for different users. Using Office 365 Security Group is secure and easy to implement. In this post I will walk you through the process and show an example.

  • You will need access (Office 365 User Admin or Global Admin) to create Office 365 Security Group
  • You will need to add Office365Users and Office365Groups connectors into your Power App, make sure they are not blocked by DLP policy in your environment

 

1 – Create Office 365 Security Group

In Office 365 admin center navigate to Groups and click “Add
a group”.

In the add group window select Security and then click
Next.

Type the group name and put a description so other admins
know why this group exists.

Click “Create group” button.

If the group name already exists, you will get an error message.

You will need to add few members to the group.

2- Get Group ID from Azure Active Directory

Go to https://portal.azure.com and navigate to Azure Active Directory > Groups > find the group and copy Object Id.

3- Configure Power Apps

Edit your Power App and add the two required connections Office 365 Groups and Office 365 Users connections.

Then on your Power App go to the app OnStart function and create two collections:

ClearCollect(
   colCurrentUser,
   {
       '@data.type':"#Microsoft.Azure.Connectors.SharePoint.SPListExpandedUser",
       Claims: Concatenate(
           "i:0#.f|membership|",
           Office365Users.MyProfileV2().mail
       ),
       ID: Office365Users.MyProfileV2().id,
       DisplayName:Office365Users.MyProfileV2().displayName,
       Email: Office365Users.MyProfileV2().mail,
       Position: Office365Users.MyProfileV2().jobTitle,
       City: Office365Users.MyProfileV2().city,
       Office: Office365Users.MyProfileV2().officeLocation
   }
);

ClearCollect(coTicketAdminMembers,Office365Groups.ListGroupMembers("014f6c73-72ea-44c4-877d-381cf94f7927").value);

Set(glbTicketAdmin, If(First(colCurrentUser).Email in colTicketAdminMembers.mail,true, false));

Then on all the controls that you want to show only to admins, set the visible property to glbTicketAdmin (i.e. when glbTicketAdmin Boolean is true then show the control).

If you have a gallery and you want to show different screen when admins (i.e. office 365 group members) click on an item, you could modify the gallery OnSelect function as shown below.

In my case if admins click on the gallery item, it will open detailed admin screen in edit mode. However, for other users who are not part of the office 365 group they will see another screen in view mode.

 

Here is are the screenshots when normal users open the Power App, notice they don’t see the left navigation menu.

When the users click on an item on the home screen galley they will see the item details in view mode.

However, when users who are member of the Office 365 group opens the Power App they will have a left navigation with extra functionality.

And if they click on the an item in the gallery they will see a more detailed screen in edit mode.

I have managed to get the list of group members in “Assigned To” field, if you are interest put comments I will be able to explain.