Portal Security Authentication and Authorization – Quick Reference Guide
Authentication
Local Authentication (Not Recommended by Microsoft)
- Contact record configured for Portal access
- Invite enabled access (configurable)
- Username & Password stored in CRM. Password is encrypted
- Password Recovery & Reset
- Email address confirmation & Two-factor authentication via email (optional)
- Lockout in case of multiple failed login attempts (configurable)
External Authentication
- Contact record configured for Portal access
- No-code configuration approach for setup
- Implemented via ASP.Net Identity API framework (OpenID Connect or OAuth or SAML based providers)
- Invite enabled access (configurable)
- Password managed by 3rd party identity provider (Yahoo, Google, Twitter, Facebook, Microsoft, Yammer, LinkedIn etc)
- Multiple external identities can be configured. Users can login with any of the accounts (depending on configuration)
Authorization
Web Roles
- Controls access to the Portal
- Users can have 1 or many roles. (roles are additive)
- An administrator can define custom roles
- An administrator can define a default role, which will automatically available to a logged-in user (even if the contact has not been assigned any web role)
Entity Permissions
- Enables record-based security.
- Handles scope (global, parental, account, contact) and permissions (read, create, write, delete) for data surfaced on the portal
Web Page Access Control Rules*
- Restricts access to Portal Web Pages
Content Access Level
- Provides an additional layer of security for Knowledge Articles (e.g. : Default, Registered Users and Premium Users)
Publishing State Transition Rules
- It provides an additional layer of security for managing content on the portal.
Forum Access Permissions
- Provides an additional layer of security for viewing and/or moderating Forums
Website Access Permissions
- Permissions for enabling front-side editing of portal content (e.g. : Managing site navigation, content snippet etc)
Liquid Templates
- Custom code using Liquid can be used to cover scenarios not achievable using above.
Other Security Features
IP Address Restriction
- Restrict access to the portal via IP address
Enable maintenance mode
- Disable portal access when the portal/CRM is under maintenance
- Display a customized page to notify the user
GDPR Implementation
- Several configuration options available for GDPR compliance
Also, read Dynamics 365 Portals Authentication – Options and Features