PowerApps Portals (Part 2)

Planning and licensing the PowerApps Portal

While there are so many pages of documentation around capacity planning and licensing the PowerApps Portal, when you get down to implementation, you often get confused and are stumped on encountering the unexpected!

We attempt to put forward an actual use case we encountered – 3 issue areas and how we resolved them.

Existing situation

  • The Customer had purchased 10 CE licenses and 20 licenses across other plans (Enterprise Sales, etc.) from IOTAP, a Microsoft CSP Partner
  • The Customer had a Dynamics Portal [ with Customer Service template] for their Dynamics 365 Production environment (Note: this was not a PowerApps Portal)
  • A trial PowerApps Portals had been provisioned for their Dynamics Sandbox

Expectation, Issue, and Resolution

A) Issue area 1: Convert Free trial to Paid

  • Expectation: We expected a “Convert to Paid” action available against the trial Portal in the admin
  • Issues:
    • “Convert to Production”, was the only relevant action available – which was not what we wanted
    • The trial being a Customer Service template would fail conversion since 2 portals using the same template cannot co-exist in the same environmentPowerapps portal a

      (Option available on PowerApps portal – for trial)

  • Resolution:
    • “Convert to Production” actually meant – “Convert to Paid”
    • The portal link with Sandbox did not break and

B) Issue area 2: List of licensed users

  • Expectation: The licensed user list for the Sandbox-linked PowerApps portal would list the 8 CE licensed usersuser licenses download

(User licenses download from Admin Power Portal)

  • Issues:
    • The list had only 2 of the 10 users as having PowerApps license.
    • There were users shown as having PowerApps for Office 365 – which was unexpected
    • The licenses assigned to the users seemed varied – across

3excel downloaded from admin powerportal

(Excel downloaded from admin PowerPortal)

  • Resolution:
    • From the Office 365 Admin, navigate to the usermanage product License. Below the list of licenses, is the list of apps which is toggled close, by default. Click open and scroll down to the PowerApps.
    • Users who had them checked were the users who had shown up on the “active user” list downloaded from the PowerApp Portaloffice 365 portal user licenses
    • Users may have licenses assigned, but unless they were given access on the app, they cannot access the PowerApps Portal

C) Issue area 3: The Add-on to Purchase

  • Expectation: The environment was Sandbox and was to be accessed infrequently. We needed a license option that would not be over-head. Some users who were not licensed via the CE license needed to access Sandbox for testing/ reviewing.
  • Issues:
    • The per User license and the per login plan were Monthly plans which would go unused during most months.
    • There was no plan which was like the Azure Usage Plan which could be purchased and could be consumed until it was used up. A per-login plan with about 100 logins would be apt.
    • Adding and removing licenses for short periods would become cumbersome.
  • Resolution:
    • The Per-user plan was selected – since it was cost-effective
    • The Client License administrator was encouraged to use the IOTAP Self Service Portal to add/ remove these licenses. He could do this easily along with managing the other Microsoft licenses provisioned from IOTAP.

IOTAP Self Service Portal - manage licenses

(IOTAP self-service portal – manage licenses)

Also read, PowerApps Portals (Part 1)

Want to know how our Self Service Portals have helped create amazing customer experiences?

Portal Security Authentication and Authorization – Quick Reference Guide


Local Authentication (Not Recommended by Microsoft)

  • Contact record configured for Portal access
  • Invite enabled access (configurable)
  • Username & Password stored in CRM. Password is encrypted
  • Password Recovery & Reset
  • Email address confirmation & Two-factor authentication via email (optional)
  • Lockout in case of multiple failed login attempts (configurable)

External Authentication

  • Contact record configured for Portal access
  • No-code configuration approach for setup
  • Implemented via ASP.Net Identity API framework  (OpenID Connect or OAuth or SAML based providers)
  • Invite enabled access (configurable)
  • Password managed by 3rd party identity provider (Yahoo, Google, Twitter, Facebook, Microsoft, Yammer, LinkedIn etc)
  • Multiple external identities can be configured. Users can login with any of the accounts (depending on configuration)


Web Roles

  • Controls access to the Portal
  • Users can have 1 or many roles. (roles are additive)
  • An administrator can define custom roles
  • An administrator can define a default role, which will automatically available to a logged-in user (even if the contact has not been assigned any web role)

Entity Permissions

  • Enables record-based security.
  • Handles scope (global, parental, account, contact) and permissions (read, create, write, delete) for data surfaced on the portal

Web Page Access Control Rules*

  • Restricts access to Portal Web Pages

Content Access Level

  • Provides an additional layer of security for Knowledge Articles (e.g. : Default, Registered Users and Premium Users)

Publishing State Transition Rules

  • It provides an additional layer of security for managing content on the portal.

Forum Access Permissions

  • Provides an additional layer of security for viewing and/or moderating Forums

Website Access Permissions

  • Permissions for enabling front-side editing of portal content (e.g. : Managing site navigation, content snippet etc)

Liquid Templates

  • Custom code using Liquid can be used to cover scenarios not achievable using above.

Other Security Features

IP Address Restriction

  • Restrict access to the portal via IP address

Enable maintenance mode

  • Disable portal access when the portal/CRM is under maintenance
  • Display a customized page to notify the user

GDPR Implementation

  • Several configuration options available for GDPR compliance

Also, read Dynamics 365 Portals Authentication – Options and Features

PowerApps Portals (Part 1)


The PowerApps Portals provide one of the last missing pieces to the Power Platform story.

PowerApps Portals was announced in June as the successor to Dynamics 365 Portal. It will be fully decoupled from Customer Experience apps and will live alongside the two other types of PowerApps – Canvas and Model-driven. It has been promoted as a way to expose processes and data to external users with new mechanisms tied to Azure, PowerApps, and the Common Data Service [including Dynamics].

PowerApp Portal

For Microsoft and other enterprise software vendors, exposing business systems data to non-licensed users has been a long-running point of contention. Customers have long been warned not to look for workarounds to purchasing licenses such as exposing data through reports or other customer application interfaces that avoid licensed interfaces. With the below changes, Microsoft expects to plug this gap and compliance issue –

  • Putting together a new licensing model for Portals
  • Implementing consumption measuring devices
  • Simplifying for the Org to quickly onboard and
  • Extending the platform with enhancements and integrations

Details below are based on information as is currently being shared by Microsoft – however, MS is still taking feedback from partners and trying to make some amendments to the licensing structure.

What is a PowerApps Portals?

A PowerApps Portal is a Low Code, responsive Website with the familiar WYSIWYG designer for easy branding, linkable to a CDS system. Users can interact with the data via authentication provided by enterprise authentication providers or anonymously. Information can be filtered, and security applied so that the external user can only see or interact with data that is specific to him or his role.

What is the CDS system?

CDS for simple understanding is an easy to manage, secure database with a prebuilt set of entities provided as a paid Azure Service.

While Dynamics 365 already uses CDS as the backend, data from multiple other data stores can be easily integrated into CDS and a unified experience across databases can be provided

Features of the PowerApps Portals

To understand its features simplistically – As an off-shoot of the Dynamics 365 portals, all of what can be done on the existing Dynamics Portals can be done on the PowerApps Portals too- and more. The biggest feature on the portal is the ease of building the PowerApps Portal. The Basic version of the portal can be set up easily by the business users, with drag and drop functionality. Advanced versions need Liquid consultants and developers

Features Compare and Contrast – Dynamics 365 Portals and PowerApps Portals

Dynamics 365 PortalsPowerApps Portals


2 default URL options

– microsoftcrmportals

– powerappsportal

1 default URL option

– powerappsportal



Developer IntensiveQuick and easy setup experience


Built on Dynamics or CDS dataBuilt on Dynamics or CDS data


Prebuilt templates

– customer sales and service,

– employee sales and service,

– employee management, and

– community management.

Build from scratch using a Blank template [ same templates as on dynamics to come]


Authentication: Predefined set of providers, but cumbersome to set upAvailable authentication configuration: Azure AD B2C, LinkedIn, Facebook, Google, Okta, and others


Can be linked to Dynamics 1st Party apps only, as a sourceCan work with any a CDS based data source

Skillsets needed to work on the PowerApps Portals

  • Ability to code using Liquid code and JavaScript
  • Experience around working with entities and processes
  • Understanding of security roles and permissions
  • WYSIWYG designing
  • Understanding/ implementation of Authentication Providers [recommended is AzureB2C]


Microsoft revealed new pricing and licensing for PowerApps Portals during Inspire but since then has been evolving and building on it.

Notable changes have been announced.

Pricing – Compare and Contrast – Dynamics 365 Portals and PowerApps Portals

ParameterDynamics 365 PortalsNew PowerApps Portals
Provisioning a portal instancePurchase Dynamics 365 Additional Portal SKU at $500 per monthProvision a portal—no need to purchase portal addons to provision a portal
Qualifying base offersDynamics 365 licenses onlyCustomers can add on portal external login or page view capacity to Dynamics 365, PowerApps and Microsoft Flow licenses
Internal use rightsDynamics 365 enterprise licenses, Dynamics 365 team member license.Internal users can now access portals with a PowerApps per-app/per-user license. For a Dynamics license, it is the same as custom PowerApps use rights.
MonetizationPer portal instance Per page viewPer log in Per page view
Entitlement for Dynamics 365 customers1 portal instance for the first 10 full Dynamics 365 USLsNot applicable―PowerApps Portals instances can be provisioned

PowerApps Portals – Licensing details

[as currently available for – Dt.9 Sept. 2019]

PowerApps Portals can be provisioned without requiring a specific license. They are charged only on Usage. Breaking down the Portal Users into Licensed and Non Licensed users, irrespective of whether they are internal or external –

1) Licensed users [Internal]

  • A user having any PowerApp Plan license
  • Dynamics 365 [various]

Users who have valid licenses will not be levied an additional usage charge

2) Non-Licensed users [Internal or External]

Microsoft differentiates between Anonymous [ not signed in] and Authenticated [signed in] users.

  • Authenticated users
    • Access by authenticated users will be charged on a “per log-in”. A log-in is defined as a twenty-four-hour period of access by a single authenticated user/ app, chargeable monthly.
  • Anonymous users
    • Anonymous portal users will be priced on a simple “per-page-view” model, chargeable monthly

3) Minimum licensing quantities

  • Login quantity

The minimum login quantity to be assigned to a portal is 100 logins/month.

Once you have assigned 100 logins, you can assign them in units of 1.

  •  Pageviews quantity:

Minimum 50,000 per portal, after that you can assign 1 at a minimum.

4) Additional portal instances

  • Additional portal instances can be spun up without any additional charge.
  • Monthly charge based on usage will be billable based on above permutations

5) Existing Dynamics 365 access to PowerApps Portals

Dynamics 365 Enterprise users will continue to be able to run apps and portals that extend and customize the licensed Dynamics 365 application, as long as those apps and portals [even if they are custom] are located in the same environment as their licensed Dynamics 365 application.

Custom apps or portals outside of the Dynamics 365 environment and access to his app license on Dynamics 365 will require a standalone PowerApps license.

The Team Member license does not get access to the custom portal as Team Member licenses do not allow access to a custom app.

user types



Also read, PowerApps Portals (Part 2)

Want to know how our Self Service Portals have helped create amazing customer experiences?

Charts on Dynamics 365 Portal

There are two ways to add charts on Dynamics 365 Portal

  1. Add chart Liquid tag in the Copy field on a webpage
  2. Add chart Liquid tag in the Source field on a Web Template

Prerequisite for implementing Charts on Portal

  • Entity Permission Requirement
  • ID of Chart
  • ID of view to filter the query

  a) Entity permission requirement

Read privilege is asserted for the target entity being queried in the chart. For anonymous or authenticated users to be able to view the chart, you must ensure that the appropriate Entity Permission records are created and assigned to applicable Web Roles

If permission is not granted, the user will see an access denied message or You do not have appropriate privileges.

  b) ID of Chart

Follow below steps for getting id of chart

1) Go to the target entity, for example, Sales ➤ Leads.

2) Select ‘Show Charts’ option from the top ribbon

show chart

3) Choose the chart you want.

4) Select More Commands, and then select Export Chart.

lead by source

5) Open the XML file of the exported chart in a text editor.

6) Copy the value of the <visualizationid> tag.

lead by source xml7) Paste the visualizationid value into your Liquid chart tag declaration for the chart ID parameter, for example:

{% chart id:EE3C733D-5693-DE11-97D4-00155DA3B01E %}.

  c) ID of view to filter the query

1) Go to the target entity, for example, Sales ➤ Leads.

2) Select the view you want from the view drop-down header.

lead by source

3) Copy the viewid value from the View window’s URL.


copy viewid

4) Paste this ID into your Liquid chart tag declaration for the viewid parameter, for example:

<!—Leads by Source – All Leads –>

{% chart id:”EE3C733D-5693-DE11-97D4-00155DA3B01E” viewid:”00000000-0000-0000-00AA-000010001006″ %}

Method 1 – Add chart Liquid tag in the copy field on the webpage

Follow the below steps for adding a chart.

a) Add Child Page to Portal.

b) Give all required details on General

c) Go to Language Content

d) Add below liquid tag with required original ids in Copy field of Page

{% chart id:”EE3C733D-5693-DE11-97D4-00155DA3B01E” viewid:”00000000-0000-0000-00AA-000010001006″ %}

create new child page

e) Save Page

Method 2 – Liquid tag in the source field on the web template

Follow the below steps to add chart using Copy field on a web page

a) Navigate to Dynamics 365 portal

b) Go to Web Template ➤ Add new template

c) Give details like Name and Website

chart web template

d) Add below code in Source field, you can add single or multiple charts as per requirement. Replace Id’s with actuals

code for portale) Save Web Template

f) Next, navigate to a page template to be used, you can use existing also.

g) Page Template ➤ Create Page Template

h) Add below details

Name, Website, Type=Web Template, Web Template=template you have created above, entity name =Web Page(adx_webpage)

chart page template 2

i) Save Page Template

j) Now create a child page on the portal

k) Give details as below.

charts for leads

l) Save Page.

The Final Output

Final output

Unsupported charts and chart types

The following Dynamics 365 for Customer Engagement chart types are currently not supported in portals:

  • Doughnut
  • Tag

The following table lists the Dynamics 365 for Customer Engagement charts that are currently not supported in portals.

Chart NameChart IDEntity Type
Accounts by Owner – Tag Chartbe178262-6142-4b41-85b7-4ccedc62cfd9account
Activities by Owner – Tag Chartc83b331e-87c7-488c-b8e7-89a6098ea102activitypointer
Activities by Priority – Doughnut Chartd3f6c1eb-2e4b-428b-8949-682a311ae057activitypointer
Contacts by Account2ff3ebea-6310-4dde-b3a1-e1144ea42b7bcontact
Contacts by Countryea89e2ad-2602-4333-8724-aa5775d66b77contact
Contacts by Preferred Contact Method751b7456-308e-4568-a3a9-47135aae833acontact
Goal Progress (Count)a93b8f7b-9c68-df11-ae90-00155d2e3002goal
Goal Progress (Money)aec6d51c-ea67-df11-ae90-00155d2e3002goal
Today’s Target Vs. Actuals (Count)1b697c8e-9a6f-df11-986c-00155d2e3002goal
Today’s Target Vs. Actuals (Money)1e697c8e-9a6f-df11-986c-00155d2e3002goal
Cases By Account38872e4f-ac99-e511-80da-00155dc1b253incident
Cases By Priority0f0fb995-9d6f-453c-b26d-8f443e42e676incident
Cases By Product17c3f166-5b22-4476-819b-b05da2e8d24fincident
Articles expiring this month by owner47d696ad-7c3b-e511-80d1-00155db10d2bknowledgearticle
By Owner330068fd-833b-e511-80d1-00155db10d2bknowledgearticle
By Subjectbcd3f9a5-913b-e511-80d1-00155db10d2bknowledgearticle



Transform Your Business in 4 ways with Dynamics 365 Portals

Dynamics 365 Portals are shipped with every Dynamics tenant* along with multiple ready to use templates that can be quickly configured and customized to suit business needs to build and extend channels of communication and Collaborate with specifically invited customers, partners or employees.

What are Dynamics 365 Portals?

  • Portals are an External website platform which is deeply integrated into CRM
  • They provide channels for various Customer Engagement Scenarios
  • They are an opportunity to extend CRM modules to the web for external customers and partners, without the added burden of building, hosting and customizing

dynamics 365 portals

The Microsoft promise

  • High Availability: 9% Guaranteed Uptime with Financially backed SLA
  • Performance & Scalability: Enterprise-grade scale and Performance for your portals
  • Disaster Recovery: Making sure your Portals are always up and running.
  • Data Protection: Compliance with Microsoft Data protection standards to make sure your data is safe.
  • Global Availability: Available Worldwide from your nearest Datacenter.
  • Security: Modern TLS crypto standards, DDOS protection, X-site scripting protection, etc.

Listen to those who matter

THE PORTAL provides a single view to the customer of all his activities with your organization. Every single Account – be it Partner or a customer, has a distinct view of all his activities with your organization.

  • Sales – Products Purchased, change Logs, Invoices
  • Customer Service – Knowledgebase for Self-Service, Case history, Live Assist channel
  • Marketing – White papers, Product Collateral, New Launches, events, news, and Webinars

Share and collaborate in real-time

The portal provides an Out of the box Collaboration tool in the form of forums. Easy Moderation capabilities and discussion views make responding to customer queries and discussion with Partners on Opportunities seamless and easy.

While the Support team resolves cases and creates the knowledge base articles in its routine daily activities, the same can be surfaced on the portal. Customers and partners can create and track queries and issues to closure and rely on Self- Service for any urgent issues. The Search feature and the classified display of KB is a default feature available on specific portal templates.

Engage – Interact with your customer

Embed a chat widget onto a portal to proactively engage with customers. Be it for sales inquiries or requests from partners or issues which need to be responded to and resolved, personal touch and availability of someone to address it, always creates a positive experience. Live Assist or any other Third-party app can easily integrate and reside within the Dynamics 365 portals.

dynamics 365 portals 2

Engage customers with a modern case management system, which can search through the Knowledge Base – one of the most powerful features of the platform – and scan through key terms and phrases to show results. Activities and correspondence tracking and quick views of Active and Resolved cases all reduce the burden on Call center and the helpdesk teams.

Transform – Leverage the platform for more

Dynamics 365 Portals literally has all the capability available in Dynamics and more.

Social collaboration – Polls, Discussion Forums, Knowledge Base Search, and Self Service are items just on the surface. Add to it, the mobile capability where its device ready and plays well even when you are on the move.

Dynamics 365 portal 3

Surface your product and Service collateral and use the platform for marketing, highlight your featured products and enable the Sales team, share newsletters and webinar links and create a Knowledge store which becomes a reference Library for all, link it to an eCommerce portal and a payment gateway and shorten the sales-to-pay- time.

*Check the license requirements

Want to know how our Dynamics 365 Self Service Portals have helped create amazing customer experiences?

Dynamics 365 Portal – Best Practices for Success

Automation has become a necessity in every type of business and Dynamics 365 CRM is one of the most preferred automation systems implemented by various organizations around the globe. But its success totally depends upon its users, which leads us to the question, how to make the Dynamics 365 portal good so that adoption is high.

Dynamics 365 Portal Best Practices

  • Brand it- make it look good. 

Your portal can be branded!

While it was a complex activity earlier, with bootstrap framework becoming the standard, your portal is responsive and views fantastically on devices too.

Use your brand colors and fonts to make as close to your Org. brand guidelines. The bottom line – Give it the same detailed attention as your Internet-facing site!

  • Give it a Title and a Name

The simplest name is to continue with the Microsoft nomenclature – Portal. But, give it some thought – this is the site that is going to be used by your existing esteemed clientele. You need to title it as you want them to perceive the Portal. A few other simple name options – Engage, Connect, Collaborate!

  • Update the URL

Give your portal a URL that your clients can relate your Org with. A “microsoftdynamicscrmportal” or “powerappportal” should be updated to your org. domain name

Create a subdomain on your DNS and if there is consensus, link it to the Internet site as a database portal

This portal, linked to your Dynamics database will potentially hold secure information, so remember to encrypt the data via an SSL certificate

  • Simplify and channelize Authentication and Authorization

While there are several modes of authentication mechanisms available, choose one or more as required, which your clients may need and more importantly, which you and your team can maintain and troubleshoot with time

Simplify the registration process and sending of invitations – out of the box it’s cumbersome ​!

Set up the right roles and provide authorized gated access to teams to access correct and specific data shared with them.

  • Consolidate all knowledge – forums, KB articles, manuals and guides

Use the Portal to share collateral with your clients – be it documents, Live Help, helpdesk Support, or discussion forums.

Consolidate all knowledge – forums, KB articles, manuals, and guides. The

Search is a great feature, but it can only work if the content is one place. ​

  • Drive Adoption internally

Train and educate your team so that they are enabled and realize how the portal can increase their productivity.

Once the content is surfaced, it will be your team whose usage and constant reference to the portal and data sharing on it will bring the customer to it.

  • Portals are work in progress

Customer experience is about choice. Portals are an extension and provide an alternate mode of engagement. It is not a substitute.

Kick-off the project go Live with a basic portal and use anyone data share with your clients – like any below and then keep adding more

  • Case creation Or
  • Invoice sharing Or
  • Knowledgebase Or
  • Project data Or
  • Invoices

Get feedback from your clients and scale-up.

Lastly, add analytics and identify Dynamics 365 portal traffic to find out what is working and what needs to change!

Read the Case Study about Dynamics 365 Portal Solution for Microsoft Partners

Dynamics 365 Portal Invitation – Issue with invitation redemption

Dynamics 365 Portal Invitation Issues

  1. One of the available ways to invite a user to the portal is to generate an Invitation on a Contact and email this invitation with the one time “redemption code” to the user
  2. Every invitation email sent has a unique invitation code which is valid only for the contact to whom it was emailed. It’s a long alphanumeric set of characters which is unique to the email id of this Contact.
  3. In case this redemption link is redeemed by some other user before the intended user uses it, the intended user will not be able to log in. Further, if the incorrect user, later wants an invitation to the portal for his own profile, he too will face issues.

Follow the below steps, to fix the issue in such scenarios

  • Consider “Invited Contact” as the contact to whom the portal invitation was sent and “Other Contact” as the contact who redeemed the invitation
  • Open the “Other Contact” record in CRM and navigate to the Portal Contact form. Clear out the ‘User Name’ field and save the record. Navigate to ‘External Identities’ sub-grid and delete the applicable record.

Web Authentication

Portal Contacts

  • Open the “Invited Contact” record in CRM and navigate to the Portal Contact form and ensure that the ‘User Name’ field is blank. Navigate to ‘External Identities’ sub-grid and ensure that there are no records.
  • Open Advanced Find, and search and delete the Invitation sent to the “Invited Contact”.

  • Send a new invitation to the” Invited Contact” by clicking the Work365 ‘Sent Portal Invite’ button OR the OOTB Portal ‘Create Invitation’ button

Create Invitation

Contact Management from Dynamics 365 Portal – Part 2


  • The Portal Contact form was being used by Admin for managing contacts to Create, Edit & Deactivate from Portal.
  • When new Portal contacts were created from the portal, Duplicate records were getting created despite the Duplicate Detection rule on Dynamics. It, however, showed a system message which was not understandable.
  • If the new user to be created was an Inactive user, he needed to be activated rather than be created.


  • Liquid code could not be used since it could not be triggered on change event of the email address field.
  • Defining a custom solution which worked in parallel with existing features.


  • To detect and restrict duplicate contacts getting created from the portal and provide an appropriate message there.
  • If contact is “Inactive” in CRM, rather than create a new contact, the same should be activated.


Since the duplicate detection Rule on dynamics could not be extended to the Portal, a custom process to be created using JavaScript and Liquid code  –

  • JavaScript to trigger the event of the Create Page
  • Liquid to query data on another Page.
  1. The Redirect web template:
    • Go to Portals ➤ Web Templates and Create Web Template “My Custom Web Template”, paste the below code in source property

      {% fetchxml contacts %}

      <fetch version=”1.0″ output-format=”xml-platform” mapping=”logical” distinct=”false” count=”1″ returntotalrecordcount=”true” page=”1″ >

           <entity name=”contact”>

           <attribute name=”contactid” />

           <attribute name=”statuscode” />

          <filter type=”and”>

             <condition attribute=”emailaddress1″ value=”{{request.params[’emailId’]}}” operator=”eq”/>     




      {% endfetchxml %}{  

        {% if contacts.results.total_record_count > 0 %}

        “value”: [{  

            “contactid”: “{{contacts.results.entities[0].contactid}}”,

            “statuscode”: “{{contacts.results.entities[0].statuscode.label}}”}      


         {% else %}

         “value”: []

         {% endif %}


  1. Its Page template

    Go to Portals ➤ Page Templates and create page template named “My Custom page template”, Website->Select your website, Type ➤ Web Template, Web Template ➤ “My Custom Web Template”, Entity Name ➤ Web Page(adx_webpage). Click Save.
  2. Its Web page so that it can be accessed.

Go to Portals->Web Pages and create web page give any name “My Custom Web Page”, Website ➤Your website, Parent Page->Home, Partial URL ➤”any name of your choice”, Page Template➤ “My Custom page template”, Publishing State->Published and click Save.

  1. On the Create Contact page – add the below JavaScript to trigger on the change event of the Email ID Text field.

Go to Portal ➤ Web Pages->Open your page and click on a web template and paste the below code in source property of web template and click Save.

Note: If you are using default web template then create a new one

  <script type=”text/javascript”>   

      $(document).ready(function () {  

   $(“#emailaddress1”).change(function() {


      var httpReq = CreateHTTPRequest(“GET”, “/mycustomwebpage/?emailId=” + $(“#emailaddress1”).val(), false);


        if (httpReq.status == 200) {

      var contactId = JSON.parse(httpReq.responseText).value;

            if(contactId.length > 0)


                if(contactId[0].statuscode == “Inactive”)


                   $(‘.breadcrumb’).append(‘<div class=”notifications” style=”display: block;”> <div class=”notification alert alert-danger error alert-dismissible” role=”alert”><button type=”button” class=”close” data-dismiss=”alert” aria-label=”Close”><span aria-hidden=”true”>×</span></button><span class=”fa fa-exclamation-triangle” aria-hidden=”true”></span> Note: This contact already exists in CRM, in InActive mode. Click <a href=”/updatecontact?id=’+ contactId[0].contactid +'” target=”_blank”>here</a> to open the record and Activate.</div></div>’); 




                   $(‘.breadcrumb’).append(‘<div class=”notifications” style=”display: block;”> <div class=”notification alert alert-danger error alert-dismissible” role=”alert”><button type=”button” class=”close” data-dismiss=”alert” aria-label=”Close”><span aria-hidden=”true”>×</span></button><span class=”fa fa-exclamation-triangle” aria-hidden=”true”></span> Note: This contact is already exists in CRM</div></div>’); 




            else{ $(‘#InsertButton’).attr(‘disabled’,false); }       




      CreateHTTPRequest = function (action, url, async) {

    try {

        var httpReq = new XMLHttpRequest();

        httpReq.open(action, url, async);

        httpReq.setRequestHeader(“Accept”, “application/json”);

        httpReq.setRequestHeader(“Content-Type”, “application/json; charset=utf-8”);


    catch (ex) {

        throw ex;


    return httpReq;



Note: In the above script change the click here to open and the activate link to your edit contact page. Steps to create Edit contact page below.

  • Create Edit contact page to activate contact on portal
  • Create a new web Contact form in CRM. Fields
    • Full Name
    • Account
    • Work Email address
    • Contact details
  • The update contact form on Portal
    • Go to Portals ➤ Entity Forms ➤ New and Create new entity form for update Contact. Select Entity name ➤ Contact, Form Name as created above in Dynamics, Select mode as Edit, Record Source type ➤ Query String, Record ID Query String Parameter  ➤ id. Website ➤ Select your website.
    • In Additional setting ➤ Action Button Configuration ➤ Actions ➤ Click on +Activate
    • Go to Portals ➤Web Pages ➤ New and Create a web page for update contact entity form.

You can add some emails and templates to be triggered on any changes to be tracked!

Also, check out Contact Management from Dynamics 365 Portal – Part 1

Contact Management from Dynamics 365 Portal – Part 1


  • The Customer service Portal using Azure AD authentication was being used by the client to collaborate on products changelogs, consumption changes, Invoices, project documents and updates, customer service tickets and Company information management
  • Customers have multiple users belonging to different departments who need to access the portal and review and update information in different capacities.
  • Every time a new client stakeholder needs to be given access/ removed to the portal, the CRM admin team needed to action it.
  • The onus of security of critical client information management was entirely on the CRM team.


  • Transfer onus of security:
    • CRM Admin to create one portal user from the customer Contacts who would have permission to create, update and deactivate other contacts from his organization – the client “portal user manager”
  • Managing users:
    • He should be able to assign the required Roles and even create other Portal user managers.
    • He should be able to deactivate these users and also update their portal role if needed. However, they should not be deleted from CRM.
  • User Access:
    • Users should be sent an invitation to be redeemed via email when they are created.


  • Go to Portals ➤Web Roles and create web roles
    • Portal user manager
    • Portal Finance User
    • Portal IT User
    • Portal Project user
  • Create a two-options field for each Web role above on the Contact entity
  • Create a new web Contact form in CRM. Fields
    • Full Name
    • Account
    • Work Email address
    • Contact details
    • Web role two-options [for as many roles defined]
      • Go to field properties ➤ Formatting ➤ Control Formatting ➤ Select Checkbox
    • Is Portal contact
  • Create a copy of the above form for the update contact process
  • Create a view in CRM – “Show Portal Contacts
    • Add filter Status Reason=Active and Is Portal Contact=Yes
  • New Portal Contact page
    • Go to Portals ➤ Entity Forms ➤ New and Create new entity form for new Contact. Select mode as Insert.
      • Add the below script to set the ‘Is Portal contact ‘ to true and hidden

$(document).ready(function() {

$(‘#iotap_isportalcontact’).prop(‘checked’, true);




  • Go to Portals ➤ Web Pages ➤ New and Create web page for new contact entity form.
  • Update Portal Contact page
    • Go to Portals ➤ Entity Forms ➤ New and Create new entity form for update Contact. Select mode as Edit.
    • Go to Portals ➤ Web Pages ➤ New and Create a web page for update contact entity form.
  • The default “Invitation” entity and the workflow “send Invitation” will be used

Create an on-demand workflow on Contact entity to trigger when “Record is created” to associate web role and send a portal invitation when a new contact is created from the portal.

record is created

  • Manage Users page
  • Go to Portals ➤ Entity Lists ➤ New and enter Name, Entity Name-Contact(contact), Website-your website, click +view button select view “Show Contacts Portal” and then again select +view button and select “Active Contacts
  • Grid Configuration ➤ Item Actions ➤ +Edit and set Target Type as Entity Form, Entity Form- “Update Contact” and Button Label as “Edit
  • Grid Configuration ➤ Item Actions ➤ +Deactivate and set Button Label as “Deactivate
  • Go to Portals ➤ Web Pages ➤ New and create a web page for “Manage users” entity list
  • Create a navigation Link – “Manage users” which is accessible only to the Portal user manager role
    • Go to Portals ➤ Web Link Sets ➤ Primary Navigation ➤ Links ➤ Add New Web Link with Name, Publishing state as Published, Parent WebLink as Home, Page as “Manage users”.
    • Go to Portals ➤ Web Page Access Control Rules ➤ New and create Access rule with Name, Right as “Restrict Read”, select “Web Page” and select “Web Role” “Portal user Manager”.
  • Create a duplicate detection rule [if not available] based on the contact email Id, so that duplicate contacts are not created by the user manager.
    • Go to Settings ➤ Data Management ➤ Duplicate Detection Rules ➤ NewNew Rules
    • Publish.
  • New button
    • Go to Portals ➤ Entity List->Select entity list “Manage users” set Web Page for create and Create Button Label as “New

The completed customization

completed customization

Also, check out Contact Management from Dynamics 365 Portal – Part 2

Dynamics 365 Portals Authentication – Options and Features

Dynamics 365 Portals

Dynamics 365 Portals provide multiple authentication mechanisms and features which are very easy to configure. Having said that, rather than allow all modes [which may ultimately result in clutter and confusion] answers to a quick survey of the below questions should be collated when finalizing them.

  1. Who are the Potential portal users – Internal employees and Partners who are available as dynamics contacts or prospects and customers who are external?
  2. Which mechanism would make it easier for them to login?
  3. Do you have the required manpower and systems to manage any requests/ issues which may be reported?
  4. What is the information/ collaboration expected on the Portal?

While authentication is the gateway for a user to access the portal, the below 2 configurations are equally important to be set up for user access.

Basic set up for a Dynamics 365 Portal User

  1. Contact set up: In a portal application, an authenticated portal user is associated with either a Dynamics 365 Contact or System User. The default portals configuration is contact-based. The contact can be created
  2. Web Role: Portal users must be assigned to a web role to gain permissions beyond unauthenticated users.


Portal users can sign in ether with authentication provided by Dynamics 365 contact membership provider or with an external account based on ASP.NET Identity.

Local authentication: Local authentication is the common forms-based authentication uses the contact records of a Dynamics 365 for Customer Engagement organization for authentication.

External authentication: External authentication is provided by the ASP.NET Identity API. In this case, account credentials and password management are handled by a third-party identity provider. This includes OpenID based providers such as Yahoo! and Google and OAuth 2.0 based providers such as Twitter, Facebook, and Microsoft. Users sign up to the portal by selecting an external identity to register with the portal. After it is registered, an external identity has access to the same features as a local account.

Options available

  1. Windows Authentication
  2. Windows Live ID Web Authentication
  3. Form Authentication
    • External (social provider) user sign-in through third-party identity providers
    • Open registration

The Dynamics 365 Portals login screens

Sign in by using a local identity or external identity

auto account setup

Sign up by using a local identity or external identity

register for new account

Redeem an invitation code manually


Dynamics 365 Portal Features

  1. Email address confirmation
    1. Authenticated users manage their user accounts through the Security navigation bar of the profile page. The profile page is also where the user is reminded to confirm their email address by requesting a confirmation email to be sent to their email account.
  2. Password recovery and Password reset
    1. Returning visitors who require a password reset (and have previously specified an email address on their user profile) can request a password reset token to be sent to their email account
  3. Redeem invitation
    1. Both local and external account registration can use invitation codes for sign up, as well as the email confirmation workflow. These invitations can be generated and sent out from Dynamics by permission users by email
    2. Redeeming an invitation code allows a registering visitor to be associated with an existing contact record that was prepared in advance specifically for that visitor.
    3. With open registration enabled, however, users are not required to provide an invitation code to complete the sign-up process.
  4. Two-factor authentication with email
    1. The two-factor authentication feature increases user account security by requiring proof of ownership of a confirmed email in addition to the standard local or external account sign-in.
    2. A user trying to sign in to an account that has two-factor authentication enabled is sent a security code to the confirmed email associated with their account. The security code must be submitted to complete the sign-in process
  5. User Lockout
    1. When a certain number of failed password attempts are detected in a short period of time, the user account is locked for a period of time. The user can try again after the lockout period elapses

Meanwhile, another interesting related information about the portal which supersedes authentication is that while the Dynamics 365 for Customer Engagement Portal is public when provisioned and accessible by anyone from any computer, now you can restrict access to your portal from a list of IP addresses.

For example, a government organization might want to surface their content only within their corporate network. A commercial organization might want to display the portal only when it is published and not while it is in development to avoid any data leak.

When a request to the portal is generated from any user, their IP address is evaluated against the allow list. If the IP address is not on the list, the portal displays a web page with an HTTP 403 status code!