Portal Security Authentication and Authorization – Quick Reference Guide

Authentication

Local Authentication (Not Recommended by Microsoft)

  • Contact record configured for Portal access
  • Invite enabled access (configurable)
  • Username & Password stored in CRM. Password is encrypted
  • Password Recovery & Reset
  • Email address confirmation & Two-factor authentication via email (optional)
  • Lockout in case of multiple failed login attempts (configurable)

External Authentication

  • Contact record configured for Portal access
  • No-code configuration approach for setup
  • Implemented via ASP.Net Identity API framework  (OpenID Connect or OAuth or SAML based providers)
  • Invite enabled access (configurable)
  • Password managed by 3rd party identity provider (Yahoo, Google, Twitter, Facebook, Microsoft, Yammer, LinkedIn etc)
  • Multiple external identities can be configured. Users can login with any of the accounts (depending on configuration)

Authorization

Web Roles

  • Controls access to the Portal
  • Users can have 1 or many roles. (roles are additive)
  • An administrator can define custom roles
  • An administrator can define a default role, which will automatically available to a logged-in user (even if the contact has not been assigned any web role)

Entity Permissions

  • Enables record-based security.
  • Handles scope (global, parental, account, contact) and permissions (read, create, write, delete) for data surfaced on the portal

Web Page Access Control Rules*

  • Restricts access to Portal Web Pages

Content Access Level

  • Provides an additional layer of security for Knowledge Articles (e.g. : Default, Registered Users and Premium Users)

Publishing State Transition Rules

  • It provides an additional layer of security for managing content on the portal.

Forum Access Permissions

  • Provides an additional layer of security for viewing and/or moderating Forums

Website Access Permissions

  • Permissions for enabling front-side editing of portal content (e.g. : Managing site navigation, content snippet etc)

Liquid Templates

  • Custom code using Liquid can be used to cover scenarios not achievable using above.

Other Security Features

IP Address Restriction

  • Restrict access to the portal via IP address

Enable maintenance mode

  • Disable portal access when the portal/CRM is under maintenance
  • Display a customized page to notify the user

GDPR Implementation

  • Several configuration options available for GDPR compliance

Also, read Dynamics 365 Portals Authentication – Options and Features

PowerApp Portals

Background

The PowerApp Portals provide one of the last missing pieces to the Power Platform story.

PowerApps Portals was announced in June as the successor to Dynamics 365 Portal. It will be fully decoupled from Customer Experience apps and will live alongside the two other types of PowerApps – Canvas and Model-driven. It has been promoted as a way to expose processes and data to external users with new mechanisms tied to Azure, PowerApps, and the Common Data Service [including Dynamics].

PowerApp Portal

For Microsoft and other enterprise software vendors, exposing business systems data to non-licensed users has been a long-running point of contention. Customers have long been warned not to look for workarounds to purchasing licenses such as exposing data through reports or other customer application interfaces that avoid licensed interfaces. With the below changes, Microsoft expects to plug this gap and compliance issue –

  • Putting together a new licensing model for Portals
  • Implementing consumption measuring devices
  • Simplifying for the Org to quickly onboard and
  • Extending the platform with enhancements and integrations

Details below are based on information as is currently being shared by Microsoft – however, MS is still taking feedback from partners and trying to make some amendments to the licensing structure.

What is a PowerApp Portal?

A PowerApp Portal is a Low Code, responsive Website with the familiar WYSIWYG designer for easy branding, linkable to a CDS system. Users can interact with the data via authentication provided by enterprise authentication providers or anonymously. Information can be filtered, and security applied so that the external user can only see or interact with data that is specific to him or his role.

What is CDS system?

CDS for simple understanding is an easy to manage, secure database with a prebuilt set of entities provided as a paid Azure Service.

While Dynamics 365 already uses CDS as the backend, data from multiple other data stores can be easily integrated into CDS and a unified experience across databases can be provided

Features of the PowerApp Portal

To understand its features simplistically – As an off-shoot of the Dynamics 365 portals, all of what can be done on the existing Dynamics Portals can be done on the PowerApp Portals too- and more. The biggest feature on the portal is the ease of building the PowerApp portal. The Basic version of the portal can be set up easily by the business users, with drag and drop functionality. Advanced versions need Liquid consultants and developers

Features Compare and Contrast – Dynamics 365 Portals and PowerApp Portals

Dynamics 365 Portals PowerApps Portals

1

2 default URL options

– microsoftcrmportals

– powerappsportal

1 default URL option

– powerappsportal

 

2

Developer Intensive Quick and easy setup experience

3

Built on Dynamics or CDS data Built on Dynamics or CDS data

4

Prebuilt templates

– customer sales and service,

– employee sales and service,

– employee management, and

– community management.

Build from scratch using a Blank template [ same templates as on dynamics to come]

5

Authentication: Predefined set of providers, but cumbersome to set up Available authentication configuration: Azure AD B2C, LinkedIn, Facebook, Google, Okta, and others

6.

Can be linked to Dynamics 1st Party apps only, as a source Can work with any a CDS based data source

Skillsets needed to work on the PowerApp portal

  • Ability to code using Liquid code and JavaScript
  • Experience around working with entities and processes
  • Understanding of security roles and permissions
  • WYSIWYG designing
  • Understanding/ implementation of Authentication Providers [recommended is AzureB2C]

Pricing

Microsoft revealed new pricing and licensing for PowerApps Portals during Inspire but since then has been evolving and building on it.

Notable changes which have been announced.

Pricing – Compare and Contrast – Dynamics 365 Portals and PowerApp Portals

Parameter Dynamics 365 Portals New PowerApps Portals
Provisioning a portal instance Purchase Dynamics 365 Additional Portal SKU at $500 per month Provision a portal—no need to purchase portal addons to provision a portal
Qualifying base offers Dynamics 365 licenses only Customers can add on portal external login or page view capacity to Dynamics 365, PowerApps and Microsoft Flow licenses
Internal use rights Dynamics 365 enterprise licenses, Dynamics 365 team member license. Internal users can now access portals with a PowerApps per-app/per-user license. For a Dynamics license, it is same as custom PowerApps use rights.
Monetization Per portal instance Per page view Per log in Per page view
Entitlement for Dynamics 365 customers 1 portal instance for the first 10 full Dynamics 365 USLs Not applicable―PowerApps Portals instances can be provisioned

PowerApp Portals – Licensing details

[as currently available for – Dt.9 Sept. 2019]

PowerApps Portals can be provisioned without requiring a specific license. They are charged only on Usage. Breaking down the Portal Users into Licensed and Non Licensed users, irrespective of whether they are internal or external –

1) Licensed users [Internal]

  • A user having any PowerApp Plan license
  • Dynamics 365 [various]

Users who have valid licenses will not be levied an additional usage charge

2) Non-Licensed users [Internal or External]

Microsoft differentiates between Anonymous [ not signed in] and Authenticated [signed in] users.

  • Authenticated users
    • Access by authenticated users will be charged on a “per log-in”. A log-in is defined as a twenty-four-hour period of access by a single authenticated user/ app, chargeable monthly.
  • Anonymous users
    • Anonymous portal users will be priced on a simple “per-page-view” model, chargeable monthly

3) Minimum licensing quantities

  • Login quantity

The minimum login quantity to be assigned to a portal is 100 logins/month.

Once you have assigned 100 logins, you can assign them in units of 1.

  •  Pageviews quantity:

Minimum 50,000 per portal, after that you can assign 1 at a minimum.

4) Additional portal instances

  • Additional portal instances can be spun up without any additional charge.
  • Monthly charge based on usage will be billable based on above permutations

5) Existing Dynamics 365 access to PowerApps portals

Dynamics 365 Enterprise users will continue to be able to run apps and portals that extend and customize the licensed Dynamics 365 application, as long as those apps and portals [even if they are custom] are located in the same environment as their licensed Dynamics 365 application.

Custom apps or portals outside of the Dynamics 365 environment and access to his app license on Dynamics 365 will require a standalone PowerApps license.

The Team Member license does not get access to the custom portal as Team Member licenses do not allow access to a custom app.

user types

Reference:

https://docs.microsoft.com/en-us/power-platform/admin/powerapps-flow-licensing-faq

Charts on the Dynamics 365 Portal

There are two ways to add charts

  1. Add chart Liquid tag in the Copy field on a webpage
  2. Add chart Liquid tag in the Source field on a Web Template

Prerequisite for implementing Charts on Portal

  • Entity Permission Requirement
  • ID of Chart
  • ID of view to filter the query

  a) Entity permission requirement

Read privilege is asserted for the target entity being queried in the chart. For anonymous or authenticated users to be able to view the chart, you must ensure that the appropriate Entity Permission records are created and assigned to applicable Web Roles

If permission is not granted, the user will see an access denied message or You do not have appropriate privileges.

  b) ID of Chart

Follow below steps for getting id of chart

1) Go to the target entity, for example, Sales ➤ Leads.

2) Select ‘Show Charts’ option from top ribbon

show chart

3) Choose the chart you want.

4) Select More Commands, and then select Export Chart.

lead by source

5) Open the XML file of the exported chart in a text editor.

6) Copy the value of the <visualizationid> tag.

lead by source xml7) Paste the visualizationid value into your Liquid chart tag declaration for the chart ID parameter, for example:

{% chart id:EE3C733D-5693-DE11-97D4-00155DA3B01E %}.

  c) ID of view to filter the query

1) Go to the target entity, for example, Sales ➤ Leads.

2) Select the view you want from the view drop-down header.

lead by source

3) Copy the viewid value from the View window’s URL.

https://iotap20192020.crm.dynamics.com/main.aspx?appid=040a9079-eac0-e911-a9d3-000d3a170af5&pagetype=entitylist&etn=lead&viewid=5a926b99-3a5f-df11-ae90-00155d2e3002&viewType=1039

copy viewid

4) Paste this ID into your Liquid chart tag declaration for the viewid parameter, for example:

<!—Leads by Source – All Leads –>

{% chart id:”EE3C733D-5693-DE11-97D4-00155DA3B01E” viewid:”00000000-0000-0000-00AA-000010001006″ %}

Method 1 – Add chart Liquid tag in the copy field on the webpage

Follow the below steps for adding a chart.

a) Add Child Page to Portal.

b) Give all required details on General

c) Go to Language Content

d) Add below liquid tag with required original ids in Copy field of Page

{% chart id:”EE3C733D-5693-DE11-97D4-00155DA3B01E” viewid:”00000000-0000-0000-00AA-000010001006″ %}

create new child page

e) Save Page

Method 2 – Liquid tag in the source field on the web template

Follow the below steps to add chart using Copy field on a web page

a) Navigate to Dynamics 365 portal

b) Go to Web Template ➤ Add new template

c) Give details like Name and Website

chart web template

d) Add below code in Source field, you can add single or multiple charts as per requirement. Replace Id’s with actuals

code for portale) Save Web Template

f) Next, navigate to a page template to be used, you can use existing also.

g) Page Template ➤ Create Page Template

h) Add below details

Name, Website, Type=Web Template, Web Template=template you have created above, entity name =Web Page(adx_webpage)

chart page template 2

i) Save Page Template

j) Now create a child page on the portal

k) Give details as below.

charts for leads

l) Save Page.

The Final Output

Final output

Unsupported charts and chart types

The following Dynamics 365 for Customer Engagement chart types are currently not supported in portals:

  • Doughnut
  • Tag

The following table lists the Dynamics 365 for Customer Engagement charts that are currently not supported in portals.

Chart Name Chart ID Entity Type
Accounts by Owner – Tag Chart be178262-6142-4b41-85b7-4ccedc62cfd9 account
Activities by Owner – Tag Chart c83b331e-87c7-488c-b8e7-89a6098ea102 activitypointer
Activities by Priority – Doughnut Chart d3f6c1eb-2e4b-428b-8949-682a311ae057 activitypointer
Contacts by Account 2ff3ebea-6310-4dde-b3a1-e1144ea42b7b contact
Contacts by Country ea89e2ad-2602-4333-8724-aa5775d66b77 contact
Contacts by Preferred Contact Method 751b7456-308e-4568-a3a9-47135aae833a contact
Goal Progress (Count) a93b8f7b-9c68-df11-ae90-00155d2e3002 goal
Goal Progress (Money) aec6d51c-ea67-df11-ae90-00155d2e3002 goal
Today’s Target Vs. Actuals (Count) 1b697c8e-9a6f-df11-986c-00155d2e3002 goal
Today’s Target Vs. Actuals (Money) 1e697c8e-9a6f-df11-986c-00155d2e3002 goal
Cases By Account 38872e4f-ac99-e511-80da-00155dc1b253 incident
Cases By Priority 0f0fb995-9d6f-453c-b26d-8f443e42e676 incident
Cases By Product 17c3f166-5b22-4476-819b-b05da2e8d24f incident
Articles expiring this month by owner 47d696ad-7c3b-e511-80d1-00155db10d2b knowledgearticle
By Owner 330068fd-833b-e511-80d1-00155db10d2b knowledgearticle
By Subject bcd3f9a5-913b-e511-80d1-00155db10d2b knowledgearticle

 

 

Transform Your Business in 4 ways with Dynamics 365 Portals

Dynamics 365 Portals are shipped with every Dynamics tenant* along with multiple ready to use templates which can be quickly configured and customized to suit business needs to build and extend channels of communication and Collaborate with specifically invited customers, partners or employees.

What are Portals for Dynamics 365?

  • Portals are an External website platform which is deeply integrated into CRM
  • They provide channels for various Customer Engagement Scenarios
  • They are an opportunity to extend CRM modules to the web for external customers and partners, without the added burden of building, hosting and customizing

dynamics 365 portals

The Microsoft promise

  • High Availability: 9% Guaranteed Uptime with Financially backed SLA
  • Performance & Scalability: Enterprise-grade scale and Performance for your portals
  • Disaster Recovery: Making sure your Portals are always up and running.
  • Data Protection: Compliance with Microsoft Data protection standards to make sure your data is safe.
  • Global Availability: Available Worldwide from your nearest Datacenter.
  • Security: Modern TLS crypto standards, DDOS protection, X-site scripting protection, etc.

Listen to those who matter

THE PORTAL provides a single view to the customer of all his activity with your organization. Every single Account – be it Partner or a customer, has a distinct view of all his activities with your organization.

  • Sales – Products Purchased, change Logs, Invoices
  • Customer Service – Knowledgebase for Self-Service, Case history, Live Assist channel
  • Marketing – White papers, Product Collateral, New Launches, events, news, and Webinars

Share and collaborate in real-time

The portal provides an Out of the box Collaboration tool in the form of forums. Easy Moderation capabilities and discussion views make responding to customer queries and discussion with Partners on Opportunities seamless and easy

While the Support team resolves cases and creates the knowledge base articles in its routine daily activities, the same can be surfaced on the portal. Customers and partners can create and track queries and issues to closure and rely on Self- Service for any urgent issues. The Search feature and the classified display of KB is a default feature available on specific portal templates

Engage – Interact with your customer

Embed a chat widget onto a portal to proactively engage with customers. Be it for sales inquiries or requests from partners or issues which need to be responded to and resolved, personal touch and availability of someone to address it, always creates a positive experience. Live Assist or any other Third-party app can easily integrate and reside within the Dynamics portal

dynamics 365 portals 2

Engage customers with a modern case management system, which can Search through the Knowledge Base – one of the most powerful features of the platform – and scan through key terms and phrases to show results. Activities and correspondence tracking and quick views of Active and Resolved cases all reduce the burden on Call center and the helpdesk teams.

Transform – Leverage the platform for more

Dynamics Portals literally has all the capability available in Dynamics and more.

Social collaboration – Polls, Discussion Forums, Knowledge Base Search and Self Service are items just on the surface. Add to it, the mobile capability where its device ready and plays well even when you are on the move.

Dynamics 365 portal 3

Surface your product and Service collateral and use the platform for marketing, highlight your featured products and enable the Sales team, share newsletters and webinar links and create a Knowledge store which becomes a reference Library for all, link it to an eCommerce portal and a payment gateway and shorten the sales-to-pay- time.

*Check the license requirements

 

 

Dynamics 365 Portal – Best Practices for Success

Automation has become a necessity in every type of business and Dynamics 365 CRM is one of the most preferred automation systems implemented by various organizations around the globe. But its success totally depends upon its users, which leads us to the question, how to make the portal good so that adoption is high.

Dynamics 365 Portal Best Practices

  • Brand it- make it look good. 

Your portal can be branded!

While it was a complex activity earlier, with bootstrap framework becoming the standard, your portal is responsive and views fantastically on devices too.

Use your brand colors and fonts to make as close to your Org. brand guidelines. The bottom line – Give it the same detailed attention as your Internet-facing site!

  • Give it a Title and a Name

The simplest name is to continue with the Microsoft nomenclature – Portal. But, give it some thought – this is the site which is going to be used by your existing esteemed clientele. You need to title it as you want them to perceive the Portal. A few other simple name options – Engage, Connect, Collaborate!

  • Update the URL

Give your portal a URL which your clients can relate your Org with. A “microsoftdynamicscrmportal” or “powerappportal” should be updated to your org. domain name

Create a subdomain on your DNS and if there is consensus, link it to the Internet site as a database portal

This portal, linked to your Dynamics database will potentially hold secure information, so remember to encrypt the data via an SSL certificate

  • Simplify and channelize Authentication and Authorization

While there are several modes of authentication mechanisms available, choose one or more as required, which your clients may need and more importantly, which you and your team can maintain and troubleshoot with time

Simplify the registration process and sending of invitations – out of the box it’s cumbersome ​!

Set up the right roles and provide authorized gated access to teams to access correct and specific data shared with them.

  • Consolidate all knowledge – forums, KB articles, manuals and guides

Use the Portal to share collateral with your clients – be it documents, Live Help, helpdesk Support or discussion forums.

Consolidate all knowledge – forums, KB articles, manuals, and guides. The

search is a great feature, but it can only work if the content is one place. ​

  • Drive Adoption internally

Train and educate your team so that they are enabled and realize how the portal can increase their productivity.

Once the content is surfaced, it will be your team whose usage and constant reference to the portal and data sharing on it will bring the customer to it.

  • Portals are work in progress

Customer experience is about choice. Portals are an extension and provide an alternate mode of engagement. It is not a substitute.

Kick-off the project go Live with a basic portal and use anyone data share with your clients – like any below and then keep adding more

  • Case creation Or
  • Invoice sharing Or
  • Knowledgebase Or
  • Project data Or
  • Invoices

Get feedback from your clients and scale-up.

Lastly, add analytics and identify Dynamics 365 portal traffic to find out what is working and what needs to change!

Dynamics 365 Portal Invitation – Issue with invitation redemption

Dynamics 365 Portal Invitation Issues

  1. One of the available ways to invite a user to the portal is to generate an Invitation on a Contact and email this invitation with the one time “redemption code” to the user
  2. Every invitation email sent has a unique invitation code which is valid only for the contact to whom it was emailed. It’s a long alphanumeric set of characters which is unique to the email id of this Contact.
  3. In case this redemption link is redeemed by some other user before the intended user uses it, the intended user will not be able to log in. Further, if the incorrect user, later wants an invitation to the portal for his own profile, he too will face issues.

Follow the below steps, to fix the issue in such scenarios

  • Consider “Invited Contact” as the contact to whom the portal invitation was sent and “Other Contact” as the contact who redeemed the invitation
  • Open the “Other Contact” record in CRM and navigate to the Portal Contact form. Clear out the ‘User Name’ field and save the record. Navigate to ‘External Identities’ sub-grid and delete the applicable record.

Web Authentication

Portal Contacts

  • Open the “Invited Contact” record in CRM and navigate to the Portal Contact form and ensure that the ‘User Name’ field is blank. Navigate to ‘External Identities’ sub-grid and ensure that there are no records.
  • Open Advanced Find, and search and delete the Invitation sent to the “Invited Contact”.

  • Send a new invitation to the” Invited Contact” by clicking the Work365 ‘Sent Portal Invite’ button OR the OOTB Portal ‘Create Invitation’ button

Create Invitation

Contact Management from Dynamics 365 Portal – Part 2

Situation

  • The Portal Contact form was being used by Admin for managing contacts to Create, Edit & Deactivate from Portal.
  • When new Portal contacts were created from the portal, Duplicate records were getting created despite the Duplicate Detection rule on Dynamics. It, however, showed a system message which was not understandable.
  • If the new user to be created was an Inactive user, he needed to be activated rather than be created.

Challenges

  • Liquid code could not be used since it could not be triggered on change event of the email address field.
  • Defining a custom solution which worked in parallel with existing features.

Requirement

  • To detect and restrict duplicate contacts getting created from the portal and provide an appropriate message there.
  • If contact is “Inactive” in CRM, rather than create a new contact, the same should be activated.

Solution

Since the duplicate detection Rule on dynamics could not be extended to the Portal, a custom process to be created using JavaScript and Liquid code  –

  • JavaScript to trigger the event of the Create Page
  • Liquid to query data on another Page.
  1. The Redirect web template:
    • Go to Portals ➤ Web Templates and Create Web Template “My Custom Web Template”, paste the below code in source property

      {% fetchxml contacts %}

      <fetch version=”1.0″ output-format=”xml-platform” mapping=”logical” distinct=”false” count=”1″ returntotalrecordcount=”true” page=”1″ >

           <entity name=”contact”>

           <attribute name=”contactid” />

           <attribute name=”statuscode” />

          <filter type=”and”>

             <condition attribute=”emailaddress1″ value=”{{request.params[’emailId’]}}” operator=”eq”/>     

          </filter>

        </entity>

      </fetch>

      {% endfetchxml %}{  

        {% if contacts.results.total_record_count > 0 %}

        “value”: [{  

            “contactid”: “{{contacts.results.entities[0].contactid}}”,

            “statuscode”: “{{contacts.results.entities[0].statuscode.label}}”}      

        ]

         {% else %}

         “value”: []

         {% endif %}

        }

  1. Its Page template

    Go to Portals ➤ Page Templates and create page template named “My Custom page template”, Website->Select your website, Type ➤ Web Template, Web Template ➤ “My Custom Web Template”, Entity Name ➤ Web Page(adx_webpage). Click Save.
  2. Its Web page so that it can be accessed.

Go to Portals->Web Pages and create web page give any name “My Custom Web Page”, Website ➤Your website, Parent Page->Home, Partial URL ➤”any name of your choice”, Page Template➤ “My Custom page template”, Publishing State->Published and click Save.

  1. On the Create Contact page – add the below JavaScript to trigger on the change event of the Email ID Text field.

Go to Portal ➤ Web Pages->Open your page and click on a web template and paste the below code in source property of web template and click Save.

Note: If you are using default web template then create a new one

  <script type=”text/javascript”>   

      $(document).ready(function () {  

   $(“#emailaddress1”).change(function() {

       $(‘.notifications’).remove()        

      var httpReq = CreateHTTPRequest(“GET”, “/mycustomwebpage/?emailId=” + $(“#emailaddress1”).val(), false);

        httpReq.send(null);

        if (httpReq.status == 200) {

      var contactId = JSON.parse(httpReq.responseText).value;

            if(contactId.length > 0)

            {

                if(contactId[0].statuscode == “Inactive”)

                {

                   $(‘.breadcrumb’).append(‘<div class=”notifications” style=”display: block;”> <div class=”notification alert alert-danger error alert-dismissible” role=”alert”><button type=”button” class=”close” data-dismiss=”alert” aria-label=”Close”><span aria-hidden=”true”>×</span></button><span class=”fa fa-exclamation-triangle” aria-hidden=”true”></span> Note: This contact already exists in CRM, in InActive mode. Click <a href=”/updatecontact?id=’+ contactId[0].contactid +'” target=”_blank”>here</a> to open the record and Activate.</div></div>’); 

                   $(‘#InsertButton’).attr(‘disabled’,true); 

                }

                else{

                   $(‘.breadcrumb’).append(‘<div class=”notifications” style=”display: block;”> <div class=”notification alert alert-danger error alert-dismissible” role=”alert”><button type=”button” class=”close” data-dismiss=”alert” aria-label=”Close”><span aria-hidden=”true”>×</span></button><span class=”fa fa-exclamation-triangle” aria-hidden=”true”></span> Note: This contact is already exists in CRM</div></div>’); 

                   $(‘#InsertButton’).attr(‘disabled’,true);

                }              

            }

            else{ $(‘#InsertButton’).attr(‘disabled’,false); }       

        }

        });

      });

      CreateHTTPRequest = function (action, url, async) {

    try {

        var httpReq = new XMLHttpRequest();

        httpReq.open(action, url, async);

        httpReq.setRequestHeader(“Accept”, “application/json”);

        httpReq.setRequestHeader(“Content-Type”, “application/json; charset=utf-8”);

    }

    catch (ex) {

        throw ex;

    }

    return httpReq;

}

</script>

Note: In the above script change the click here to open and the activate link to your edit contact page. Steps to create Edit contact page below.

  • Create Edit contact page to activate contact on portal
  • Create a new web Contact form in CRM. Fields
    • Full Name
    • Account
    • Work Email address
    • Contact details
  • The update contact form on Portal
    • Go to Portals ➤ Entity Forms ➤ New and Create new entity form for update Contact. Select Entity name ➤ Contact, Form Name as created above in Dynamics, Select mode as Edit, Record Source type ➤ Query String, Record ID Query String Parameter  ➤ id. Website ➤ Select your website.
    • In Additional setting ➤ Action Button Configuration ➤ Actions ➤ Click on +Activate
    • Go to Portals ➤Web Pages ➤ New and Create a web page for update contact entity form.

You can add some emails and templates to be triggered on any changes to be tracked!

Also, check out Contact Management from Dynamics 365 Portal – Part 1

Contact Management from Dynamics 365 Portal – Part 1

Situation

  • The Customer service Portal using Azure AD authentication was being used by the client to collaborate on products changelogs, consumption changes, Invoices, project documents and updates, customer service tickets and Company information management
  • Customers have multiple users belonging to different departments who need to access the portal and review and update information in different capacities.
  • Every time a new client stakeholder needs to be given access/ removed to the portal, the CRM admin team needed to action it.
  • The onus of security of critical client information management was entirely on the CRM team.

Requirement

  • Transfer onus of security:
    • CRM Admin to create one portal user from the customer Contacts who would have permission to create, update and deactivate other contacts from his organization – the client “portal user manager”
  • Managing users:
    • He should be able to assign the required Roles and even create other Portal user managers.
    • He should be able to deactivate these users and also update their portal role if needed. However, they should not be deleted from CRM.
  • User Access:
    • Users should be sent an invitation to be redeemed via email when they are created.

Solution

  • Go to Portals ➤Web Roles and create web roles
    • Portal user manager
    • Portal Finance User
    • Portal IT User
    • Portal Project user
  • Create a two-options field for each Web role above on the Contact entity
  • Create a new web Contact form in CRM. Fields
    • Full Name
    • Account
    • Work Email address
    • Contact details
    • Web role two-options [for as many roles defined]
      • Go to field properties ➤ Formatting ➤ Control Formatting ➤ Select Checkbox
    • Is Portal contact
  • Create a copy of the above form for the update contact process
  • Create a view in CRM – “Show Portal Contacts
    • Add filter Status Reason=Active and Is Portal Contact=Yes
  • New Portal Contact page
    • Go to Portals ➤ Entity Forms ➤ New and Create new entity form for new Contact. Select mode as Insert.
      • Add the below script to set the ‘Is Portal contact ‘ to true and hidden

$(document).ready(function() {

$(‘#iotap_isportalcontact’).prop(‘checked’, true);

$(‘#iotap_isportalcontact’).hide();

 $(‘#iotap_isportalcontact_label’).hide();

});

  • Go to Portals ➤ Web Pages ➤ New and Create web page for new contact entity form.
  • Update Portal Contact page
    • Go to Portals ➤ Entity Forms ➤ New and Create new entity form for update Contact. Select mode as Edit.
    • Go to Portals ➤ Web Pages ➤ New and Create a web page for update contact entity form.
  • The default “Invitation” entity and the workflow “send Invitation” will be used

Create an on-demand workflow on Contact entity to trigger when “Record is created” to associate web role and send a portal invitation when a new contact is created from the portal.

record is created

  • Manage Users page
  • Go to Portals ➤ Entity Lists ➤ New and enter Name, Entity Name-Contact(contact), Website-your website, click +view button select view “Show Contacts Portal” and then again select +view button and select “Active Contacts
  • Grid Configuration ➤ Item Actions ➤ +Edit and set Target Type as Entity Form, Entity Form- “Update Contact” and Button Label as “Edit
  • Grid Configuration ➤ Item Actions ➤ +Deactivate and set Button Label as “Deactivate
  • Go to Portals ➤ Web Pages ➤ New and create a web page for “Manage users” entity list
  • Create a navigation Link – “Manage users” which is accessible only to the Portal user manager role
    • Go to Portals ➤ Web Link Sets ➤ Primary Navigation ➤ Links ➤ Add New Web Link with Name, Publishing state as Published, Parent WebLink as Home, Page as “Manage users”.
    • Go to Portals ➤ Web Page Access Control Rules ➤ New and create Access rule with Name, Right as “Restrict Read”, select “Web Page” and select “Web Role” “Portal user Manager”.
  • Create a duplicate detection rule [if not available] based on the contact email Id, so that duplicate contacts are not created by the user manager.
    • Go to Settings ➤ Data Management ➤ Duplicate Detection Rules ➤ NewNew Rules
    • Publish.
  • New button
    • Go to Portals ➤ Entity List->Select entity list “Manage users” set Web Page for create and Create Button Label as “New

The completed customization

completed customization

Also, check out Contact Management from Dynamics 365 Portal – Part 2

Dynamics 365 Portals Authentication – Options and Features

Dynamics 365 Portals

Dynamics 365 Portals provide multiple authentication mechanisms and features which are very easy to configure. Having said that, rather than allow all modes [which may ultimately result in clutter and confusion] answers to a quick survey of the below questions should be collated when finalizing them.

  1. Who are the Potential portal users – Internal employees and Partners who are available as dynamics contacts or prospects and customers who are external?
  2. Which mechanism would make it easier for them to login?
  3. Do you have the required manpower and systems to manage any requests/ issues which may be reported?
  4. What is the information/ collaboration expected on the Portal?

While authentication is the gateway for a user to access the portal, the below 2 configurations are equally important to be set up for user access.

Basic set up for a Dynamics 365 Portal User

  1. Contact set up: In a portal application, an authenticated portal user is associated with either a Dynamics 365 Contact or System User. The default portals configuration is contact-based. The contact can be created
  2. Web Role: Portal users must be assigned to a web role to gain permissions beyond unauthenticated users.

Authentication

Portal users can sign in ether with authentication provided by Dynamics 365 contact membership provider or with an external account based on ASP.NET Identity.

Local authentication: Local authentication is the common forms-based authentication uses the contact records of a Dynamics 365 for Customer Engagement organization for authentication.

External authentication: External authentication is provided by the ASP.NET Identity API. In this case, account credentials and password management are handled by a third-party identity provider. This includes OpenID based providers such as Yahoo! and Google and OAuth 2.0 based providers such as Twitter, Facebook, and Microsoft. Users sign up to the portal by selecting an external identity to register with the portal. After it is registered, an external identity has access to the same features as a local account.

Options available

  1. Windows Authentication
  2. Windows Live ID Web Authentication
  3. Form Authentication
    • External (social provider) user sign-in through third-party identity providers
    • Open registration

The Dynamics 365 Portals login screens

Sign in by using a local identity or external identity

auto account setup

Sign up by using a local identity or external identity

register for new account

Redeem an invitation code manually

redeem-an-invitation

Dynamics 365 Portal Features

  1. Email address confirmation
    1. Authenticated users manage their user accounts through the Security navigation bar of the profile page. The profile page is also where the user is reminded to confirm their email address by requesting a confirmation email to be sent to their email account.
  2. Password recovery and Password reset
    1. Returning visitors who require a password reset (and have previously specified an email address on their user profile) can request a password reset token to be sent to their email account
  3. Redeem invitation
    1. Both local and external account registration can use invitation codes for sign up, as well as the email confirmation workflow. These invitations can be generated and sent out from Dynamics by permission users by email
    2. Redeeming an invitation code allows a registering visitor to be associated with an existing contact record that was prepared in advance specifically for that visitor.
    3. With open registration enabled, however, users are not required to provide an invitation code to complete the sign-up process.
  4. Two-factor authentication with email
    1. The two-factor authentication feature increases user account security by requiring proof of ownership of a confirmed email in addition to the standard local or external account sign-in.
    2. A user trying to sign in to an account that has two-factor authentication enabled is sent a security code to the confirmed email associated with their account. The security code must be submitted to complete the sign-in process
  5. User Lockout
    1. When a certain number of failed password attempts are detected in a short period of time, the user account is locked for a period of time. The user can try again after the lockout period elapses

Meanwhile, another interesting related information about the portal which supersedes authentication is that while the Dynamics 365 for Customer Engagement Portal is public when provisioned and accessible by anyone from any computer, now you can restrict access to your portal from a list of IP addresses.

For example, a government organization might want to surface their content only within their corporate network. A commercial organization might want to display the portal only when it is published and not while it is in development to avoid any data leak.

When a request to the portal is generated from any user, their IP address is evaluated against the allow list. If the IP address is not on the list, the portal displays a web page with an HTTP 403 status code!

Use Cases for Dynamics 365 Portals

Microsoft made a strategic move with the transition to the Dynamics 365 product by dividing the previous modules into standalone apps – Customer Engagement henceforth referred to as CE Apps 

Organizations, whether we are using one or even all the apps on CE, are constantly engaging with the customer, building the data in the App or sharing the output from it.

use cases dynamics 365

Documents and data for Customers go through different organizations from Marketing to Billing. Sales department create quotes, Accounts and Finance create and share Invoicing details or Customer Service Desk share statuses on Cases resolutions, and Project teams share Plans, Tasks, Milestone updates.  

All this Process Redundancy, Email Clutter and Dual Data Entry can be streamlined by sharing data directly with the end customers through the Microsoft CRM – Dynamics 365 Portal for the Customer Engagement and Custom applications.

The Dynamics 365 Portal is the tool to surface specific entities and records from within the Customer Engagement apps to enable processes with external collaborators and stakeholders like your customers and partners. 

On the Dynamics 365 Portal, the Organization can define the audience it wants to invite, define the data it wants to be exposed, define the Role of the User logging in and define the entire User Experience.

Also, read – Top 10 Reasons to Invest in a Dynamics 365 Portal 

Dynamics 365 Portals Use Cases

Customer service

Customer Service departments receive inbound calls and emails every day to request help. These interactions can often result in cases, incidents or trouble tickets that need to be resolved for the customer. In case of Organizations using CE Apps when cases are surfaced via a portal, users can create, update, add attachments or even comment on cases themselves, bypassing the need to Search/Speak directly with people in the organization, just use the inherent routing rules.

Exposing Knowledgebase articles helps deflect a lot of repetitive cases and prompts customers towards SelfServicing.  The Analytics on time spent, Entitlements remaining and consumed, Service related invoices are data points which can be made available on the Portal. An added dimension of Live Chat can be added for a more focused service.

Finance and Accounts

Invoicing is another common usecase for customers with Recurring or consumption-based billing. Work 365’s recurring invoices are automatically made available for customers to view and download from the self-service portal. Enabling integration to an ECommerce portal and a Payment Gateway can make the experience 360 degrees complete for the Customer.

Sales and Marketing

Partners and Sales Consultants can access Marketing collateralflyers, decks, etc. from CE Apps using secure access to the Portal 

They can add/ update the Accounts, Leads, Opportunities* and Contacts using the welldefined Dynamic Role Matrix. Working directly on the same CE application, the Sales Pipeline is always updated and information, correct. 

The Marketing department and New product team can use the Portal Dashboard to announce upcoming events and Product Launches to the Customer/ Partners. Customer can request new Products and services and schedule meetings with the Account Manager. 

Projects

Teams can Collaborate on projects not only for sharing Proposals, Kickoff decks, Scope documents, etc., but also to get approval on Time Spent, discuss and escalate Risks, surface Upcoming Tasks and share Invoices from the Portal 

As a closing note – The key to any successful engagement is delivering the right information to the right users at the right time. Since Portals are device-agnostic, Organization business operations can extend from the back (and front) office to the smartphones, tablets, and desktops of customers always available and always on!