Collaborating with External Parties in Dynamics 365 and PowerApps

Microsoft Dynamics 365 is jam packed with state-of-the-art CRM features leveraging AI, machine learning and augmented reality. However, with Microsoft PowerApps you can extend the functionality of Dynamics 365 even further, by developing custom mobile or web-based applications that connect with data and processes within Dynamics 365.

For example, using PowerApps you could develop an application to schedule technicians for appointments and automatically update their availability in Dynamics 365. To access these applications in PowerApps, users need to sign-in through the Office 365 portal.

So what happens when you want to collaborate with external parties?

Let’s say you want to give access to a contractor or partner organisation to PowerApps, but you don’t want to create an internal user. By default, with both Dynamics 365 Online and PowerApps, you need to have an account created for you in Office 365 Admin Portal, or have one created through federation with Active Directory (AD).

However, through use of Azure Active Directory (Azure AD) business-to-business (B2B) collaboration, you can allow external parties to collaborate with your solution without the need for creating them a user account in AD.


In order to be able to do this, you will require the following:

  • Your Dynamics 365 instance set up with a related Security Group
  • A security role (or roles) set up with the access you want your guest users to have
  • Spare licenses with the appropriate level of access for those users

How to give access to external Office 365 users

To give access to an external Office 365 user, complete the follow steps:

1. Open the Azure portal via portal.azure.com

2. Navigate to Azure Active Directory via the left-hand navigation pane

3. Navigate to Users in the blade that pops out

4. Click New Guest User

Giving access to external Office 365 users on PowerApps

5. Type in the email address of the Office 365 user you want to invite. This can be a *.onmicrosoft.com address, or a federated user name, which uses their company domain.

Invite user

New Guest User on Office 365

6. The invited user will get an email inviting them to register.


Azure Active Directory Invitation

7. Meanwhile, there are some other steps that need to be performed in order to allow this guest user to be able to access Dynamics 365. First of all, we need to edit the properties of the guest user. You can do this by clicking the name of the guest user and then clicking Profile. Once the below screen appears, click Edit.

Edit guest user properties

Edit User Profile8. On the edit screen, enter the user’s first name and last name. You will also need to update the usage location, or else you will not be able to assign the user a license. Click Save and you should get a message in the top right side of the screen saying the save was successful.

9. Next step is to add the user to the Group that has been set up as the Security Group of the Dynamics 365 instance. Do this by clicking Groups in the left hand pane. Then click add and select the group, in my case the group is named “CRM Users”.

Add user to group

Add user to group

10. Once this is done, you can assign a license to the user. This is usually done in the Office 365 Admin Portal, but for an external user we use the Azure Portal as we have done for the rest of this process. You can do this by clicking Licenses in the left-hand pane.

Assign license

Assign a license to the user.

11. Click the Assign button, and on the next screen select the license via the Products selector. You don’t need to select an Assignment option. Click Select, then Assign.

Select license

12. All being well, the Dynamics 365 license should now be displayed as assigned to the user. Sometimes this process fails if the user’s profile has only been edited recently, if this happens wait a while and try again.

13. Once the above has been completed, the prerequisites have been met for Dynamics 365 to bring in this user as a Dynamics 365 user. Wait a while and it should appear via Settings -> Security -> Users. The user should have the details you entered in the user profile in Azure.

View Enabled Users

User Profile setup in Azure

14. You can now use your usual process to assign a Security Role to the User.

What the Office 365 User sees

1. Once the above has been completed successfully, the guest user should be able to access Dynamics 365, but first they will need to complete the invitation they received by email. Clicking this link will result in either an Office 365 login screen, or their company’s federated login screen. Once they login, they will see the following.

Office 365 login screen

Office 365 Login Screen

2. Once they click Accept, they will see the below PowerApps screen.

Power Apps Screen

3. Now they should be able to access the Dynamics 365 instance by its usual URL.

Dynamics 365 Instance


How to give access to external Gmail users

If the external party doesn’t use Office 365, they can still be registered as an external user via Gmail. However, there is an additional set of steps to activate Gmail as an authorised authentication provider.

1. To be able to do this, you will need a Gmail account that has access to the Gmail developer console. You can access this via https://console.developers.google.com/

2. Within the console, first you need to create a new project. You can do this by dropping down the menu next to your current project name, and clicking New Project (top left).

Add new project in Gmail developer console

Giving access to external Gmail users in PowerApps

3. On the next screen, give the project a name and leave the location as the default.

Create a new project

Project name and location

4. You should then be able to select your new project via the selector that you clicked to create the new project. Once selected, click the credentials area via the left hand nav bar, and then the “OAuth consent screen” tab.

OAuth concent screen

Google API

5. On the screen displayed above, enter an application name and enter microsoftonline.com as the Authorized Domain. You will need to press enter after typing in the domain name. Click Save.

Enter application name

Azure AD B2B

6. Then, via the Credentials tab, click the Create Credentials selector and select OAuth client ID.

Create credentials

API Credentials

7. On the next select Web application. This will cause an extra section to appear, and under Authorized redirect URIs, enter the following.

  1.  https://login.microsoftonline.com
  2.  https://login.microsoftonline.com/te/{AZUREADID}/oauth2/authresp
    NOTE: the {AZUREADID} must be replaced with your Azure AD Directory ID. This can be retrieved by going back to the Azure portal, and navigating to Azure Active Directory -> Properties. From there click the copy button next to Directory ID

Azure Active Directory

Authorized redirect URIs

Authorized redirect URL’s

Authorized redirect URIs

8. Once this is done, you will see a screen showing the client ID and client secret for the registration. Copy both of these into a text file.

Client ID

Copy to text file

9. Back in the Azure portal, go back to Azure Active Directory and select Organizational Relationships. Under Identity Providers, click the Google button.

10. On the next screen, enter the client ID and secret.

Google Identity Provider

11. Now, you should be able to invite Google users like you did for an Office 365 user!

What the Google User sees

Once the Google user has completed the invitation email, when they login to Dynamics 365 they will need to enter their Gmail email address. Their browser will then redirect to Google to login, in a similar manner as when a federated AD user tries to login to Dynamics 365. If they are set up to use Google’s 2-step verification, they should receive that prompt also.

Google sign-in screen

What a Google User sees

Once logged in, they should receive the familiar Dynamics 365 screen.

Giving Access to PowerApps

The process to PowerApps is the same, as long as the App has been assigned to their security role. This can be done via the MyApps screen in Dynamics 365, which is available in PowerApps by clicking the Share button which appears next to your app.

Sharing from PowerApps

My Apps Screen

All you need to do is then give them the URL of the app, which is available via the same share screen.

Sharing PowerApps URL

I hope you found this article useful and it has helped you understand how to collaborate with external parties using Dynamics 365 and PowerApps.

Want to learn more about Dynamics 365?

If you are facing challenges like this or would like to learn more about Dynamics 365 follow me on LinkedIn or contact our team of Dynamics 365 Specialists at Data#3.

Tags: Active Directory, Azure B2B, Collaboration, Customer Relationship Management (CRM), Microsoft, Microsoft 365, Microsoft Azure, Microsoft Azure Active Directory, Microsoft Dynamics, Microsoft Dynamics 365



Building a business case for application modernisation and innovation blog title card
Building a Business Case for Application Modernisation and Innovation

Application modernisation can be a daunting topic. Just thinking about making changes to the way your applications operate within your…

Understanding the cloud shared responsibility model title card
Understanding the Cloud Shared Responsibility Model

When it comes to cloud computing, businesses often see migration as simply a way to offset or move infrastructure to…

The importance of investing in digital infrastructure SQL 2012 End-of-Life Title Card
The Importance of Investing in Digital Infrastructure

Shifting your IT infrastructure to the cloud can seem daunting, especially as technology continues to rapidly change and develop in…

HPE Storage eBook
How HPE brings the cloud experience to your storage and data

When you consider that 90% of all data was generated in the last 2 years, and is…

HPE Storage
Intent-based provisioning | Think and it shall be done

Intent is an interesting thing. It’s a determination to do something, have something actioned or achieve a result, but it’s…

Tip Sheet Image Card
Top 3 myths about cloud and SaaS data backup

It’s a common misconception that cloud and SaaS data doesn’t need to have a backup. However, just because data…

AIC Case Study
Customer Story: Australian Islamic College

Australian Islamic College transforms teaching, learning and IT management outcomes with Microsoft 365 Download Customer Story…

Integria Case Study
Integria Healthcare blooms after modernising its digital landscape

Source Publication: Microsoft News Center (Click to view on source website) For more than 70 years, Integria Healthcare (Integria)…