Sharing permissions for external users in a Power Apps canvas app?

 Sharing permissions for external users in a Power Apps canvas app involves several steps to ensure that external users can access the app securely. This typically involves sharing the app itself and ensuring that the external users have the necessary permissions to access any underlying data sources. Here are the steps to achieve this:

Step 1: Share the App

1. Go to Power Apps: Open the Power Apps portal (https://make.powerapps.com).
2. Select the App: Navigate to the app you want to share.
3. Click on Share: In the app details, click on the "Share" button.
4. Add External Users: In the sharing panel, add the email addresses of the external users. Make sure the email addresses are part of an Azure Active Directory (Azure AD) tenant or Microsoft account (such as @outlook.com or @hotmail.com).

Step 2: Grant Permissions to Data Sources

Ensure that external users have access to the data sources used by your app. This typically includes:

1. SharePoint:

   • Grant Access to SharePoint Lists/Libraries: Go to the SharePoint site and grant permissions to the external users for the specific lists or libraries.
   • External Sharing Settings: Ensure that the SharePoint site is configured to allow external sharing. You might need to check with your SharePoint administrator if this setting is enabled.

2. Dataverse (formerly Common Data Service):

   • Add Users to Dataverse: Go to the Power Platform admin center, and navigate to the environment where your app is hosted. Under "Users + permissions", add the external users.
   • Assign Security Roles: Assign appropriate security roles to the external users so they have access to the necessary entities in Dataverse.

3. Other Data Sources:

   • Ensure that external users have access to any other data sources used in the app, such as SQL Server, OneDrive, etc. This might involve granting permissions directly within those services.

Step 3: Configure Conditional Access (Optional)

For additional security, you might want to configure conditional access policies:

1. Azure AD Conditional Access:
   • In the Azure portal, go to Azure Active Directory > Security > Conditional Access.
   • Create policies to control how and when external users can access your Power Apps app and data.

Step 4: Test the Access

1. Test as External User: Before going live, test the access as an external user to ensure everything works correctly.
2. Troubleshoot Issues: If external users face issues, check permissions and access configurations both in Power Apps and in the underlying data sources.

Important Considerations

• Licensing: Ensure that external users have the appropriate Power Apps licenses to access the app. This might require a Power Apps per app plan or per user plan.
• Data Security: Be cautious about sharing sensitive data and ensure that the permissions granted align with your organization's data security policies.
• User Experience: Provide external users with clear instructions on how to access and use the app.

Example: Sharing a Canvas App with External Users

1. Navigate to the App:

   • Open the Power Apps portal and go to the app you want to share.

2. Share the App:

   • Click on the app to open its details.
   • Click the "Share" button.
   • In the sharing panel, add the external user’s email (e.g., user@externaldomain.com).

3. Grant Access to SharePoint Data Source:

   • Go to the SharePoint list or library used in the app.
   • Click on "Settings" (gear icon) > "Site permissions".
   • Click "Invite people" and add the external user's email.
   • Assign the necessary permission level (e.g., "Contribute" or "Read").

By following these steps, you can securely share a Power Apps canvas app with external users, ensuring they have the necessary access to both the app and its data sources.