Creating Users With a Power App (part 3)

Well, crew our long tedious Power Apps journey is done. We did it! I have a feature-complete Power App that will allow non-technical, non-IT colleagues to create new users and assign them to groups. Version 1 could not get it done, thanks to the limitations in Microsoft’s built-in connectors for Power Apps (see part 1), so I showed you how to create custom (aka premium, expensive) connectors to Graph API in part 2, which provided me with all the Azure AD attributes needed.

Demo

Let’s look at the app and talk about some of the features. First, the app offers the ability to use an existing user as a template user, by calling up that template’s users groups and Azure AD attributes, then the end-user can edit the fields to their liking and click “Create.”

An animated GIF demonstrating the Power App for creating a user from another "template" user
I had to create the form by hand as “forms” in Power Apps don’t support collections as a data-source 😓

Note the sexy error checking on the required fields. The app checks that NO email addresses in the entire tenant are duplicated and it of course confirms that the addresses are in a valid format and using the available tenant domain names. Furthermore, a complex password is generated automatically and set to “require reset.” The app’s end-user can also check the groups to which the new user should be assigned based on the template user’s current groups.

But did it work?

An animated GIF demonstrating that, yes, the user in the previous GIF was created successfully.
Here you can see that ole Johnny Helpdesk was created successfully with all his attributes and mail addresses

The other option for creating new users is to start with a blank form and fill in everything from scratch. Here is how that looks:

An animated GIF demonstrating how one can create a user from a completely blank form.

In this example the end-user has started with a blank form and only must fill in the required fields before the user can be created. A list of ALL groups in the tenant is provided on the left, to which the new user can be assigned.

Download

Here is a link to an exported version of the app in ZIP format including the necessary connectors. Until you create the custom connectors, I believe that an import will fail, but feel free to reach out to me via the contact form if I can help. Here is the import guide from the Microsoft docs.

Limitations (They’re Features; not Bugs)

Well, it ain’t perfect. There are definitely potential improvements that I can think of, but I am too lazy to implement for fun-sies, and there are some limitations imposed by Power Apps and Microsoft Graph.

  • The app does not validate the inputted, new mail addresses against ALL email addresses in Exchange Online, such as distribution groups and mail-enabled security groups, as these are not available from Microsoft Graph out-of-the-box.
  • The acceptable domain names for the mail address validation are hard-coded into the Power Apps. It would certainly be possible to check this dynamically, but I am lazy and honestly, how often do add a new mail domain to your tenant?
  • When the end-user clicks “Create” the app creates the user in Azure AD of course, but then has to wait until that user is “available” to be added to groups in the second step. I accomplish this wait via a 45 second hidden time, but 45 seconds is a long while to wait. There is surely a solution where there are multiple timers counting down in increments of 15, but again, I am lazy. Also the fact that there is no “while” or “wait” command in Power Apps… oofff.
  • I had to cheat on the businessPhones (Office Phone) and otherMails (Secondary Mail) fields. If the end-user leaves the fields blank, I had to submit a blank Unicode character as Graph API will not allow blank entries here, as these are arrays in Azure AD. I am sure there is a better method, but again, I am lazy.
  • Speaking of these two arrays in Azure AD, a cool future feature would be to turn the text fields into combo box where the end-user could add multiple “otherMails,” because new users can have several SMTPProxyAddresses.
  • The “template user” creation method should have an option to add other, non-template groups for the new user.
  • Finally, there is no license administration in the app. That would be a nice feature for a third screen, or you can just use dynamic groups in Azure AD for license assignment, which you should be doing anyway.

Conclusion

Well, I hope this helps someone. It was 2+ weeks of work for me, but I learned a lot about Power Apps in the process. Unfortunately, due to the fact that premium licenses are required for the custom connectors, I do not believe that Power Apps is the way to go for this type of process. It is always nice to offload a bit of the busy work from IT staff to non-technical colleagues, where one can, but the premium Power Apps licenses would be a hard sell.

Leave a Reply

Your email address will not be published. Required fields are marked *