In this blog, I’ll show you how to control which objects users can see in your Power Apps by using MS Entra ID (formerly Azure AD) Security Groups. This approach lets only authorized users view certain objects like galleries and buttons, and you won’t have to hardcode email addresses.
I’ll walk you through connecting to Entra ID, checking group membership, and setting up visibility rules in your app. This keeps your apps secure, scalable, and easy to manage.
The steps are quite simple:
Step 1. Create an MS Entra Security Group
Go to your MS Entra ID directory, Manage – Groups, and choose New group. Type a Group name, add the group members, and click the Create button.
Step 2. Create a new Power App and set up the MS Entra ID Connector
On the left blade, choose Data, then search for “Entra” and select Microsoft Entra ID.
Tap on the Connect button.
On the confirmation form, choose to Allow access.
Step 3. Add code to the OnStart property on your Power App
On the OnStart property of the Power App, add the code below. The code accepts the user’s email as a variable and checks if the user is a member of the security group. If it is, then the variable “varISGroupUser” is true; otherwise, it is false.
// Get user email
Set(varUserEmail, User().Email);
// Check if the user is a member of the group
Set(
varIsGroupUser,
!IsBlank(
MicrosoftEntraID.CheckMemberGroupsV2(
varUserEmail,
["09bb430d-4c33-461a-82b5-a974d2ff84fe"]
)
)
)
Step 4. Show a gallery only if the user is a member of the group
Add a gallery object to the Power App screen, and set its Visible property using the following code. The gallery will be displayed if the variable “varIsGroupUser” is true.
varIsGroupUser