Power Pages supports authentication using Microsoft Entra ID (previously called Azure AD), enabling secure access for both internal (organization) and external users. This is crucial for building secure, role-based portals for employees, partners, and clients.
This guide breaks down the setup and usage of Microsoft Entra ID in Power Pages, step by step, including key components, configuration, use cases, and security best practices.
What is Microsoft Entra ID?
Microsoft Entra ID is Microsoft’s cloud-based identity and access management (IAM) service. It is a central part of Microsoft’s Entra product family and provides:
- Authentication (login) for applications like Power Pages, Microsoft 365, and Azure.
- Authorization and access control using roles and group assignments.
- User management, including B2B (guest) and B2C (customer) users.
When used in Power Pages, Entra ID enables organizations to authenticate users seamlessly, enforce access control, and build secure experiences for different audiences.
Why Use Microsoft Entra ID in Power Pages?
Benefits include:
- Single sign-on (SSO) across Microsoft services
- Enterprise-grade security with MFA, conditional access
- Seamless access for internal employees
- Support for B2B guest users
- Role-based access control through security groups
- Audit logs and compliance features
Types of Entra ID Integration in Power Pages
| Integration Type | Use Case | Authentication Scope |
|---|---|---|
| Entra ID (Azure AD) | Internal employees | Organizational directory |
| Entra ID B2B | Partners/contractors | External guest accounts in your tenant |
| Entra ID B2C | Public-facing portals | Supports Google, Facebook, etc. (More customizable UI) |
Prerequisites
- Access to Power Platform Admin Center
- Access to Microsoft Entra Admin Center (https://entra.microsoft.com)
- Appropriate privileges to register applications and configure authentication
- Power Pages site created
Step-by-Step: Configuring Microsoft Entra ID in Power Pages
Step 1: Register an App in Microsoft Entra ID
- Go to https://entra.microsoft.com
- Navigate to “App registrations”
- Click “New registration”
- Enter a name (e.g., PowerPagesPortal)
- Set the Redirect URI to: arduinoCopyEdit
https://<yoursite>.powerappsportals.com/signin-aad - Click Register
Step 2: Configure App Permissions
- Open the registered app
- Go to Authentication
- Enable ID tokens (for OpenID Connect)
- Ensure redirect URI is correct
- Go to API permissions
- Add permission: Microsoft Graph > User.Read
- Grant admin consent
Step 3: Create Identity Provider in Power Pages
- Open Power Pages > Design Studio
- Go to Set Up > Identity Providers
- Choose Microsoft Entra ID
- Fill in details:
- Client ID: from app registration
- Client Secret: create under “Certificates & secrets”
- Issuer: bashCopyEdit
https://login.microsoftonline.com/<tenant-id>/v2.0 - Redirect URL: same as earlier step
- Save configuration
Step 4: Test Login
- Visit your Power Pages site
- Click on Sign In
- Choose Microsoft Entra ID
- Login with an organizational or guest user account
Controlling Access with Web Roles
Once users authenticate via Entra ID, you can assign them Web Roles in Power Pages for access control.
Steps:
- Go to Portal Management App
- Navigate to Contacts
- Find the authenticated user (created automatically after first login)
- Assign one or more Web Roles (e.g., Authenticated Users, Administrators)
- Use Page Permissions to show/hide content based on these roles
Security Best Practices
- Enable Multi-Factor Authentication (MFA) in Entra
- Use Conditional Access to restrict IP/location
- Use custom roles and groups to streamline access
- Keep client secrets secure and rotate periodically
- Review audit logs and monitor suspicious login attempts
Advanced Configurations
1. Using Microsoft Entra B2B for Partners
- Invite external users via Entra ID > Users > New Guest User
- They sign in using their own Microsoft or Gmail accounts
- Enforce terms of use or restricted access through Conditional Access
2. Role-Based Access Using Entra Groups
- Create security groups in Entra
- Assign users to groups
- Link Entra group membership to Dataverse table permissions via plugin or Power Automate
Troubleshooting Tips
| Issue | Solution |
|---|---|
| Redirect URI mismatch | Ensure exact match in Entra App Registration |
| Login loop or error | Check Issuer URL and Token type (OpenID) |
| User not created in portal | Enable user creation and ensure correct claims mapping |
| No access after login | Assign correct Web Roles in Portal Management |
Real-World Use Cases
- Employee Intranet Portal
- Authenticate via Entra ID
- Role-based access to HR policies, payroll data, internal news
- Vendor Portal
- Invite vendors as guest users (B2B)
- Share project files, invoices, and forms securely
- University Admin Portal
- Use Entra for staff and B2C for students
- Secure forms, grade submissions, and academic data