Azure Active Directory B2C (Azure AD B2C) is an identity management service that enables secure access to applications by allowing users to log in with social or enterprise identities. When integrated with Power Pages, Azure AD B2C helps you create customer-facing websites with flexible authentication options such as Microsoft, Google, Facebook, and local accounts.
This detailed guide will walk you through the complete configuration process of Azure AD B2C login in Power Pages, including tenant setup, app registration, user flow configuration, portal setup, and best practices.
1. What is Azure AD B2C?
Azure AD B2C is a cloud identity service for external users. Unlike Azure AD, which is designed for organizational (internal) identities, B2C is built for customer identity access management (CIAM). It supports OpenID Connect, OAuth 2.0, and custom identity providers.
In Power Pages, Azure AD B2C enables:
- Sign-in using social accounts (Google, Facebook, LinkedIn).
- Local username/password accounts.
- Multi-Factor Authentication (MFA).
- Profile management and password reset.
2. Pre-requisites
Before starting, ensure you have:
- An Azure subscription
- Access to the Azure AD B2C tenant
- Permissions to register applications in the B2C tenant
- A Power Pages portal provisioned and ready
3. Step-by-Step Configuration
Step 1: Create or Link Azure AD B2C Tenant
- Sign in to Azure Portal.
- Search for Azure AD B2C in the search bar.
- Click Create a new Azure AD B2C tenant or link an existing one.
- After creating, click Switch to the B2C directory using the directory switcher in the top-right corner.
Step 2: Register Power Pages as an Application
- In the Azure AD B2C tenant, go to App registrations.
- Click + New registration.
- Enter the following:
- Name: e.g., PowerPagesAuthApp
- Supported account types: Accounts in this organizational directory only
- Redirect URI (web):
https://<yourportal>.powerappsportals.com/signin-aadb2c
- Click Register.
- After registration, copy the Application (client) ID and Directory (tenant) ID for later use.
Step 3: Generate Client Secret
- Open your registered app.
- Go to Certificates & secrets → + New client secret.
- Add a description and expiration period.
- Copy the Value of the generated secret – it’s needed later.
Step 4: Configure API Permissions
- Go to the app’s API permissions section.
- Add permissions:
- Microsoft Graph →
openid,email,profile,offline_access
- Microsoft Graph →
- Click Grant admin consent for the tenant.
Step 5: Create User Flows in B2C
- Go to User Flows in the Azure AD B2C blade.
- Create flows for:
- Sign-up and sign-in (recommended to combine)
- Password reset
- Profile editing (optional)
- For each flow:
- Set identity providers (local or social)
- Set user attributes to collect (e.g., email, display name)
Copy the user flow name for later reference.
Step 6: Add Identity Providers (Optional)
To enable Google, Facebook, or other social logins:
- Go to Identity Providers in B2C.
- Choose your provider (e.g., Google).
- Register an app with that provider to get Client ID and Secret.
- Fill these values into the B2C setup.
- Add the provider to the desired user flow.
Step 7: Configure Power Pages with Azure AD B2C
Now, integrate the B2C setup into your Power Pages portal.
Option 1: Use Design Studio
- Open your Power Pages portal.
- Navigate to Set up → Identity providers.
- Click Add identity provider → Choose Azure AD B2C.
- Enter the required information:
- Name: AzureADB2C
- Authority:
https://<your-tenant-name>.b2clogin.com/<tenant-id>/<user-flow-name>/v2.0 - Client ID: From the B2C App
- Client Secret: Created in Step 3
- Redirect URI:
https://<yourportal>.powerappsportals.com/signin-aadb2c - Response type:
code - Scopes:
openid profile email
- Save and publish.
Option 2: Use Portal Management App
- Go to Portal Management App (via Power Apps).
- Navigate to Identity Providers.
- Create a new provider with:
- Type:
OpenIdConnect - Name:
AzureADB2C - Authority: Same as above
- Client ID / Secret / Redirect URI
- Login Button Label:
Login with B2C - External Login Policy: user flow name
- Type:
- Save and restart the portal.
Step 8: Test the Login Experience
- Open your Power Pages portal.
- Click Sign In.
- You should see a “Login with B2C” option.
- Click and it will redirect you to the B2C login page.
- Authenticate using a local or social account.
- If successful, you’re redirected back to the portal.
4. Managing Users in Power Pages
- When a new user logs in, a Contact is created in Dataverse.
- Assign Web Roles to users for access control.
- You can automate role assignment using Power Automate based on email domain or other attributes.
5. Best Practices
- Enable CAPTCHA and Multi-Factor Authentication (MFA) in B2C flows.
- Use custom branding in B2C login pages to match your website.
- Restrict access by Web Roles in Power Pages.
- Ensure that all user attributes needed in Dataverse (like name and email) are included in the B2C user flow.
- Regularly rotate the client secret.
6. Troubleshooting
| Issue | Solution |
|---|---|
| Redirect URI mismatch | Double-check the redirect URI in Azure and Power Pages |
| Login button not visible | Ensure Identity Provider is enabled in Site Settings |
| Claims missing | Add missing attributes in the user flow |
| Users not created in Dataverse | Check if the claims include email and sub |
| Error: AADB2C90047 | Likely a configuration error in user flow or authority URL |