What is External User Management in Power Pages?
External User Management refers to how you control access, authentication, and identity of users outside your organization (i.e., non-licensed users) in a Power Pages (formerly Power Apps Portal) environment.
These users can:
- Register themselves (self-service)
- Be invited by an admin
- Be authenticated via identity providers (Azure AD B2C, LinkedIn, Google, etc.)
- Interact with your portal securely without having a Microsoft 365 license
Why Is It Important?
External user management is essential when:
- You’re building a public-facing portal
- You’re working with partners, vendors, customers, or community members
- You need to securely share data and services with non-employees
Core Concepts in External User Management
| Component | Description |
|---|---|
| Contact Record | Each external user maps to a Contact in Dataverse |
| Web Roles | Define what external users can see or do |
| Authentication Providers | Methods users can use to log in |
| Invitations/Self-Registration | How users are added to the portal |
| Identity Providers (IDPs) | Azure AD B2C, Microsoft, Google, LinkedIn, etc. |
1. User Identity and Contact Relationship
- In Power Pages, each authenticated user is backed by a Contact record in Dataverse.
- A contact holds personal data, preferences, and permissions.
- This allows you to build CRM-like experiences and link to Dataverse tables like Cases, Orders, Invoices, etc.
Internal users are mapped to “System Users” while external users are mapped to Contacts.
2. Authentication Options for External Users
Power Pages supports various authentication methods for external users:
Out-of-the-box Providers:
- Azure AD B2C (recommended for full control over UI and policies)
- Azure AD (non-B2C) for business partners
- Social logins like:
- Microsoft
These are configured via:
- Portal Management App (under Site Settings and Authentication Providers)
- Azure portal (for Azure AD B2C or other IDPs)
3. Self-Registration vs. Invitation
🛂 Self-Registration
- Enabled via Authentication/Registration settings.
- User fills out a form and gets a new Contact record created.
- Assign Web Roles dynamically or via workflow.
- Optional email verification.
Invitation-Based Access
- Admin sends an invitation email via Power Pages or Power Automate.
- Includes a secure registration or login link.
- Ideal for restricted access or partner collaboration.
4. Configuring External User Management
Step-by-step Setup
a. Enable Authentication
- Open Portal Management App
- Under Site Settings, configure:
Authentication/Registration/Enabled=trueAuthentication/Registration/RequiresConfirmation=true(optional email verification)- Configure login and logout redirect URLs
b. Configure Identity Providers
- For Azure AD B2C, create a tenant and configure:
- App registrations
- User flows (sign-up, sign-in, password reset)
- Add them to Portal > Authentication Settings
c. Manage Contact Records
- Each login creates or matches a Contact
- Admins can:
- Assign Web Roles
- Link contacts to other tables (Accounts, Cases, etc.)
- Control access via Table Permissions
d. Assign Web Roles Automatically (Optional)
Use Power Automate or Dataverse Plugin to assign roles like:
If (Contact.Email contains @partner.com) => Assign 'Partner Web Role'
5. Securing External User Access
Key Security Features:
- Web Roles & Table Permissions – control data access
- Authentication tokens – secure sign-in experience
- Session timeout – auto-logout on inactivity
- CAPTCHA and Form Security – prevent bot submissions
- Audit Logging – track user activities via Dataverse Audit
6. Use Cases of External Users
| Use Case | Description |
|---|---|
| Customer Portals | Allow customers to raise and track support tickets |
| Partner Portals | Share documents, project details with vendors |
| Event Registration | External users sign up and manage event participation |
| Job Portals | Candidates register and apply for jobs |
| Public Knowledge Base | Guests read content; login to comment or ask |
7. Tracking and Managing External Users
You can view and manage users via:
- Dataverse Contact Table
- Web Roles and Portal User table
- Audit logs
- Custom dashboards or Power BI reports
Use filters like:
- Contact status (Active/Inactive)
- Last login date
- Number of sessions
- Associated Web Roles
8. Best Practices for External User Management
| Practice | Why it’s Important |
|---|---|
| Use Azure AD B2C | Better branding, policies, scalability |
| Keep email confirmation enabled | Prevent spam accounts |
| Use Power Automate for workflows | Auto-role assignment, notifications |
| Regularly audit inactive users | Clean up old accounts |
| Protect forms with CAPTCHA | Prevent bots or abuse |
| Create custom dashboards | Track active users and access patterns |
Final Thoughts
External User Management in Power Pages is highly customizable and secure, ideal for building public or partner-facing applications. By leveraging Contact-based architecture, identity providers, and web roles, organizations can:
- Extend their apps to non-licensed users
- Maintain tight access control
- Create rich, personalized experiences for external audiences
With Power Pages and proper external user management, you can serve customers, partners, and vendors efficiently—without compromising on security or usability.