Power Pages: Identity and Access

Introduction to Identity in Power Pages

Power Pages is the Microsoft Power Platform technology that enables the creation of external-facing web portals. These portals provide secure access to data stored in Microsoft Dataverse, ensuring a consistent and personalized experience for users.

Managing identity and access is a critical aspect of every Power Pages portal. Through integration with Azure Active Directory (AAD) and Azure Active Directory B2C, it is possible to authenticate internal and external users, offering multiple login options including social providers such as Google, LinkedIn, Facebook, and Microsoft.

Local and External Authentication

Power Pages supports two main authentication modes for portal users:

• Local authentication: credentials (username and password) are stored in the Dataverse Contact table. This is the default authentication method for new portals and requires no additional configuration.
• External authentication: the user’s identity is verified by an external provider, such as Azure AD B2C or a social provider. In this case, credentials are not stored locally, enhancing security and compliance.

Each authenticated user must have an associated record in the Contact table in Dataverse. This relationship allows managing roles, permissions, and access to portal resources.

Configurable Authentication Providers

Within the Power Pages configuration area, one or more authentication providers can be enabled and customized simultaneously. The most common include:

• Local sign-in: internal authentication with credentials stored in Dataverse.
• Azure Active Directory: allows organizational users to access using corporate AAD credentials.
• Azure Active Directory B2C: offers federation with external authentication providers.
• Social providers: Google, Facebook, LinkedIn, Twitter, and Microsoft Accounts.

This flexibility enables customized login experiences for customers, partners, or citizens while maintaining a high level of security.

Azure AD and Azure AD B2C

Azure Active Directory is Microsoft’s identity and directory management service that underpins all Microsoft cloud services. Every user accessing Power Platform or Microsoft 365 has an AAD identity. For Power Pages portals, Azure AD allows internal user authentication, while Azure AD B2C manages external identities such as customers or citizens.

Azure AD B2C enables flexible access policies, social login integration, and login page customization. It is frequently used for public Power Pages portals where secure self-service access is required for external users.

More details are available in the official Microsoft Azure AD B2C documentation.

Registration, Invitations, and Security

Power Pages offers two main registration modes:

• Open registration: anyone can register, automatically creating a record in the Dataverse Contact table.
• Invitation-based registration: only pre-existing contacts in Dataverse can receive an email invitation to access the portal. This method prevents duplicate records and provides greater control.

Additionally, IP-based restrictions can be configured to limit portal access to specific regions or enterprise networks, enhancing security.

Access Management through Dataverse

All users authenticated through Power Pages are mapped in the Dataverse Contact table. This enables access control through Web Roles and Table Permissions, precisely defining which data and features each user can view or edit.

Access rules can be role-based, record-based, or relationship-based, allowing complete control over permissions within the portal and ensuring every user sees only the relevant data.

Access Flow Diagram

The following diagram illustrates a typical authentication flow in a Power Pages portal integrated with Azure AD B2C: