web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

Welcome to the Power Platform Communities
🚀 Season of Sharing Community Challenge Launch!
Ask A Community Pro - Series II
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Apps / Can Canvas Apps authen...
Power Apps
Answered

Can Canvas Apps authenticate users from On-Prem AD (via ADFS)?

(2) ShareShare
ReportReport
Posted on by ___Pool___ 83
I have the following scenario:
 
- Users are stored in an on-prem Active Directory
- Identities are synchronized to Azure Entra ID (via AAD Connect / federation)
- We are building a Power Apps Canvas App (mobile)
 
Requirement:
Users should authenticate using their corporate on-prem credentials.
 
Question:
Is it possible for a Canvas App to authenticate users directly against on-prem AD (e.g., via ADFS or similar),
or is Azure Entra ID always the required identity provider?
 
If not directly possible:
What is the recommended architecture to support on-prem identity while using Canvas Apps?
Categories:
Building Power Apps
I have the same question (0)
  • Suggested answer
    Valantis Profile Picture
    Valantis 6,184 on at
     
    Canvas Apps always authenticate through Entra ID there's no direct on-prem AD or ADFS authentication path. Entra ID is the required identity provider.

    However, your scenario is already solved by the setup you described. Since your on-prem AD identities are synchronized to Entra ID via AAD Connect, users authenticate with their corporate credentials through Entra ID which federates back to your on-prem ADFS. From the user's perspective they enter their domain credentials as usual Entra ID handles the federation transparently.

    This is the standard and recommended hybrid identity architecture for Canvas Apps with on-prem AD:

    User logs in with domain credentials → Entra ID → ADFS federation → on-prem AD validates credentials → token issued back to Canvas App

    As long as AAD Connect is correctly configured with password hash sync or pass-through authentication (or ADFS federation), users will authenticate with their on-prem credentials without any additional changes needed in the Canvas App itself.

    If users are on mobile and not on the corporate network, make sure your ADFS endpoints are published externally (via WAP/AD FS proxy) or consider using pass-through authentication instead which doesn't require external ADFS exposure.
     

     

    Best regards,

    Valantis

     

    ✅ If this helped solve your issue, please Accept as Solution so others can find it quickly.

    ❤️ If it didn’t fully solve it but was still useful, please click “Yes” on “Was this reply helpful?” or leave a Like :).

    🏷️ For follow-ups  @Valantis.

    📝 https://valantisond365.com/

    💼 LinkedIn

    ▶️ YouTube

     
  • Suggested answer
    11manish Profile Picture
    11manish 2,730 on at
    A Canvas App cannot authenticate directly against on-premises Active Directory. Microsoft Entra ID is always the authentication provider for Power Apps.
     
    If users have on-prem AD accounts, the supported approach is to synchronize or federate those identities to Entra ID using Password Hash Synchronization,
     
    Pass-Through Authentication, or ADFS. Users can continue using their corporate credentials, but authentication to the Canvas App ultimately occurs through
     
    Entra ID.
  • ___Pool___ Profile Picture
    ___Pool___ 83 on at
    Thanks for the answers, I still have a doubt:
     
    Our users are used to logging in with the legacy format domain\username, is there a way to let this format supported for Canvas App log in?
     
    Or should we enforce UPN (username@domain.com) as the standard login format?
  • Verified answer
    Valantis Profile Picture
    Valantis 6,184 on at
     
    Canvas Apps authenticate through Entra ID which requires UPN format (username@domain.com). The legacy domain\username format is not supported for Entra ID sign-in.

    You'll need to enforce UPN as the standard login format for Canvas App users.

    The good news: if your AAD Connect sync is correctly configured, users' on-prem domain\username credentials map to their Entra ID UPN. Their password stays the same only the format they type changes.

    For users resistant to the change, you can configure Entra ID to allow users to sign in with their on-prem SAM account name as an alternative login ID (using the AlternativeLoginID feature in AAD Connect). This lets users type their on-prem username format and Entra ID resolves it to the UPN. However this requires specific AAD Connect configuration and has some limitations.
     

     

    Best regards,

    Valantis

     

    ✅ If this helped solve your issue, please Accept as Solution so others can find it quickly.

    ❤️ If it didn’t fully solve it but was still useful, please click “Yes” on “Was this reply helpful?” or leave a Like :).

    🏷️ For follow-ups  @Valantis.

    📝 https://valantisond365.com/

    💼 LinkedIn

    ▶️ YouTube

  • Suggested answer
    stampcoin Profile Picture
    stampcoin 5,162 Super User 2026 Season 1 on at
    Since you already have Identities are synchronized to Azure Entra ID, just prepare the account on-prem Active Directory:
    1.  Make sure users have UPN.
    2.  Make sure user account logon name is part of UPN.
    3.  Keep domain\username (User logon name  (pre-Windows 2000)).
    for example, John.Doe@company.local, his logon name on-prem ad  might be John or jde.
    so:
    1. UPN= John.Doe@company.local
    2. Logon name = John.Doe ( for example, logon a computer).
    3. His classic account : company\john or company\jde.
    then ,he can logon a domain joined computer with account company\john or account John.Doe
     
    You can then try to install power app( MS Store) for testing your app via a domain joined PC.
    good luck.
     
     

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities
🚀 Season of Sharing Community Challenge Launch!
Ask A Community Pro - Series II

Quick Links

Season of Sharing Community Challenge Launch!

Jump in, show your community spirit, and win prizes!

Kudos to our 2025 Community Spotlight Honorees

Expanding mentorship, skilling, and AI innovation

Congratulations to the May Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Apps

#1
Valantis Profile Picture

Valantis 404

#2
timl Profile Picture

timl 344 Super User 2026 Season 1

#3
WarrenBelz Profile Picture

WarrenBelz 320 Most Valuable Professional

Last 30 days Overall leaderboard

Featured topics

Auto-Populate field Power Pages
Gallery Tabs - Show or Hide Tabs based on Field Value
How to patch multiple records at once
Enable Copilot for end users in model-driven apps
Question for everyone : How are you using Create Text GPT in AI Builder?
Community content - sample components, blogs etc. - Link to this page (http://aka.ms/PCFdemos)
Welcome to the Power Apps forum!

Product updates

Microsoft Power Platform Community release plans