web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

Agent Academy Hackathon is happening now!
Welcome to the Power Platform Communities
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Pages / Sign Up to Power Pages...
Power Pages
Unanswered

Sign Up to Power Pages on Behalf of Contacts - Azure AD B2C

(0) ShareShare
ReportReport
Posted on by SimonB_FP 15

I'm looking for some help with using Azure AD B2C with Power Pages. I've integrated Azure AD B2C as an identity provider with Power Pages previously using the default Sign Up/Sign In and Password Reset user flows.

 

I now have a more complex requirement and I'm trying to figure out the cleanest way to design and implement and provide the best UX.

 

The portal will effectively be invitation only for selected existing contacts. Given that we already know the Contact's details (First Name/Last Name/Email Address) we want to complete the Azure AD B2C sign up on behalf of the user rather than using the out-of-the-box invitation process which would require the user to enter their details upon sign up. Once signed up, we will email them a link for logging on and setting a password for the first time. We need to avoid the poor practice of sending a password to a user via email. MFA via Email will be enabled.

 

Our plan was to implement the default Sign In and Password Reset user flows, without a Sign Up user flow, and use Graph API for creating the users in Azure AD B2C. We can use the returned ID to create the External Identity record and set the username and other portal-specific fields on the contact record etc.

 

All of this seems to work ok in principle, but we can't figure out how to prompt the user to set their password on first login. The hope was just to send them to the Password Reset page, but it's not clear how we'd do that. Currently users have to go to the Sign In page, click 'Forgot your password?', go through 2 lots of email verification code entry (both requiring the email address to be entered manually), after which the user can finally set the password and successfully login to the portal. This seems clunky at the very least.

 

Has anyone successfully implemented a similar workflow with a slick UX? If so, how did you achieve it?

 

Grateful for any help!

Categories:
Security
I have the same question (0)
  • fm_skeller Profile Picture
    fm_skeller 277 Moderator on at

    You can set the 'password expired' flag when creating the Azure B2C user. After the first time they login they will automatically be prompted to reset the password. You do need to enable a separate setting in the Azure B2C flow to allow users to logon with an expired password, otherwise they will only get an error stating that their password expired.

  • Tino Rabe Profile Picture
    Tino Rabe 34 on at

    Hi @SimonB_FP ,

     

    have you considered to use one time passwords in AD B2C instead of stored passwords?

    The idea is that you programatically setup the user in AD B2C.

    Whenever the user wants to login, a one time password is requested generated with a limited timespan (e.g. 15 minutes).
    The user then receives the password via email and then authenticates against AD B2C with this one time password.


    In my opinion, this reduces friction even more and gives a great experience.

    Let's face it, people do not want to remember a separate set of credentials every time they sign up for a new service.

    But all users have one thing in common: they own a unique email.

    Of course, the security concept must embrace the idea of having the email as a single factor, but it is the same story with a password.

  • SimonB_FP Profile Picture
    SimonB_FP 15 on at

    Thanks. It crossed my mind but I don't believe it's possible without using custom policies. We have to use default policies within this project due to budgetary constraints.

  • SimonB_FP Profile Picture
    SimonB_FP 15 on at

    Thanks, but I want to avoid sending the user a password in the first place - I just want the user to password reset via MFA on first login, but without it being so clunky or requiring multiple verification code emails.

  • fm_skeller Profile Picture
    fm_skeller 277 Moderator on at

    And what if you send a link via email that redirects to the password reset policy? 
    something like <portalurl>/Account/Login/ExternalLogin?returnUrl=%2F&amp;provider=https%3A%2F%2F<-b2ctenant->.b2clogin.com%2Ftfp%2F<-guid->%2Fb2c_name-of-resetflow%2Fv2.0%2F

  • Fubar Profile Picture
    Fubar 8,493 Super User 2026 Season 1 on at

    I am not an expert in B2C, but my first thought was One Time Passcode (but see you didn't like that suggestion earlier), then the Forgot Password (that you also have tried), you may find that options beyond those are limited and would require you to seed an initial password in B2C (if there is an initial existing Password you provide to the user you can set a force password reset flow https://learn.microsoft.com/en-us/azure/active-directory-b2c/force-password-reset?pivots=b2c-user-flow).

    This link is basically asking the same thing, but requires custom policy https://learn.microsoft.com/en-us/answers/questions/1108323/create-invite-user-in-azure-ad-b2c-and-then-allow

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Agent Academy Hackathon is happening now!
Welcome to the Power Platform Communities

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Users!

Kudos to our 2025 Community Spotlight Honorees

Congratulations to our 2025 community superstars!

Congratulations to the April Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Pages

#1
Valantis Profile Picture

Valantis 49

#2
11manish Profile Picture

11manish 33

#3
Haque Profile Picture

Haque 28

Last 30 days Overall leaderboard

Featured topics

Solution to LinkedIn Authentication in Power Apps Portals
Welcome to the Power Pages forum!

Product updates

Microsoft Power Platform Community release plans