Skip to main content

Notifications

Power Pages - General Discussions
Unanswered

Manually created Contacts are not recognised when signing in using the Microsoft identity provider

(1) ShareShare
ReportReport
Posted on by 4

I am attempting to allow both internal and external users access to a Power Pages site. I understand there are two ways to go about this:

  • Enable 'Open registration', which allows anybody with the URL to access the site; or
  • Manually add users to the Contact table, which is then mapped upon signing in with the chosen identity provider.

 

The first option does work, with a contact being created when users sign in with their Microsoft account. But this is not suitable for this site, as it should not be publically available.

 

I have tried the second option, by adding rows to the Contact table within Power Pages and using the New Contact form within Portal Management, but it just results in the user being kicked back to the login page upon signing in. No error message is displayed.

 

When adding users to the Contact table, I have ensured that all required fields are completed. I've also added the necessary entry to the External Identity table.

 

The Microsoft identity provider is enabled, which is configured with the appropriate Client ID / Client Secret from the sites Azure App Registration. Additional settings are at their defaults, except for 'Registration enabled' and 'Contact mapping with email', which are both enabled.

 

Within Portal Management, 'Authentication/Registration/Enabled' and 'Authentication/Registration/ExternalLoginEnabled' are both True.

 

Within Azure, in the Authentication section of the app registration, 'Supported account types' is set to 'Accounts in any organizational directory'.

 

I have also tried this on a default Power Pages site and the issue is present there as well.

 

Is there some other way of manually adding users to a site? Or have I just missed a step when adding users to the Contact table?

Categories:
  • Ajlan Profile Picture
    Ajlan 90 on at
    Manually created Contacts are not recognised when signing in using the Microsoft identity provider
    Hello,

    Verify that 'Login Enabled' is checked, 'Lockout Enabled' is unchecked, and the contact has the correct web role assigned.
     
    Cheers 
  • aofosu Profile Picture
    aofosu 101 on at
    Manually created Contacts are not recognised when signing in using the Microsoft identity provider
    The issue arises because the token passed from the external provider is not yet linked to the contact. The mapping process merely inserts the parameters (such as email, first name etc, depending on what the external provider sends) into the respective contact fields without verifying if the contact signing in is the correct one. To address this, you'll need to capture the token sent and then link the user by checking their email address/username in the contact table, then associate that token to contact record; this can be achieved using a pre-validation plugin.

    Alternatively, you can create a custom invitation module, which we are currently implementing for a project. This module allows you to invite users without needing to create their records beforehand. When the users receive the invitation, they can register using the code/GUID you sent them. They will go through the external partner's authentication, have a record created when they return to Power Pages (a shadow creation that happens automatically), and they can redeem the invitation and proceed with completing their profile.

    Realize that creation of contacts beforehand and sending them their login details requires using a local authentication which is not recommended/supported.
  • fshaikh Profile Picture
    fshaikh 33 on at
    Manually created Contacts are not recognised when signing in using the Microsoft identity provider
    Having the same problem. Were you able to resolve it? 
    In my case if I Enable Registrations then it takes me to redeem invitation page. If I disable that, it says regsistration is disabled. 
  • Fubar Profile Picture
    Fubar 7,683 on at
    Re: Manually created Contacts are not recognised when signing in using the Microsoft identity provider

    When manually creating the External Identity records, on the Contact record the Security Stamp must be populated with a guid (any guid, but must be a guid), Login Enabled set to Yes (checkbox ticked), I can't remember if Username is also required or not (if so for Azure AD its default is the GUID in the External Identity)

    And of course after making any such changes you need to clear the portal cache or wait 15mins for the data to be available to the portal.

     

    What you can also try, is with a user that logs in successfully, edit the External Identity record with the guid of another external user, clear the portal cache and see if you can login with the other user (should login as the Contact the External Identity guid is on).

  • jl2 Profile Picture
    jl2 4 on at
    Re: Manually created Contacts are not recognised when signing in using the Microsoft identity provider

    The portal user is not logged in, as this issue prevents them from doing so.

     

    I am populating these fields on the Contact record:

    • Email
    • First Name
    • Last Name
    • Login Enabled (true)

    Contact, Owner, and Status are automatically populated.

    I have also tried:

    • manually entering GUIDs into the User Name and Security Stamp fields,
    • creating External Identities, both through Portal Management and by manually adding rows to the External Identity table,
    • assigning any relevant Web Roles,

    but none of these make any difference.

  • Fubar Profile Picture
    Fubar 7,683 on at
    Re: Manually created Contacts are not recognised when signing in using the Microsoft identity provider

    @jl2 wrote:

     

    I have tried the second option, by adding rows to the Contact table within Power Pages and using the New Contact form within Portal Management, but it just results in the user being kicked back to the login page upon signing in. No error message is displayed.

     


    Is the Portal User logged in to the Portal, does their user name appear in the top right or does it still say Sign-in?

     


    @jl2 wrote:

    When adding users to the Contact table, I have ensured that all required fields are completed. I've also added the necessary entry to the External Identity table.

     


    As it appears you are attempting to manually create the External Identity record in Dataverse - exactly which fields have you populated on the Contact record and with what values?

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Microsoft Kickstarter Events…

Register for Microsoft Kickstarter Events…

Announcing Our 2025 Season 1 Super Users!

A new season of Super Users has arrived, and we are so grateful for the daily…

Announcing Forum Attachment Improvements!

We're excited to announce that attachments for replies in forums and improved…

Leaderboard

#1
WarrenBelz Profile Picture

WarrenBelz 145,526

#2
RandyHayes Profile Picture

RandyHayes 76,287

#3
Pstork1 Profile Picture

Pstork1 64,907

Leaderboard