web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Pages / Manually created Conta...
Power Pages
Unanswered

Manually created Contacts are not recognised when signing in using the Microsoft identity provider

(1) ShareShare
ReportReport
Posted on by jl2 4

I am attempting to allow both internal and external users access to a Power Pages site. I understand there are two ways to go about this:

  • Enable 'Open registration', which allows anybody with the URL to access the site; or
  • Manually add users to the Contact table, which is then mapped upon signing in with the chosen identity provider.

 

The first option does work, with a contact being created when users sign in with their Microsoft account. But this is not suitable for this site, as it should not be publically available.

 

I have tried the second option, by adding rows to the Contact table within Power Pages and using the New Contact form within Portal Management, but it just results in the user being kicked back to the login page upon signing in. No error message is displayed.

 

When adding users to the Contact table, I have ensured that all required fields are completed. I've also added the necessary entry to the External Identity table.

 

The Microsoft identity provider is enabled, which is configured with the appropriate Client ID / Client Secret from the sites Azure App Registration. Additional settings are at their defaults, except for 'Registration enabled' and 'Contact mapping with email', which are both enabled.

 

Within Portal Management, 'Authentication/Registration/Enabled' and 'Authentication/Registration/ExternalLoginEnabled' are both True.

 

Within Azure, in the Authentication section of the app registration, 'Supported account types' is set to 'Accounts in any organizational directory'.

 

I have also tried this on a default Power Pages site and the issue is present there as well.

 

Is there some other way of manually adding users to a site? Or have I just missed a step when adding users to the Contact table?

Categories:
General topics
I have the same question (1)
  • Fubar Profile Picture
    Fubar 8,338 Super User 2025 Season 2 on at
    @jl2 wrote:

     

    I have tried the second option, by adding rows to the Contact table within Power Pages and using the New Contact form within Portal Management, but it just results in the user being kicked back to the login page upon signing in. No error message is displayed.

     

    Is the Portal User logged in to the Portal, does their user name appear in the top right or does it still say Sign-in?

     

    @jl2 wrote:

    When adding users to the Contact table, I have ensured that all required fields are completed. I've also added the necessary entry to the External Identity table.

     

    As it appears you are attempting to manually create the External Identity record in Dataverse - exactly which fields have you populated on the Contact record and with what values?

  • jl2 Profile Picture
    jl2 4 on at

    The portal user is not logged in, as this issue prevents them from doing so.

     

    I am populating these fields on the Contact record:

    • Email
    • First Name
    • Last Name
    • Login Enabled (true)

    Contact, Owner, and Status are automatically populated.

    I have also tried:

    • manually entering GUIDs into the User Name and Security Stamp fields,
    • creating External Identities, both through Portal Management and by manually adding rows to the External Identity table,
    • assigning any relevant Web Roles,

    but none of these make any difference.

  • Fubar Profile Picture
    Fubar 8,338 Super User 2025 Season 2 on at

    When manually creating the External Identity records, on the Contact record the Security Stamp must be populated with a guid (any guid, but must be a guid), Login Enabled set to Yes (checkbox ticked), I can't remember if Username is also required or not (if so for Azure AD its default is the GUID in the External Identity)

    And of course after making any such changes you need to clear the portal cache or wait 15mins for the data to be available to the portal.

     

    What you can also try, is with a user that logs in successfully, edit the External Identity record with the guid of another external user, clear the portal cache and see if you can login with the other user (should login as the Contact the External Identity guid is on).

  • fshaikh Profile Picture
    fshaikh 33 on at
    Having the same problem. Were you able to resolve it? 
    In my case if I Enable Registrations then it takes me to redeem invitation page. If I disable that, it says regsistration is disabled. 
  • aofosu Profile Picture
    aofosu 105 on at
    The issue arises because the token passed from the external provider is not yet linked to the contact. The mapping process merely inserts the parameters (such as email, first name etc, depending on what the external provider sends) into the respective contact fields without verifying if the contact signing in is the correct one. To address this, you'll need to capture the token sent and then link the user by checking their email address/username in the contact table, then associate that token to contact record; this can be achieved using a pre-validation plugin.

    Alternatively, you can create a custom invitation module, which we are currently implementing for a project. This module allows you to invite users without needing to create their records beforehand. When the users receive the invitation, they can register using the code/GUID you sent them. They will go through the external partner's authentication, have a record created when they return to Power Pages (a shadow creation that happens automatically), and they can redeem the invitation and proceed with completing their profile.

    Realize that creation of contacts beforehand and sending them their login details requires using a local authentication which is not recommended/supported.
  • Ajlan Profile Picture
    Ajlan 235 on at
    Hello,

    Verify that 'Login Enabled' is checked, 'Lockout Enabled' is unchecked, and the contact has the correct web role assigned.
     
    Cheers 

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!

Quick Links

Forum hierarchy changes are complete!

In our never-ending quest to improve we are simplifying the forum hierarchy…

Ajay Kumar Gannamaneni – Community Spotlight

We are honored to recognize Ajay Kumar Gannamaneni as our Community Spotlight for December…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Pages

#1
Jerry-IN Profile Picture

Jerry-IN 71

#2
Fubar Profile Picture

Fubar 62 Super User 2025 Season 2

#3
sannavajjala87 Profile Picture

sannavajjala87 31

Last 30 days Overall leaderboard

Featured topics

Solution to LinkedIn Authentication in Power Apps Portals
Welcome to the Power Pages forum!

Product updates

Microsoft Power Platform Community release plans