web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

Welcome to the Power Platform Communities
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Pages / Security control on cr...
Power Pages
Unanswered

Security control on credentials for 'Local Authentication' of PowerApps Portal

(0) ShareShare
ReportReport
Posted on by UADev

Hello,

As a part of Client project, we are setting up a PowerApps Portal using the "Local Authentication" (also known as "Contact provider authentication") that comes naively with the Portal provisioning:

 

We have been asked to implement security control in Portal where credentials (of external contacts) are protected by ensuring:
 passwords/passphrases expire every 12 months
 password/passphrase stretching is implemented
 passwords/passphrases that are compromised are revoked
 Password/passphrase resets are random for each individual reset, not reused when resetting multiple accounts, and not based on another identifying factor such as the user’s name or the date.

 

Can someone please confirm if someone has handle above requirements with the local authentication setup and some guidance around how? Thanks.

Categories:
Power Apps portals
I have the same question (0)
  • oliver.rodrigues Profile Picture
    oliver.rodrigues 9,449 Most Valuable Professional on at

    Microsoft recommends not using Local Authentication, but instead having an Azure AD B2C, which is a bit annoying to setup, but it's something you do only once, and will give you more security and future proof of your Portals: https://readyxrm.blog/2019/07/24/configure-azure-ad-b2c-for-powerapps-portals/

    I believe those policies you need can be achieved there (haven't tried myself though): https://docs.microsoft.com/en-us/azure/active-directory-b2c/

     

    If you still prefer keeping local authentication, you can setup those but not through the Portal exactly, but through CRM processes

     

    To expire a password you can have a workflow to change the password value in your contact record + send an e-mail to reset the password

    have a custom entity with all passwords history so it wouldn't repeat etc

    all would require CRM process/plugins etc

     

    ------------

    If you like this post, give a Thumbs up. Where it solved your request, Mark it as a Solution to enable other users find it.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Users!

Kudos to our 2025 Community Spotlight Honorees

Congratulations to our 2025 community superstars!

Congratulations to the February Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Pages

#1
DP_Prabh Profile Picture

DP_Prabh 41

#2
oliver.rodrigues Profile Picture

oliver.rodrigues 35 Most Valuable Professional

#3
rezarizvii Profile Picture

rezarizvii 28

Last 30 days Overall leaderboard

Featured topics

Solution to LinkedIn Authentication in Power Apps Portals
Welcome to the Power Pages forum!

Product updates

Microsoft Power Platform Community release plans