Skip to main content

Notifications

Power Pages - Security
Unanswered

Power Pages OpenID Connect for multi-tennancy authentication with Azure AD Tenants

(1) ShareShare
ReportReport
Posted on by 18

Has anyone successfully implemented authentication with any Microsoft 365 tenant?

 

My use case is that i'm developing a customer portal for my clients and I want these clients to be able to authenticate against their own Microsoft 365 tenant.

 

This also applies later when I want to build a product that can be accesses by any user in any other tenant.

 

It looks like this should be possible using the OpenID Connect identity provider against Microsoft as shown here: https://learn.microsoft.com/en-us/power-pages/security/authentication/openid-provider

 

IT even suggests that the above is possible in that document:

"Enable authentication by using a multitenant Azure AD application

You can configure your website to accept Azure AD users from any tenant in Azure, and not just from a specific tenant, by using the multitenant application registered in Azure AD."

 

I've found no videos or walkthroughs that explicitly show you the settings required and i've been unable to to implement this myself.

 

 

Categories:
  • Suggested answer
    mastersnake Profile Picture
    mastersnake 2 on at
    Power Pages OpenID Connect for multi-tennancy authentication with Azure AD Tenants
    Hi,
    you need to follow the steps here.
     
    i have already implemented this and it's working fine. faced like one issue. but support was able to help us out.
     
  • loggersen Profile Picture
    loggersen 2 on at
    Power Pages OpenID Connect for multi-tennancy authentication with Azure AD Tenants
    dokane's response saved the day for me. I tried everything with the settings using the power pages studio and nothing worked. Creating all the site settings manually like dokane's example did the trick.
  • dokane Profile Picture
    dokane 27 on at
    Re: Power Pages OpenID Connect for multi-tennancy authentication with Azure AD Tenants

    Hi Ian, sorry I'm on leave now so won't get you any screenshots for a while. That's a pity you can't get it going on your instance. There must be something somewhere in the config or setup.

     

    One thing in response to your theory, I did get it going with a non D365 template portal - I did POC on a new Power Pages template before replicating on a customer environment, then with D365 Customer self service template.

  • Ian-Waters Profile Picture
    Ian-Waters 18 on at
    Re: Power Pages OpenID Connect for multi-tennancy authentication with Azure AD Tenants

    I have a horrible feeling Microsoft have locked out this functionality on any templates other than the Dynamics 365 ones meaning you have to pay a hefty monthly fee from the get go.

     

    Come on Microsoft...

  • Ian-Waters Profile Picture
    Ian-Waters 18 on at
    Re: Power Pages OpenID Connect for multi-tennancy authentication with Azure AD Tenants

    Hi dokane, Many thanks for the response. Im still having issues after replicating what you have. When I click to sign in i just get "This page isn't working at the momentIf the problem continues, contact the site owner. HTTP ERROR 401"

     

    Any chance i can get a screen shot or export of all of your site settings?

  • dokane Profile Picture
    dokane 27 on at
    Re: Power Pages OpenID Connect for multi-tennancy authentication with Azure AD Tenants

    Hi Ian,

     

    I just did a proof of concept on this very thing, this very morning!

     

    Found that manually creating the Site Settings did the trick as the wizard creates and insists on some settings which left me with invalid sign in errors. I haven't yet been able to figure out why and what knock on I have for excluding those settings, for now.

     

    Rough steps:

     

    Create the App Registration in Azure (named CustomerAzureAD in my case)

    Follow instructions in the Msft doc but select Accounts in any organizational directory (Any Azure AD directory - Multitenant) and make sure under Implicit grant,  you have selected the ID tokens check box.

     

    Then in Portal Management Studio manually create your site settings:

     

    Authentication/OpenIdConnect/OpenId_1/AllowContactMappingWithEmail = true

    Authentication/OpenIdConnect/OpenId_1/Authority = https://login.windows.net/common/  (documentation said (the newer!) https://login.microsoftonline.com/common  but it would not work for me!)

    Authentication/OpenIdConnect/CustomerAzureAD/Caption = (whatever you want to call your button)

    Authentication/OpenIdConnect/CustomerAzureAD/ClientId =  the Application ID from Azure 

    Authentication/OpenIdConnect/CustomerAzureAD/ExternalLogoutEnabled = true

    Authentication/OpenIdConnect/CustomerAzureAD/IssuerFilter = https://sts.windows.net/*/

    Authentication/OpenIdConnect/CustomerAzureAD/RedirectUri = yourportal.powerappsportals.com/signin-openid_1

    Authentication/OpenIdConnect/CustomerAzureAD/ValidateIssuer = false

    Additonally I've configured:

    Authentication/Registration/Enabled = true

    Authentication/Registration/InvitationEnabled = true

    Authentication/Registration/OpenRegistrationEnabled = false

     

    You'll see that even though you have manually created the Identity Provider it does appear in the listed Providers in Authentication Settings for your Portal.

    dokane_0-1688655900027.png

     

     

    Let me know if you figure anything else out with this, that I haven't already 😀

     

    Good luck!

     

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Microsoft Kickstarter Events…

Register for Microsoft Kickstarter Events…

Announcing Our 2025 Season 1 Super Users!

A new season of Super Users has arrived, and we are so grateful for the daily…

Announcing Forum Attachment Improvements!

We're excited to announce that attachments for replies in forums and improved…

Leaderboard

#1
WarrenBelz Profile Picture

WarrenBelz 145,567

#2
RandyHayes Profile Picture

RandyHayes 76,287

#3
Pstork1 Profile Picture

Pstork1 64,907

Leaderboard

Featured topics