Skip to main content

Notifications

Power Pages - General Discussions
Unanswered

Azure AD Authentication without registration

(0) ShareShare
ReportReport
Posted on by 307

Hi,

 

My power pages is setup to use the Azure AD authentication within my tenant -

prathyoo_0-1703601423756.png

 

Now, we do not want the user to use the default registration method in the the power pages. Instead, they provide their profile information using a multistep form that records the First Name, Last Name and email address in the contact table.

 

Once an admin approves the contact record (by changing some field status), a power automate is called and a guest account is created for the user in our Azure AD. The user gets an email to set their password in Azure AD. All this is working fine.

 

We now want the user to use their Azure AD login to access the portal and connect to the existing contact record that was created. For this we made the following setting - 

prathyoo_2-1703602294204.png

 

Also, we switched off the "Open Registration" option.

prathyoo_3-1703602341794.png

 

But, when the user then tries to login with the user id and password, we get this error - 

 

prathyoo_1-1703601657029.png

But, this starts to work when the "Open Registration" is turned on. But, this is an issue for us as this now allows any one in the Azure AD to log in. We only want the users who are in the Contact table and with corresponding Azure AD guest account to be able to log in to the portal.

 

Any help is greatly appreciated.

Categories:
  • Fubar Profile Picture
    Fubar 7,690 on at
    Re: Azure AD Authentication without registration

    If you want Open Registration off then you probably have 2 options:

    • If the user exists in AD send the Contact an Invitation (https://learn.microsoft.com/en-us/power-pages/security/invite-contacts), when they redeem the invitation it will link the AD and Contact reocrd by creating an External Identity record
    • If you are automating the creation of the person in AD (e.g. using the Graph API), then at the same time create the External Identity record in dataverse (and update a couple of other fields on the Contact record, like login enabled)

    Als0, you could use the settings the enable mapping the person to the Contact record by email address, but in some cases this may be considered risky it is in the advanced settings when you configure the Identity Provider for your Power Pages see Contact Mapping with Email here https://learn.microsoft.com/en-us/power-pages/security/authentication/openid-provider#additional-settings-in-power-pages

  • eswarcareless Profile Picture
    eswarcareless 47 on at
    Re: Azure AD Authentication without registration

    I have requirements that are almost similar. Please find below the site-marker settings. The below markers setting should work

     

    eswarcareless_0-1706644947608.pngeswarcareless_1-1706644988353.png

     

  • fm_skeller Profile Picture
    fm_skeller 277 on at
    Re: Azure AD Authentication without registration

    Maybe I did not explain clearly enough, but hiding the registration tab with javascript is not necessary.
    If you link the contact record (the portal user) to the AD guest account by adding/checking if the external identity record is present - you can use the login without having the 'Allow registration' setting active - because it is set to false it will not render the registration tab. 

  • psreek Profile Picture
    psreek 307 on at
    Re: Azure AD Authentication without registration

    For now we have used a bad hack to hide the registration view using javascript.

     

     

    We are pretty unhappy with the product that we have to write javascripts (which end users can disable) to do even basic configs.

     

     

    Step 1) Create a new content snippets - and should be exactly called "Account/SignIn/PageCopy"
    Step 2) Make that Snippets as HTML ... and add the JS code
    Step 3) JS Code:
     

     

    <script type="text/javascript">
    
    var link = document.querySelector('a[href="/Account/Login/Register?returnUrl=%2F"]');
    
    link.style.display = 'none';
    
    </script>

     

    prathyoo_0-1706609925414.png

  • fm_skeller Profile Picture
    fm_skeller 277 on at
    Re: Azure AD Authentication without registration

    If you create both the Azure AD account and the contact record you could also create a linked external identity record - what is essentially what happens when the open registration is enabled. As long as you set the correct username (the Object ID of the Azure AD user account) and Identity Provider (something like https://sts.windows.net/<tenant-id>) it should work.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Microsoft Kickstarter Events…

Register for Microsoft Kickstarter Events…

Announcing Our 2025 Season 1 Super Users!

A new season of Super Users has arrived, and we are so grateful for the daily…

Announcing Forum Attachment Improvements!

We're excited to announce that attachments for replies in forums and improved…

Leaderboard

#1
WarrenBelz Profile Picture

WarrenBelz 145,666

#2
RandyHayes Profile Picture

RandyHayes 76,287

#3
Pstork1 Profile Picture

Pstork1 64,996

Leaderboard