web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

Welcome to the Power Platform Communities
Sign Up for Ask a Community Pro Today!
Share your business problems and get Power Platform leaders' perspectives!
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Pages / Azure AD Authenticatio...
Power Pages
Unanswered

Azure AD Authentication without registration

(0) ShareShare
ReportReport
Posted on by psreek 323

Hi,

 

My power pages is setup to use the Azure AD authentication within my tenant -

prathyoo_0-1703601423756.png

 

Now, we do not want the user to use the default registration method in the the power pages. Instead, they provide their profile information using a multistep form that records the First Name, Last Name and email address in the contact table.

 

Once an admin approves the contact record (by changing some field status), a power automate is called and a guest account is created for the user in our Azure AD. The user gets an email to set their password in Azure AD. All this is working fine.

 

We now want the user to use their Azure AD login to access the portal and connect to the existing contact record that was created. For this we made the following setting - 

prathyoo_2-1703602294204.png

 

Also, we switched off the "Open Registration" option.

prathyoo_3-1703602341794.png

 

But, when the user then tries to login with the user id and password, we get this error - 

 

prathyoo_1-1703601657029.png

But, this starts to work when the "Open Registration" is turned on. But, this is an issue for us as this now allows any one in the Azure AD to log in. We only want the users who are in the Contact table and with corresponding Azure AD guest account to be able to log in to the portal.

 

Any help is greatly appreciated.

Categories:
General topics
I have the same question (0)
  • fm_skeller Profile Picture
    fm_skeller 277 Moderator on at

    If you create both the Azure AD account and the contact record you could also create a linked external identity record - what is essentially what happens when the open registration is enabled. As long as you set the correct username (the Object ID of the Azure AD user account) and Identity Provider (something like https://sts.windows.net/<tenant-id>) it should work.

  • psreek Profile Picture
    psreek 323 on at

    For now we have used a bad hack to hide the registration view using javascript.

     

     

    We are pretty unhappy with the product that we have to write javascripts (which end users can disable) to do even basic configs.

     

     

    Step 1) Create a new content snippets - and should be exactly called "Account/SignIn/PageCopy"
    Step 2) Make that Snippets as HTML ... and add the JS code
    Step 3) JS Code:
     

     

    <script type="text/javascript">

var link = document.querySelector('a[href="/Account/Login/Register?returnUrl=%2F"]');

link.style.display = 'none';

</script>

     

    prathyoo_0-1706609925414.png

  • fm_skeller Profile Picture
    fm_skeller 277 Moderator on at

    Maybe I did not explain clearly enough, but hiding the registration tab with javascript is not necessary.
    If you link the contact record (the portal user) to the AD guest account by adding/checking if the external identity record is present - you can use the login without having the 'Allow registration' setting active - because it is set to false it will not render the registration tab. 

  • eswarcareless Profile Picture
    eswarcareless 49 on at

    I have requirements that are almost similar. Please find below the site-marker settings. The below markers setting should work

     

    eswarcareless_0-1706644947608.pngeswarcareless_1-1706644988353.png

     

  • Fubar Profile Picture
    Fubar 8,459 Super User 2026 Season 1 on at

    If you want Open Registration off then you probably have 2 options:

    • If the user exists in AD send the Contact an Invitation (https://learn.microsoft.com/en-us/power-pages/security/invite-contacts), when they redeem the invitation it will link the AD and Contact reocrd by creating an External Identity record
    • If you are automating the creation of the person in AD (e.g. using the Graph API), then at the same time create the External Identity record in dataverse (and update a couple of other fields on the Contact record, like login enabled)

    Als0, you could use the settings the enable mapping the person to the Contact record by email address, but in some cases this may be considered risky it is in the advanced settings when you configure the Identity Provider for your Power Pages see Contact Mapping with Email here https://learn.microsoft.com/en-us/power-pages/security/authentication/openid-provider#additional-settings-in-power-pages

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities
Sign Up for Ask a Community Pro Today!
Share your business problems and get Power Platform leaders' perspectives!

Quick Links

Forum hierarchy changes are complete!

In our never-ending quest to improve we are simplifying the forum hierarchy…

Kudos to our 2025 Community Spotlight Honorees

Congratulations to our 2025 community superstars!

Congratulations to the December Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Pages

#1
Suriyanarayanan V Profile Picture

Suriyanarayanan V 39

#2
oliver.rodrigues Profile Picture

oliver.rodrigues 28 Most Valuable Professional

#3
Fubar Profile Picture

Fubar 23 Super User 2026 Season 1

Last 30 days Overall leaderboard

Featured topics

Solution to LinkedIn Authentication in Power Apps Portals
Welcome to the Power Pages forum!

Product updates

Microsoft Power Platform Community release plans