Setting up authentication is a core customization in any Power Pages site. Simplified identity provider configuration in Power Pages provides in-app guidance for identity provider setup and abstracts setup complexities. Makers and administrators can easily configure the website for supported identity providers.

You can enable, disable, and configure identity providers from Power Pages by using simplified authentication configuration. After you select an identity provider, you can then follow prompts to easily enter the provider settings.

Note

Changes to the authentication settings might take a few minutes to be reflected on the website. Restart the website by using the admin center if you want the changes to be reflected immediately.

To configure an identity provider for your website:

You can configure the following general authentication settings by selecting Authentication Settings on the Identity providers page.

External login: External authentication is provided by the ASP.NET Identity API. Account credentials and password management are handled by third-party identity providers.

Open registration: Enables or disables the sign-up registration form for creating new local users.

Require unique email: Specifies whether a unique email address is needed for validating a new user during sign-up.

You can also go to general authentication settings from the details page by selecting Settings in the upper-right corner of the Identity providers section.

You can set any identity provider as the default. When an identity provider is set as the default, users signing in to the website aren't redirected to the sign-in page. Instead, the sign-in experience always defaults to signing in by using the selected provider.

Important

If you set an identity provider as the default, users won't have the option to choose any other identity provider.

After you set an identity provider as the default, you can select Remove as default to remove it. After you remove an identity provider from being the default, users will be redirected to the sign-in page and can choose from the identity providers you've enabled.

Note

You can only set a configured identity provider as the default. The Set as default option becomes available after you configure an identity provider.

Several identity providers that you can configure are added by default. You can add additional Azure Active Directory (Azure AD) B2C providers, or configure the available OAuth 2.0 providers such as LinkedIn or Microsoft.

Note

To add an identity provider, select Add provider from Authentication Settings.

Select from the available list of providers, enter a name, and then select Next to configure the provider settings. The provider name you enter here is displayed on the sign-in page for users as the text on the button they use when selecting this provider.

To configure a provider, select Configure (or select More Commands (...), and then select Configure).

Note

You can use Add provider or Configure to add or configure a provider for the first time. After you configure a provider, you can edit it. You can also select the provider name hyperlink to open the configuration options quickly.

The configuration steps after you select Next depend on the type of identity provider you select. More information: Common identity providers

After you add and configure a provider, you can see the provider in the Enabled state on settings or details pages.

To edit a provider you've configured, select it, select More Commands (...), and then select Edit configuration.

Refer to the provider-specific articles to edit settings for the provider type you selected.

To delete an identity provider, select More Commands (...), and then select Delete.

Deleting a provider deletes your provider configuration for the selected provider type, and the provider becomes available again for configuration.

Note

When you delete a provider, only the configuration for the provider is deleted. For example, if you delete the LinkedIn provider, your LinkedIn app and app configuration remain intact. Similarly, if you delete an Azure AD B2C provider, only the configuration is deleted; the Azure tenant configuration for this provider won't change.

If you delete and re-create your Power Pages site, users might receive the following error when signing in. When this issue happens, update the website's identity provider configuration correctly.

Sorry, but we're having trouble signing you in.

AADSTS700016: Application with identifier 'https://contoso.powerappsportals.com/' was not found in the directory 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant.