Identify differences in Portal Behavior in Power Apps Portals
In Power Apps portals, every authenticated portal user is linked with a contact record in Microsoft Dataverse. Moreover, portal users must be assigned to web roles for gaining permissions beyond unauthenticated users. You must also define a web role’s webpage access and website access control rules in order to configure permissions. Additionally, Power App Portals allows portal users to sign in with an external account of their choice using ASP.NET Identity.
| Provider | Protocol | Documentation |
|---|---|---|
| Azure Active Directory (Azure AD) | OpenID Connect | Azure AD with OpenID Connect |
| Azure AD | SAML 2.0 | Azure AD with SAML 2.0 |
| Azure AD | WS-Federation | Azure AD with WS-Federation |
| Azure AD B2C | OpenID Connect | Azure AD B2C with OpenID Connect Azure AD B2C with OpenID Connect (manual configuration) |
| Azure Directory Federation Services (AD FS) | SAML 2.0 | AD FS with SAML 2.0 |
| AD FS | WS-Federation | AD FS with WS-Federation |
| Microsoft | OAuth 2.0 | Microsoft |
| OAuth 2.0 | ||
| OAuth 2.0 | ||
| OAuth 2.0 | ||
| OAuth 2.0 | ||
| Local authentication (not recommended) | Not applicable | Local authentication |
Features of Open Registration
- Firstly, open registration is the least restrictive sign-up configuration, such that the portal permits a user account to be registered by providing a user identity.
- Secondly, configurations require users to provide an invitation code or valid email address to register with the portal.
- Thirdly, the registration configuration, both local and external accounts participate equally in the registration workflow.
- Next, during sign-up, the users have the option of selecting an external identity from a list of identity providers for creating a local account
- Then, if an external identity is selected, the user is required to sign in through the chosen identity provider to prove that they own the external account.
- Lastly, whether in external or local identity provider situations, the user is immediately registered and authenticated with the portal.
Note – As the open registration enables, users do not have to provide an invitation code to complete the sign-up process.
Local authentication, registration, and other settings
The authentication capability in the portals feature is based on the ASP.NET Identity API. The OWIN framework, which is also an important component of the authentication system, is developed on top of ASP.NET Identity. Among the services offered are:
- Local (username/password) user sign-in
- External (social provider) user sign-in through third-party identity providers
- Two-factor authentication with email
- Email address confirmation
- Password recovery
- Invitation code sign-up for registering prepopulated contact records
Requirements
Portals require:
- Portals Base
- Microsoft Identity
- Microsoft Identity Workflows solution packages
Authentication overview
Returning portal visitors can log in using their local user credentials or accounts with external identity providers. A new visitor can create a user account by giving a username and password or by using an external source to sign in. Visitors who have received an invitation code from the portal administrator can use it to create a new user account.
Forgot password or password reset
Returning visitors who need to reset their password (who have previously supplied an email address in their user profile) can request that a password reset token to be sent to their email account. The owner of a reset token can pick a new password. The token can also be discarded, preserving the user’s original password.
Redeem an invitation
By redeeming an invitation code, a registered visitor can be linked to an existing contact record that was created particularly for that visitor ahead of time. The invitation codes are often sent out by email, but you may also send them out via a generic code submission form. After submitting a valid invitation code, the new user account can create via the standard user registration (sign-up) process.
For more details visit: Local authentication, registration, and other settings, authentication in Power Apps portals
