Power Pages Authentication Made Simple

Power Pages is a service offered by Microsoft as part of its Power Platform suite. It allows users to quickly build and deploy modern, secure, and responsive websites that can be used for various purposes, such as:

• Business data collection
• Workflows
• Customer interactions

Essentially, Power Pages is designed to enable anyone, regardless of their technical expertise, to create web pages that integrate seamlessly with Microsoft's data connectors and services, such as Dynamics 365 and Microsoft Dataverse.

The platform provides a low-code approach, meaning you can use drag-and-drop features and pre-built templates to construct web pages without needing deep coding knowledge. It's particularly beneficial for businesses wanting to create portals for customer engagement, internal use, or for specific functions like event registrations and product launches.

Power Pages is built on the capabilities of Microsoft's earlier offering, Power Apps Portals, but it adds more advanced features, better security tools, and a more intuitive design studio, making it easier to design, secure, and publish websites.

One of the standout benefits of Power Pages is its optimization for fusion team collaboration and productivity, enabling users of all coding skill levels to contribute effectively. Furthermore, organizations can securely collect and share business data beyond their tenant, integrating with existing line-of-business systems and third-party services.

However, one important consideration is that Power Pages doesn't handle user authentication directly. In this article, we'll explore the various authentication options available to developers and guide you through the platform's diverse use cases. Don't worry if you're not a developer — this is more of an architectural overview to help you navigate the best solution for your business case. We'll cover key options like Azure AD B2C, Microsoft Entra External ID (preview), Entra ID B2B, third-party products, and custom identity providers.

Authentication and Authorization

In this section, we will discuss how users authenticate (confirm who they say they are) and are authorized (validate that users have permission to complete attempted actions). Below is a chart that ranks authentication methods from worst to best in terms of security. A system that allows users to authenticate with password-less systems such as MFA, facial recognition, security keys, and certificates are the optimal method.

One important note to consider is that your Power Pages application doesn't manage authentication directly; rather, it needs to be federated with an Identity Provider (IdP), such as:

• Entra ID B2C or B2B
• LinkedIn
• Google
• Facebook
• Okta

IdPs can be configured in the Set up tab in Power Pages:

External User Authentication

To bring external users into your Power Pages, use Entra ID External Identites to easily add authentication and customer identity and access management. Since Power Pages is a registered app, Entra ID External Identities can be used to customize the external users' sign in experience; additionally, you can manage these users in a Microsoft Entra tenant in an external configuration (separate from your internal staff and resources).

Microsoft Entra ID B2B Collaboration is designed for secure collaboration across various organizations, allowing users from external organizations to access resources using their existing credentials, managed via Azure Active Directory. It is ideal for scenarios that require scalable and flexible access control with robust security features like conditional access and multifactor authentication. Customization options for login pages/user flows are not as extensive as in Azure AD B2C, which may lead to a less branded experience for external users. Tools such as our Extranet User Manager allow business users to create branded portals with custom login/registration experiences for external users while leveraging B2B Collaboration's robust authentication.

B2B Direct Connect differs by creating a more streamlined and secure connection between specific organizations' Azure AD tenants. It simplifies collaboration by establishing a direct trust relationship, enabling users to access resources as if they were part of the same organization, thus bypassing the complexities of managing external identities. This service is less flexible than Entra ID B2B Collaboration, as it is designed specifically for high-trust environments, rather than scenarios where organizations need to collaborate with a wide range of partners with varying levels of trust and access requirements.

Azure AD B2C on the other hand, is tailored for external customer identity management. It allows businesses to connect with their customers using fully customizable user experiences, supporting logins and access management through a wide range of identity providers, including social accounts. This service focuses on consumer-facing applications, emphasizing scalability, customization, and consumer identity protection. Because of its focus on consumers, this service is limited in integrations needed for enterprise use.

In summary, while Entra ID B2B and B2B Direct Connect are focused on inter-organizational collaboration, the former provides more general access management and the latter offers deeper integration for specific partners. Azure AD B2C extends the capability to consumer interactions, supporting large-scale identity management in customer-facing scenarios. Each serves distinct use cases, tailored to either organizational collaboration or consumer management needs.

The diagram below compares how these three services are set up and enable collaboration in Microsoft 365.

Entra ID B2B in Power Pages

In the context of Power Pages, you may need to have delegated permissions where you're accessing systems in the context of the signed-in user, or you may be giving access to SharePoint document libraries or lists, custom APIs, or secure Logic App workflows. We will discuss each of these in this section.

SharePoint Document Access

SharePoint, Microsoft Purview, and Entra ID create a powerful combination for secure document management in Power Pages. SharePoint provides a central repository for storing and managing documents accessible through the portal. Microsoft Purview enforces compliance by classifying, labelling, and protecting documents, ensuring that sensitive information is both secure and auditable. Entra ID handles identity and access management, allowing only authenticated and authorized internal or external users to access SharePoint documents. Together, these tools enable seamless, secure collaboration across various user roles and identities.

Not sure how to classify the sensitivity of your documents? Our comprehensive article on the Traffic Light Protocol can help. This system simplifies sensitivity labels in Microsoft 365, offering an intuitive guide to determining the appropriate security level for your documents. It also explains which Microsoft 365 security measures should be implemented based on where your documents fall on the "shareability" scale.

In conclusion, Microsoft Power Pages provides versatile authentication options that enable businesses to securely manage user access through identity providers like Azure AD B2C, Microsoft Entra External ID, and third-party services. While Power Pages doesn't directly handle authentication, it integrates seamlessly with these identity solutions to facilitate external user onboarding and provide secure collaboration across organizations. With robust tools for external user management, delegated permissions, and compliance, the platform ensures sensitive business data remains protected.