Power Pages  

How to Set Up Microsoft Authentication in Power Pages for External Users

Hello friends! In this blog, I’ll walk you through how to configure a Microsoft (Entra ID) login for your Power Pages website. If you’re working on client projects or exploring Power Pages authentication options, this article will be helpful. I’ll try to keep it simple and straight to the point, just like how we’d explain to a teammate in our office.

Why Microsoft Login?

If your Power Pages site is going to be accessed by internal users from your organization or trusted partners who use Microsoft accounts, then Microsoft (formerly Azure AD / now Entra ID) login is the easiest and most secure way to go.

We can let users sign in using their corporate Microsoft 365 accounts, no need to manage separate credentials!

Prerequisites

Before we start, make sure you have the below.

  • Power Pages site created
  • Access to the Microsoft Entra admin center
  • Global admin or privileged role to register the app
  • Basic understanding of the Power Platform admin portal

Step 1. Register the app in Microsoft Entra ID (Azure AD).

Log in to https://entra.microsoft.com

Do We Really Need a New App Registration?

Many developers (including me at first!) get confused here — Power Pages says to create a new app registration, but most of the time, you don’t need to.

Why?

When you create a new Power Pages site, it already creates an app registration automatically in your Azure Entra (formerly Azure AD) tenant. So, no need to create another one unless you have a very custom scenario.

Let's Find and Configure That Auto-Created App Registration

Once your site is created, you can locate and confirm the correct app registration in your Azure portal.

Go to https://entra.microsoft.com

Navigate to App registrations.

App registrations

Under Owned applications, you’ll see something like.

Owned applications

That’s the one Power Pages created for you.

Match the Application (Client) ID

Let’s double-check it’s the right one.

In Power Pages.

  1. Go to your Power Pages Studio
  2. Click on Set up from the left panel
  3. Then go to Site details
  4. Look at the bottom-right corner — you’ll see an Application ID

Application ID

In Azure

  1. Go back to Azure Entra > App registrations
  2. Find the app named Portals-<sitename>
  3. Match its application (client) ID with the one from Power Pages

If they match, that’s your app!

App

So instead of creating a new app from scratch, you just need to configure this existing app with the right redirect URI, permissions, and secrets for Microsoft login to work smoothly.

Click the Power Pages demo.

Pages demo

Alright, found the app. Let’s configure it properly.

Now that we’ve confirmed this is the app registration linked to our Power Pages site, let’s go ahead and configure it properly so Microsoft sign-in works without issues.

Step 2. Copy the Reply URL from Power Pages.

  1. Go back to your Power Pages editor tab.
  2. Click on Set up > Identity providers.
  3. Next to the Microsoft option, click on the Configure button again.
  4. Click Next, and now you’ll see the Reply URL — copy this value.

Reply URL

This URL is important because it’s the endpoint where Microsoft will send the login response back to your portal.

Step 3. Add Reply URL to Azure App Registration.

  1. Open your Azure portal (https://entra.microsoft.com)
  2. Go to App registrations, and open the app named something like Portals-<your-site-name>
  3. In the left menu, click on Authentication
  4. Scroll down and click Add a platform (or "Add URI" if it's already Web-based)
  5. Paste the Reply URL you copied from Power Pages
  6. Click Save

Azure App

Done! Now your app registration knows it's allowed to accept login requests from your Power Pages site.

Step 4. Create a Client Secret.

Next, we need to create a Client Secret, which is like a password that securely links Power Pages and Azure AD during login.

  1. In your Azure app registration, go to Certificates & secrets
  2. Under the Client Secrets section, click + New Client Secret
  3. Give it a description like.

Power Pages - Microsoft login

  1. Choose an expiry duration (like 6 or 12 months)
  2. Click Add

Click Add

Important. Once it’s created, copy the Value immediately.

You’ll only see this once — if you miss it, you’ll need to create a new one.

Step 5. Configure in Power Pages Admin Center.

  1. Go to make.powerapps.com and log in if prompted.
  2. Check the environment listed in the top-right corner and change it if necessary.
  3. Scroll down until you see Your apps.
  4. To the right of your Power Pages website, hit the ellipsis (...) and select Edit.
  5. If prompted, choose Try Power Pages.
  6. Once the Power Pages editor opens, choose Set Up from the side menu.
  7. Within the Setup menu, choose Identity Providers.

Security

Click Add Identity Provider.

Add Identity provider

Choose Microsoft from the list.

Choose Microsoft

Step 6. Paste Client Secret and Client ID in Power Pages.

Now that we have the Client Secret, let’s plug it back into Power Pages.

  1. Go back to the Power Pages editor
  2. In the Microsoft identity provider configuration screen:
    • Paste the Client's Secret into the respective field
    • Leave this tab open, we need one more thing.

Step 7. Copy Client ID.

  1. In the Azure portal, open the Overview tab of your app registration
  2. Copy the value for,
  3. Now go back to Power Pages and paste this ID into the Client ID field.

Client ID field

That’s it! You’ve now successfully linked your Azure app registration with your Power Pages website. Microsoft login should now start working — as long as your Issuer URL and permissions are also correctly configured (we’ll cover those next).

Power Pages website

(Optional) Change to the Audience Type Based on Your Users

By default, the Azure app registration created for your Power Pages site is limited to users within your own organization (your Azure AD tenant). That works fine if you're building an internal company portal or intranet.

But if you're building a site for external users, like,

  1. A B2B portal for partner companies
  2. A public-facing site where anyone with a Microsoft account should log in

Then you’ll need to change the audience type in the app registration.

Step 8. Allow Other Work/School (B2B) Accounts.

To let users from other Azure AD tenants log in (B2B scenario)

  1. Go to your app registration in Azure
  2. Open the Authentication tab
  3. Look for the setting called Supported account types
  4. Select.

Accounts in any organizational directory (Multitenant)

Click Save.

Step 9. (Optional) Allow Personal Microsoft Accounts (B2C/Public)

If you also want to allow personal Microsoft accounts (like @outlook.com, @hotmail.com, etc.), useful for public-facing portals, then there's one more step.

Azure doesn’t allow this through the UI directly. You need to edit the Manifest.

  1. In the app registration, go to Manifest (left panel)
  2. Find and update these two properties.

"accessTokenAcceptedVersion": 2,

"signInAudience": "AzureADandPersonalMicrosoftAccount"

Manifest

Demo

Click Save.

  • AccessTokenAcceptedVersion must be set to 2 for modern tokens
  • SignInAudience defines who can sign in

Summary

Use Case Setting
Internal company portal Default (Only users in this org)
B2B (partners or vendors) Accounts in any organizational directory
Public login (anyone with a Microsoft account) AzureADandPersonalMicrosoftAccount via Manifest

Make sure to pick the right option based on who your users are.

Step 10. Test It!

Now go to your Power Pages site and click on Sign in.

You should see the Microsoft login option. Try signing in with your organizational account.

If all goes well, you’re done!

Microsoft login

Click Microsoft,

Click Microsoft

Click Register using a Microsoft account.

Microsoft account

Some Real-Life Tips from My Side

  • Client Secret Rotation: Set a reminder to rotate the client secret before it expires. Better safe than sorry.
  • Multiple Tenants: If users are from different tenants, you may want to use a multi-tenant app instead.
  • Custom Login UI: If you want to rename the Microsoft button or reorder it, you can customize it from the portal UI settings.
  • Dataverse Contact Creation: Power Pages creates a contact record for every external user. Make sure appropriate web roles are configured.

Conclusion

That’s it, folks! I hope this article helps you set up Microsoft login for your Power Pages site smoothly. I’ve done this setup multiple times in client projects, and once you get the hang of it, it hardly takes 15 minutes.

If you face any issues or need help, feel free to comment or connect with me. Let’s grow together.

Thank You!

If you find this useful, please like and share. I’ll keep posting such practical Power Platform guides for the community

Membership not found