Set up site authentication
Deciding how and whether users must authenticate when they visit is a core customization in any Power Pages site. If you enforce authentication, users authenticate through an identity provider.
Power Pages includes several built-in OAuth 2.0 identity providers, so users can authenticate on your site with a Microsoft, LinkedIn, Facebook, Google, or Twitter account. Your website can have only one instance of an OAuth 2.0 identity provider at a time.
You can add SAML 2.0, OpenID Connect, and WS Federation identity providers if you need them.
Power Pages makes it easy for makers and admins to set up user authentication. After you select an identity provider, prompts in the app guide you through the remaining settings.
To set up user authentication for your site:
Note
Changes to your site's authentication settings might take a few minutes to be reflected on the site. To see the changes immediately, restart the site in the admin center.
Select general authentication settings
Some authentication settings don't depend on the identity provider you choose. They apply to your website's authentication method generally.
Sign in to Power Pages.
Create a site or edit an existing site.
In the left side panel, select Security.
Under Manage, select Identity providers.
Select Authentication settings.
Select the general authentication settings you need, and then select Save.
Next, enter the specific settings for your identity provider.
General settings
Select the following general authentication settings:
External login: External authentication is provided by the ASP.NET Identity API. Third-party identity providers handle account credentials and password management.
- On: To sign up for access, users select an external identity to register with the website. After it's registered, an external identity has access to the same features as a local account. Learn how to manage external accounts.
- Off: Users can't register or sign in with an external account.
Open registration: Controls the sign-up, or new user account registration, form for creating a local user.
- On: The sign-up form allows any anonymous user to visit the website and create a user account.
- Off: The sign-up form is disabled and hidden.
Require unique email: Specifies whether users need to provide a unique email address when they sign up.
- On: A sign-up attempt might fail if a user provides an email address that already exists in a contact record.
- Off: A new user can sign up with a duplicated email address.
Set up specific identity providers
The specific identity provider you plan to use has its own settings that you need to enter.
Note
If you use or add a custom domain name or change your site's base URL, you must set up your identity provider to use the correct reply URL.
In your Power Pages site, select Security > Identity providers.
The list shows all the identity providers that are available to use.
To set up an identity provider that appears in the list, select Configure.
If the provider you want to use isn't listed, add it.
Leave the provider name as it is or change it if you like.
The provider name is the text on the button that users see when they select their identity provider on the sign-in page.
Select Next.
For the remaining steps, find the provider in the common identity providers table, and then select the documentation link.
Add an identity provider
If the identity provider you want to use doesn't appear in the list, you can add it.
In your Power Pages site, select Security > Identity providers.
Select + New provider.
In the Select login provider list, select Other.
In the Protocol list, select the authentication protocol the provider uses.
Enter the provider name as it should appear on your site's sign-in page.
Select Next.
For the remaining steps, select Learn more on the configuration page to open the appropriate documentation link:
Select Confirm.
Edit an identity provider
In your Power Pages site, select Security > Identity providers.
To the right of the identity provider name, select More Commands (…) > Edit configuration.
Change the settings in accordance with the documentation for the provider:
Select Save.
Note
You can't change the configuration of the Local sign in and Microsoft Entra providers here. Use the site settings instead.
Delete an identity provider
When you delete an identity provider, only its configuration is deleted. The provider is still available for use in the future with a new configuration. For example, if you delete the LinkedIn identity provider, your LinkedIn app and app configuration remain intact. Similarly, if you delete an Azure AD B2C provider, only the configuration is deleted; the Azure tenant configuration for this provider doesn't change.
In your Power Pages site, select Security > Identity providers.
To the right of the identity provider name, select More Commands (…) > Delete.
Set a default identity provider
You can set any configured identity provider as the default. When an identity provider is set as the default, users who sign in to the website aren't redirected to the sign-in page. Instead, they sign in using the selected provider.
You can only set a configured identity provider as the default.
Important
If you set an identity provider as the default, users can't choose any other identity provider.
In your Power Pages site, select Security > Identity providers.
To the right of the identity provider name, select More Commands (…) > Set as default.
To remove the default and allow users to select a configured identity provider when they sign in, select Remove as default.
Prevent the "Trouble signing you in" error if you recreate your site
If you delete and recreate your Power Pages site, users might receive the following error when they try to sign in:
Sorry, but we're having trouble signing you in.
AADSTS700016: Application with identifier '<your site URL>' was not found in the directory 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant.
Make sure you configure the identity provider correctly after recreating your site.