Configure the Azure Active Directory B2C provider (using interface in preview)
[This article is pre-release documentation and is subject to change.]
Azure Active Directory (Azure AD) powers Microsoft 365 and Dynamics 365 services for employee or internal authentication. Azure Active Directory B2C (Azure AD B2C) is an extension to this authentication model that enables external customers to sign in through local credentials and federation with various common social identity providers.
A portal owner can configure the portal Azure AD B2C as an identity provider. Azure AD B2C supports Open ID Connect for federation.
This article describes how to configure Azure AD B2C as the identity provider automatically by using a feature in preview. Using these steps, you can create a new Azure AD B2C tenant, register applications, and configure user flows from within Power Apps portals. If you want to configure the Azure AD B2C provider manually using the generally available interface, go to Configure the Azure AD B2C provider manually.
Follow these steps to configure Azure AD B2C as the OpenID Connect provider.
- This is a preview feature.
- Preview features aren’t meant for production use and may have restricted functionality. These features are available before an official release so that customers can get early access and provide feedback.
Step 1. Select the provider
Go to Power Apps preview.
On the left pane, select Apps.
Select your portal from the list of available apps.
On the command bar, select Settings.
Select More Commands (...), and then select Settings.
In Portal settings on the right side of your workspace, select Authentication Settings.
For Azure Active Directory B2C, select Configure.
If necessary, update the Provider name.
Step 2. Select a tenant
In this step, you select an existing Azure AD B2C tenant or create a new one.
Option 1. Existing Azure AD B2C tenant
Select this option if you already have an existing Azure AD B2C tenant. Other details such as the initial domain name, country/region, and location will be automatically updated.
Ensure that the account you use to sign in to Power Apps has access to the Azure AD tenant that you want to use for configuring Azure AD B2C authentication. For information about adding different types of user accounts to an Azure AD B2C tenant, go to Overview of user accounts in Azure Active Directory B2C.
Select Next to continue.
Option 2. New Azure AD B2C tenant
Select this option to create a new Azure AD B2C tenant.
- Ensure that the account you use to sign in to Power Apps has been assigned at least the Contributor role for the subscription or for a resource group within the subscription.
- Ensure the Azure subscription has the Microsoft.AzureActiveDirectory resource provider registered. Otherwise, creating the new Azure AD B2C tenant will fail with this error:
Error occurred while creating Azure AD B2C tenant. The subscription is not registered to use namespace 'Microsoft.AzureActiveDirectory'. See https://aka.ms/rps-not-found for how to register subscriptions.More information: Resolve errors for resource provider registration in Azure
To create a new Azure AD B2C tenant
Select the Azure AD tenant or directory.
Select a subscription for the tenant, or—if you want to create a new subscription from the Azure portal—select Add subscription.
Select the resource group for the Azure AD B2C tenant.
Enter the initial domain name.
Select Country/Region for the tenant.
- You can't change the country/region after you create your directory.
- It's important that you select the correct country/region, because your choice determines the Datacenter location for your directory.
- Microsoft doesn't control the location from which you or your users can access or move directory data through apps or services. To see Microsoft's data location commitments for its services, see the Online Service Terms.
Step 3. Register the application
In this step, you register your portal as an application with Azure AD. You can create a new application or select an existing application from Azure AD.
If you're using a custom domain name for the portal, enter the custom URL as the Reply URL.
Option 1. Create a new application
Enter the application name.
Enter a Reply URL.
Option 2. Select an existing application
Select an existing application from the list.
Select the Reply URL.
Select Create new to create a new Reply URL.
Step 4. Configure user flows
In this step, you configure the Sign up and sign in and Password reset user flows. The Sign up and sign in user flow enables a user to create an account or sign in to their account. The Password reset flow enables a user to choose a new password after email verification. More information: User flow and policy in Azure AD B2C
- New policy: Select this option if you want to create a new policy. You can also change the default name of the policy. This option creates the flow by using the local account identity provider with the email address.
- Existing policy: Select this option if you want to select an existing policy from the Azure AD B2C tenant.
- Only the email claim is configured in these user flows. You can enable more claims—like first name and last name—in the flow's User attributes and Application claims configuration by using the Azure portal.
- If you enable more claims in addition to first name and last name, ensure that you edit the authentication provider and add them to the Registration claims mapping and Login claims mapping in Additional settings (this isn't required for first name and last name). More information: Step 6 - additional settings for Azure AD B2C provider configuration
Select Create to create the identity provider configuration.
Step 5. Summary
The Azure AD B2C provider configuration is complete. You can view the summary of the configuration, and then select Close to exit.
Edit the configuration
To edit the configuration, select Edit configuration for the Azure Active Directory B2C identity provider from the providers list. More information: Edit a provider
To delete the configuration, select Delete for the Azure Active Directory B2C identity provider from the providers list. More information: Delete a provider