Set up site authentication

How—and even whether—users must authenticate when they visit is a core customization in any Power Pages site. If you choose to enforce authentication, users do so through an identity provider.

Power Pages comes with several OAuth 2.0 identity providers built-in, which means that users can authenticate on your site with a Microsoft, LinkedIn, Facebook, Google, or Twitter account. Your website can have only one instance of an OAuth 2.0 identity provider at a time.

You can add SAML 2.0, OpenID Connect, and WS Federation identity providers if you need them.

Power Pages makes it easy for both makers and admins to set up user authentication. After you select an identity provider, prompts in the app guide you through the remaining settings you need to enter.

To set up user authentication for your site:

1. Select general authentication settings.
2. Enter the settings for a specific identity provider.

Note

Changes to your site's authentication settings might take a few minutes to be reflected on the site. To see the changes immediately, restart the site in the admin center.

Select general authentication settings

Some authentication settings don't depend on the identity provider you choose. They apply to your website's authentication method generally.

1. Sign in to Power Pages.

2. Create a site or edit an existing site.

3. In the left side panel, select Set up.

4. Under Authentication, select Identity providers.

5. Select Authentication settings.

6. Select the general authentication settings you need, and then select Save.

Next, enter the specific settings for your identity provider.

General settings

Select the following general authentication settings:

• External login: External authentication is provided by the ASP.NET Identity API. Third-party identity providers handle account credentials and password management.

  • On: To sign up for access, users select an external identity to register with the website. After it's registered, an external identity has access to the same features as a local account does. Learn how to manage external accounts.
  • Off: Users can't register or sign in with an external account.

• Open registration: Controls the sign-up, or new user account registration, form for creating a local user.

  • On: The sign-up form allows any anonymous user to visit the website and create a user account.
  • Off: The sign-up form is disabled and hidden.

• Require unique email: Specifies whether users need to provide a unique email address when they sign up.

  • On: A sign-up attempt might fail if a user provides an email address that already exists in a contact record.
  • Off: A new user can sign up with a duplicated email address.

Set up specific identity providers

The specific identity provider you plan to use has its own settings that you need to enter.

Note

If you use or add a custom domain name or change your site's base URL, you must set up your identity provider to use the correct reply URL.

1. In your Power Pages site, select Set up > Identity providers.

   The list shows all the identity providers that are available to use.

   

2. To set up an identity provider that appears in the list, select More Commands (…) > Configure or select the provider name.

   If the provider you want to use isn't listed, add it.

3. Leave the provider name as it is or change it if you like.

   The provider name is the text on the button that users see when they select their identity provider on the sign-in page.

4. Select Next.

5. For the remaining steps, find the provider in the common identity providers table, and then select the documentation link.

Add an identity provider

If the identity provider you want to use doesn't appear in the list, you can add it.

1. In your Power Pages site, select Set up > Identity providers.

2. Select + New provider.

3. In the Select login provider list, select Other.

4. In the Protocol list, select the authentication protocol the provider uses.

5. Enter the provider name as it should appear on your site's sign-in page.

6. Select Next.

7. For the remaining steps, select Learn more on the configuration page to open the appropriate documentation link:

   • Configure an OpenID Connect provider
   • Configure a SAML 2.0 provider
   • Configure a WS-Federation provider

8. Select Confirm.

Edit an identity provider

1. In your Power Pages site, select Set up > Identity providers.

2. To the right of the identity provider name, select More Commands (…) > Edit configuration.

3. Change the settings in accordance with the documentation for the provider:

   • Set up an OAuth 2.0 provider
   • Set up an OpenID Connect provider
   • Set up a SAML 2.0 provider
   • Set up a WS-Federation provider

4. Select Confirm.

Note

You can't change the configuration of the Local sign in and Microsoft Entra providers here. Use the site settings instead.

Delete an identity provider

When you delete an identity provider, only its configuration is deleted. The provider is still available for use in the future with a new configuration. For example, if you delete the LinkedIn identity provider, your LinkedIn app and app configuration remain intact. Similarly, if you delete an Azure AD B2C provider, only the configuration is deleted; the Azure tenant configuration for this provider doesn't change.

1. In your Power Pages site, select Set up > Identity providers.

2. To the right of the identity provider name, select More Commands (…) > Delete.

Set a default identity provider

You can set any configured identity provider as the default. When an identity provider is set as the default, users who sign in to the website aren't redirected to the sign-in page. Instead, they sign in using the selected provider.

You can only set a configured identity provider as the default.

Important

If you set an identity provider as the default, users can't choose any other identity provider.

1. In your Power Pages site, select Set up > Identity providers.

2. To the right of the identity provider name, select More Commands (…) > Set as default.

To remove the default and allow users to select a configured identity provider when they sign in, select Remove as default.

Prevent the "Trouble signing you in" error if you recreate your site

If you delete and recreate your Power Pages site, users might receive the following error when they try to sign in:

Sorry, but we're having trouble signing you in. AADSTS700016: Application with identifier '<your site URL>' was not found in the directory 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant.

Be sure to configure your identity provider correctly after you recreate your site.