Configure a WS-Federation provider for portals with Azure AD
In this article, you'll learn about configuring a WS-Federation provider for portals by using Azure Active Directory (Azure AD).
Note
- The portals feature isn't limited to only Azure AD, multitenant Azure AD, or Azure AD B2C as the WS-Federation providers. You can use any other provider that conforms to the WS-Federation specification. Changes to the authentication settings might take a few minutes to be reflected on the portal. Restart the portal by using portal actions if you want the changes to be reflected immediately.
To configure Azure AD as the WS-Federation provider
Select Add provider for your portal.
For Login provider, select Other.
For Protocol, select WS-Federation.
Enter a provider name.

Select Next.
In this step, you create the application and configure the settings with your identity provider.

Note
- The Reply URL is used by the app to redirect users to the portal after the authentication succeeds. If your portal uses a custom domain name, you might have a different URL than the one provided here.
- More details about creating the app registration on the Azure portal are available in Quickstart: Register an application with the Microsoft identity platform.
Sign in to the Azure portal.
Search for and select Azure Active Directory.
Under Manage, select App registrations.
Select New registration.

Enter a name.
If necessary, select a different Supported account type. More information: Supported account types
Under Redirect URI, select Web (if it isn't already selected).
Enter the Reply URL for your portal in the Redirect URI text box.
Example:https://contoso-portal.powerappsportals.com/signin-wsfederation_1Note
If you're using the default portal URL, copy and paste the Reply URL as shown in the Create and configure WS-Federation provider settings section on the Configure identity provider screen (step 6 above). If you're using a custom domain name for the portal, enter the custom URL. Be sure to use this value when you configure the Assertion consumer service URL in your portal settings while configuring the WS-Federation provider.
For example, if you enter the Reply URL in Azure portal ashttps://contoso-portal.powerappsportals.com/signin-wsfederation_1, you must use it as-is for the WS-Federation configuration in portals.
Select Register.
Select Expose an API.
For Application ID URI, select Set.

Enter the portal URL as the App ID URI.

Note
The portal URL might be different if you're using a custom domain name.
Select Save.

Keep the Azure portal open, and switch to the WS-Federation configuration for Power Apps portals for the next steps.
In this step, you enter the site settings for the portal configuration.

Tip
If you closed the browser window after configuring the app registration in the earlier step, sign in to the Azure portal again and go to the app that you registered.
Metadata address: To configure the metadata address, do the following:
Select Overview in the Azure portal.
Select Endpoints.

Copy the URL for Federation metadata document.

Paste the copied document URL as the Metadata address for portals.
Authentication type: To configure the authentication type, do the following:
Copy and paste the Metadata address configured earlier in a new browser window.
Copy the value of
entityIDtag from the URL document.
Paste the copied value of
entityIDas the Authentication type.
Example:https://sts.windows.net/7e6ea6c7-a751-4b0d-bbb0-8cf17fe85dbb/
Service provider realm: Enter the portal URL as the service provider realm.
Example:https://contoso-portal.powerappsportals.comNote
The portal URL might be different if you're using a custom domain name.
Assertion consumer service URL: Enter the Reply URL for your portal in the Assertion consumer service URL text box.
Example:https://contoso-portal.powerappsportals.com/signin-saml_1
Note
If you're using the default portal URL, you can copy and paste the Reply URL as shown in the Create and configure WS-Federation provider settings step. If you're using a custom domain name, enter the URL manually. Be sure that the value you enter here is exactly the same as the value you entered as the Redirect URI in the Azure portal earlier.
Select Confirm.

Select Close.
See also
Configure a WS-Federation provider for portals
Configure a WS-Federation provider for portals with AD FS