How to Configure Azure AD B2C Authentication in Power Pages

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello everyone welcome to another video in this video we will discuss an important Concept in power Pages you know that in power Pages Microsoft has deprecated the local signin option or local login option that's why we have to it is recommended that we have to configure Azure Ed b2c authentication so this this is the power page right now here if you see click on signin button it will navigate to the authentication page here you can see registration and signin option this is called as locan signin also it is providing Azure ID so that you can the active directory users can use this for authentication but it's because the local authentication is deprecated it is very important to configure Azure Ed p2c configuration so go to authentication and identity provider here you can verify local signin uh enabled as your active directory enabled but as your active directory b2c is not enabled and you can configure so click on configure select the login provider as a your active directory b2c and give a name of the provider here I want to give a name Azure active directory b2c authentication which will display the name of the button on the screen so click on next and here you have to keep the reply URL noted in in your notepad this URL is required for the configuration so keep keep this as a note and then in the next step we need to configure the side setting we need Authority client ID other things so sign in to your Azure portal by using portal. azure.com and create a an Azure active directory B Toc tenant you need to have that tenant with you so that you can configure it okay so so once it is logged in make sure that you are in the default directory so click on the settings and you see which directory is current so default directory is not current so make the default directory Edge current so that you can create a b2c tenant so when you change directory it will ask for authentication using some o code so you can login and once it is logged in you can uh use you can create a Azure ad b2c 10 so use the secret code and login now I I have just logged in Microsoft Azure portal using my credential right and I am in the default directory here I want to create a new resource while creating new resource just search Azure ad b2c when you search Azure ad b2c it will display option some options matching keyword but click on the Azure service only which will display the Azure active directory b2c now click on create once you click on create it will ask you two questions do you want to create a new Azure ad b2c tenant or link an existing Azure active directory b2c so click on create a new one because we want to create a new tenant give an organization name here let's say I want to give an organization name here that subchief a AJ uh b2c uh tenant or you can give any name of your choice which represents an organization name so let's say subchief AJ uh sub asure b2c tenant and you have to provide a domain name because whenever you provide a domain name it should validate uh if it is already available or not you see it is telling that it is already in use so you have to change this domain name and choose a resource a group as because you have not changed the configuration domain name because it is already taken by someone the creation of the tenant is failed right so Define a unique domain name which will be created for you now click on review and create now validation is passed click on create which will take some couple of minutes to create the Azure ad b2c tenant this Azure B2 Azure ad b2c tenant is used to store the credentials of portal users or power page users now once it is created click on this link to go to the Azure b2c tenant and here we need to configure an app so using App registration you have to create an app and that app will be used for our integration or authentication setup now you can double check here if your current azure b2c tenant is selected as current directory or not now we are in the Aur b2c tenant and go to app registration and create new registration we want to create a new registration app registration give a name here let's say I want to give a name AJ b2c and login app right so this login app a to uh Azure b2c login app is the application name and choose the last option accounts in any identity provider organizational directory and in the redirect URL choose web as option and Define this reply URL in the text box so this here you need to use the redirect URL that is copied from the power portal or power page now click on register once you click on register the app will be registered and at this moment you have to note the client ID or app ID application ID because this application ID is required for the configuration so go to your notepad and store it all informations are configurable and you have to keep a note so once it is done you can navigate to the authentication and enable to check boxes one is access tokens and another is ID tokens this token should be enabled because whenever the integration will be done authentication configuration is done the token will be passed to the reply URL the next step is you have to navigate to the uh Azure Azure ad b2c tenant and create a user flow so go to the uh tenant and navigate to the user flow and create a user flow in the policy okay now we have already done the app registration so next step is user FL so click on the user flow and add a new user flow this user flow will help you how your user credentials or informations are flow flowing here so click on sign up sign up and sign in because I want to leverage sign up and sign up sign in both use recommended option and click on create once you click on create it will ask you to provide a unique string to be to identify the pro in the request so let's say I want to use loog Lo flow so note this b2c _ oneor login flow this will be my user flow name for identification purpose then in the identity provider you can choose email sign up because we want email sign up you can also use other methods like SMS sign up phone call sign up right but for us I want to use email sign up next you have to Define some user attributes what information you want to capture let's say I want to capture for registration registration purposes I want to capture email address display name and uh I I want to use country also if I want I can use country or you can skip it so only use minimum information so that uh it will be better for sign up purposes now once it is done click okay and you can use surname also if you want to ask surname and first name as a given name and also you can use whether the information that is captured should be also passed as a um a return claim this is the collect collect collect attribute but in the return return flow also return uh uh return option also you can choose in the return return claim okay so once the user flow is created the next information is you have to create you have to enable or update a property in the flow so go to the property and in the property you have to scroll down and go to the Token compatibility setting and select the second option which display the v2.0 with our flow name login flow name so save save this after choosing this now we have to repeat this process for another user flow if you want to enable password reset option okay so for password reset option you have to enable and here you have to note some information if you click on run user flow you'll find a link there in the right side and click on that link which will open this option copy this issuer value which is again required for authentication setup so note it the issuer uh URL which is required for us okay and once it is done you have not not noted down you have to repeat this step for other uh flow if you want to Define some reset password reset flow or other flow you can create new user flow let me create a new user flow for password reset also you can do for profile editing and other options so let me use password reset for another flow and repeat the same step use recommended version and do the same process to define the name of the user flow to identify so let me give here password reset b2c 1or password reset and note the name here and once it is noted down you can also select reset password using email address you have to repeat the step whatever we have done for login and uh sign up you have to define the attributes here and click on create right so once it is done you have to again copy the issu URL for password reset and set the property version two which contains our flow name so this is the flow name and save it and run the flow run the user flow to copy the US ISS URL so click on the Run user flow and copy the URL otherwise you can copy later also so come to the power Pages now and in the authority in the second option configure side setting use the uh issuer URL of uh login uh flow that we have created login user flow so Authority will contain the issuer URL client ID is the application ID that has been copied you can copy paste the value and redirect URL is automatically mentioned by the power page and in the password reset setting you have to Define some default policy ID and uh password policy ID you can use the same name here we have copied the flow name okay which defines an ID to identify and in the valid issue you can copy the issuer from the uh run userflow option from the Azure ad b2c user flow for password reset now you can copy the ISS URL as we have done the same thing for sign up and uh login information this is for password reset you can copy and paste here now it's done we can click on Create and once the configuration is configuration is done we have to restart the website or power page website so click on close and once it is done we will navigate once it is saved uh we can navigate to the admin admin Center to reset or restart the uh Power page website okay so let us navigate to the uh admin Center okay so let us go to the uh side setting and in the side setting if you scroll down you'll find admin Center click on the open admin Center and the admin Center you will find a site action and the site action you have to uh click the site action and restart the service you validate that what is the website name you can restart the site which will take couple of seconds to to restart the website completely uh in the meantime when it is restarting your web page or your url will be not accessible because the service will be stopped for some seconds it will take at least 30 second to 1 minute to restart your we web application or power page if you click on sign in you will see the service unavailable because it is in a restarting mode so it will completely restart your uh uh restart your app application and it will once it is restarted it will load the page and in the signin option it will display another authentication button called as Azure Ed b2c authentication and when you click that button it will directly navigate to the aure active directory portal for sign up process and sign in process okay for login information also so let us wait for some seconds the service will be restarted okay so restart this restart of this site is mandatory because once you do some authentication changes or configuration restart is very much required so you can again click preview to load the fresh power page website it will take some couple of seconds it is not it will not take uh you know uh maximum minutes it will take some couple of seconds to uh restart so let me Let me refresh again manually and see what happens now you see guys now it is loaded successfully and click on sign in if you click on sign in you will see a new button called as Azure Ed b2c authentication okay now if you click this it will directly navigate to uh the Azure portal for authentication purposes I can also set the signin option Azure active directory b2c authentication as default authentication by using authentication option so let me go here and click on identity provider and set the Azure active directory b2c authentication as default signin so that when someone click the signin button it will navigate directly to the uh b2c tenant for credential capture no it will not display the local signin or it will not display the Ure active directory because we have set that as default now let me click the signin button and see what happens now now this time as because I have set that option as default as your b2c authentication if you click sign in button it will not open this page with which contains the local signin option rather it will directly navigate to the Azure b2c portal for sign up process so let us click the signin menu and see what happens now the magic will happen if you click the sign in it will directly navigate to the aure b2c tenant application application flow to capture the information right you see guys now this is the sign in signin option here if you want to create new click on sign up now if a portal user wants to register they can create uh click this sign up option and provide their email ID and click on send valid verification code because every email ID must be verified by the user portal user now the verification code will be sent to the email ID you have mentioned here and you can refresh if it is not received immediately okay now this is the account received this is the OTP now I can copy this code here and using the verification code and verify the code now once it is done you can provide a new new uh password for the user okay when you create a new uh user you are trying to create your register yourself you have to provide your email ID and password and the user attributes like display name given name display name what what it will display given name means the first name and uh surname is the last name so you can provide information here once it is done and click on create the new user will be created in the system in the contact entity right so in the contact entity our portal users are stored in contact entity right that's why it will create a record in the contact entity you see guys here one thing here it is telling that the email field is required why because you have entered an email ID in the a b2c tenant user flow which is already exist right so here you have to provide email address which is not already available in contact entity that's why it is telling that the email ID is already taken so let me change the email ID by adding one and click on register once you click on register it will create a a contact record in the data verse with all the information that we have captured in the b2c tenant user flow now the user is logged in okay and once it is logged in the user is called as authenticated user if a user is not logged in that user is called as Anonymous user now in the profile page the user can update his name first name last name and other details and update the information so that the value will be updated in the contact entity so this is so when you use local authentication also this information are captured and authentication stored in contact entity but using Azure ad b2c tenant the credentials are stored in the tenant in Azure portal which is very safe to manage the users uh flow using their signup process password reate and uh login process also right now it is updated the user is logged in at any time the user can sign in and the user can do password reset also okay so we can test if if you sign out and try to sign in also you can do that you can test the sign in process also after you sign in sign out you can also do that you can verify if the record is created in the contact entity or not if you go to the app and open the power page management or app or you can navigate to the portal management app from your power page using setup option or the three dots click on power page management here you can navigate to the uh you can navigate to the contact entity to check if the user uh that is just registered is created in contact entity or not because contact entity record creation is very important because the authorization runs under contact entity so I have changed the contact entity display name as patient so here I can search all contacts and I can see the user whose name is Rocky Roy is created with all information now I can run authorization right so as your ad b2c authentication is required to store the information or handle the user registration and login process using a using a separate Azure active directory b2c server no need to store the local information or credentials in our data okay so this is recommended you can also use sign up signin process using the same email ID and password that you have given last time right so if you click on sign on sign in it will automatically login so that's what all about this uh video I hope you can configure for your power page thank you everyone see you next time bye

Info

Channel: Softchief Learn

Views: 985

Rating: undefined out of 5

Keywords: azure ad b2c authentication power pages, azure b2c power page, power page localsign in deprecated, power pages authentication

Id: 3RYxiJeXjRA

Channel Id: undefined

Length: 22min 44sec (1364 seconds)

Published: Wed Oct 25 2023