This post explains how to configure Azure B2C for the PowerApps portal. This presupposes having an active Azure B2C tenant.
Steps to configure
Configure Azure AD B2C settings
Register a new App
- Sign-in the Azure B2C tenant
- From the left-hand side blade select Manage – App registrations – +New registration
Configure the registered App
1. Type a Name
2. Under Supported account types, select Accounts in any identity provider or organizational directory (for authenticating users with user flows)
3. In the Redirect URI field, type the Powerapps portal Reply URL, e.g. https://yourportalname.powerappsportals.com/signin-aad-b2c_1
4. Mark the Grant admin consent to openid and offline_access permissions checkbox.
5. Select Register.
Create a New user flow
1. Open the Azure AD B2C
2. From the left blade select Policies – User flows – + New user flow
3. On the next page “Create a user flow“, select the Sign up and sign in flow type.
4. Then, select the Recommended version and click Create.
5i. Type a Name for the user flow, e.g. Powerapps-Portal-Signup-Signin.
5ii. Under Identity providers, select Local accounts – Email signup *
* In case you have configured other identity providers like Microsoft, Google etc. You can select them.
6. For Multifactor authentication, leave the default settings, Type of method [Email] and MFA enforcement [Off]
7. Under the User attributes and token claims, select attributes and claims you want to collect during a new sign-up. For example, in the demo app, have selected the Given Name and the Surname.
8. At the final step, select Create.
Configure the User flow
Change the Token compatibility settings
1. Open the Sign up and sign in flow
2. From the left blade, select Settings – Properties and change the Issuer (iss) claim URL with the one that included tfp, and click Save.
3. Run user flow, and then click on the OpenID configuration URL to open a new tab on the browser.
4. Copy the Issuer URL from the browser.*
*Make sure to copy the URL without the quotation marks “”
At this point, you have finished with the registered app. What you need for the configuration is:
i. Application (client) ID
ii. Issuer URL
https://##########.b2clogin.com/tfp/########-####-####-####-############/b2c_1_powerapps-portal-signup-signin/v2.0/
iii. Redirect URL
Configure Portal Authentication settings
- Login to https://make.powerapps.com
Select Identity providers – Azure AD B2C and click Configure
Now, copy and paste the necessary values to the Site settings section.
Authority: => Issuer URL
Client ID: => Application (client) ID
Redirect URL: => Redirect URL