Well it's been a while. Hope you are well!!
I've been dabbling with Power App Portals and B2C authentication recently and thought I would share my findings to help someone else implement this authentication method.
Why use a Portal?
Power Apps Portals are one of the three Power Apps, the others being Canvas Apps and Model-Driven apps. Portals allow external users to get access to your Microsoft 365 tenant to get access to our Dataverse data in an authenticated manner by using Table Permissions and Web Roles to achieve that goal.
In another post I will talk about Table Permissions and Web Roles but for now we will stick to authentication.
Why authentication?
Authentication is really important for securing access to Power App Portals. It is the way to limit access and ensure users signing up are authenticated against a credible source and are then verified to interact with your Dataverse data.
There are various types of authentication methods. You can use various social media channels such as Facebook, Twitter and LinkedIn but when you want to authenticate a customer or a customer inside a business then Azure AD or Azure AD B2C authentication should be the preferred methods.
What's the difference?
As Microsoft explain on their docs website here, "Azure AD B2C is a separate service from Azure Active Directory (Azure AD). It is built on the same technology as Azure AD but for a different purpose. It allows businesses to build customer facing applications, and then allow anyone to sign up into those applications with no restrictions on user account."
In other words, Azure AD authentication will create a guest record inside your Microsoft 365 tenant, whereas Azure B2C will provide a service to authenticate a user.
Implementing Azure B2C
First of all you need to ensure that inside your Azure subscription you have registered Microsoft.AzureActiveDirectory as a resource provider inside https://portal.azure.com.
Go to https://portal.azure.com, log in and go to your subscriptions. Once inside the subscription, click Resource Providers, inside the Settings section.
Then search for "active" and if Microsoft.AzureActiveDirectory is not registered, highlight the resource and then click Register:
Wahoo, registered, let's continue:
Once a Portal has been spun up, Microsoft have created a way to create and configure Azure B2C authentication right from the Power Apps studio by using a wizard.
This feature is in preview mode so you'll need to browse to https://make.preview.powerapps.com, once there find your Portal click the three dots and click settings, then click Authentication Settings:
In here, you're able to select and configure the Authentication type you want to configure, lets click Configure next to Azure Active Directory B2C:
For the first screen we can just click next:
Next, we select the option New Azure B2C tenant, choose our Azure subscription, resource group and initial domain name:
Click Next.
The Azure B2C tenant will start provisioning:
This can take a few minutes so go and make a cup of tea. Go on you deserve it !
After this has completed, click next on the "Register your Portal as an application".
On the Configure user flows section, you can leave these settings as is. The will create user flows/policies for Sign Up/sign In and Password reset:
Once this step has finished close the dialog and then open up your portal website.
Click on Sign In (this is a screenshot from my starter portal), then click the Azure AD B2C button
Next, click on signup:
Enter your email address on the signup page, and then click on "Send verification code". Check the email account you signed up with enter the verification code that is sent to you and you will then get access to the portal as an Azure B2C authenticated user.