Setting Up Authentication and Security in Power Pages

Power Apps Pages, part of the Microsoft Power Platform, allows you to create responsive web applications that can be accessed by both internal and external users. Setting up authentication and security is crucial to ensure that only authorized users can access your application and its data. In this blog, we’ll walk you through the steps to set up authentication and security in Power Apps Pages.

In this blog, we’ll cover the essentials of setting up security in Power Pages.

Step 1: Configure Authentication

• Go to the Power Apps Admin Center.
• Select the environment where your Power Apps Pages are located.

Click on Power Pages sites and then select your portal.

There is another way of authenticating your Power Pages

Set Up Identity Providers using Azure

For Azure AD:

1. Select Azure Active Directory.
2. Enter the required details such as Client ID, Client Secret, Tenant ID, and Issuer URL. These details can be obtained from the Azure portal by registering a new application.
3. Save the changes.

Enable Authentication

1. Ensure that authentication is enabled for the portal.
2. This can be done under the Authentication Settings where you can toggle the authentication status to Enabled.

Step 2: Setting Up Security

Start by navigating to Power Pages Studio. Choose the site where you want to set up authentication.

Click the ellipses (three dots) next to the Preview button and select ‘Power Pages Management’ in Power Pages Studio.

This will take you to the Power Pages Management interface where you can make various administrative changes.

Select the ellipses and click Web Roles

Click on New to create a new web role. Name the role , in this case, (‘FreeSpirit Global Admin’) and save it.

Web Page Access Control Rule in Power Pages is a security feature that defines which users or roles can access specific web pages on a site. This rule ensures that only authorized users can view or interact with restricted content, protecting sensitive data and maintaining site security.

Add Web Roles to the Web Page Access Control Rule

Step 3: Configure Page Security

Navigating Page Settings in Power Pages Studio

Go to Power Pages Studio -> Select the ellipses and Page Settings -> Go to Permissions and add the Role of the viewer

Securing Power Pages using Power Pages Management

Assigning Web Roles to Contact. Make sure the Form is set to Portal Contact.

Select Web Roles from the Related drop-down

Add Existing Web Role or create a new one if you want

Table Permissions using Power Pages Management

1. Navigate to Security > Table Permissions.
2. Click on New to create a new table permission.

1. Specify the table (entity) and the permission type (Read, Write, etc.).
2. Assign the permission to a web role.
3. Secure Individual Pages

   • In the Portals Management App, navigate to Web Pages.
   • Select the page you want to secure.
   • Under the Permissions tab, add the web role that should have access to this page.

Step 4: Additional Security Settings

1. Set Up Multi-Factor Authentication (MFA)

   • For added security, configure MFA in your Azure AD.
   • Go to the Azure AD portal.
   • Navigate to Security > Multi-Factor Authentication and follow the setup instructions.

2. Configure IP Restrictions

   • You can restrict access to your Power Apps Pages based on IP addresses.
   • In the Portals Admin Center, navigate to Site Settings.
   • Add new site settings for IP restrictions and specify the allowed IP addresses.

3. Review and Monitor Security Logs

   • Regularly review security logs for any suspicious activity.
   • In the Azure AD portal, navigate to Monitoring > Sign-ins to review sign-in activity.

Conclusion

Setting up authentication and security in Power Apps Pages ensures that your application and its data are protected from unauthorized access. By configuring identity providers, creating security roles, setting up appropriate permissions, and implementing additional security measures like MFA and IP restrictions, you can manage who accesses your portal and what they can do within it. Follow these steps to create a secure and robust Power Apps Page for your users.

By following this guide, you can ensure your Power Apps Pages are secure and provide a seamless experience for your users.

Happy Building!

We hope you found this blog useful, and if you would like to discuss anything, you can reach out to us at transform@cloudfonts.com.