In the article we looked at aspects of Portal Authentication in the following section explains use of third-party identity providers for Portal Authentication.

External authentication using third-party identity providers use OAuth 2.0 protocol to grant access. First we briefly look at underlying concepts of OAuth 2.0.

OAuth 2.0 is a protocol that provides a user with limited access to resources on site. Access Tokens in string format hold the permissions granted to a user to access the resource.  The access tokens are generated in JSON Web Token (JWT) format the three parts of JWT include:

• Header: Containing metadata about token and cryptographic algorithm
• Payload: Set of claims, expiration time
• Signature: Used for token validation

More information about OAuth 2.0 can be obtained from  here. In the context of Dynamics 365 CE portals (power apps portals) the supported Identity Providers (IDP’s) that use OAuth 2.0 are listed here

For demonstration the portal url that will be used is https://spaceflight.powerappsportals.com this is portal provisioned on Dynamics 365 CE Instance.

Consider we want to use Google as third-party identity provider the high level the steps are:

• Register application
• Obtain “Client ID” and “Client Secret” pair after registration
• Configure Client ID and Client Secret in portal site settings to establish secure connection

Registering Application

Logon on GoogleDeveloperConsole here and create a new project

Once the project is successfully created click on “Create Credentials” and choose OAuth client ID as we require “Client ID” & “Client Secret” that are to be used in portal settings

You will be prompted to set a product name on consent screen

In the OAuth consent screen enter the application details

After OAuth consent details are set (this step is kind of similar to what one would do while setting up ADFS Relying Party Trust) select Application Type > Web application

At this stage Client ID and Client Secret will be generated

The above two can always be retrieved from:

There is an option to download the settings as a JSON file.

After the preceding steps above we have essentially set up our portal as a Relying Party and got a reference to Client ID and Client Secret that OAuth 2.0 generates and these now need to be referenced in Portal settings.

The existing OAuth 2.0 providers will be listed as per below

For Google to be used as identity provider add the following OpenIdConnect settings more information can be found here

As a final step Restart the portal from PowerApps Portals admin center

 

Once restart is complete accessing the portal should display Google as the external identity provider

In the next article we will register a external user and login into portal using Google as identity provider.