Skip to main content
📋 Process

Power Pages External Identity:
The Complete Onboarding Process

Step-by-step: How to onboard new portal users with Entra External ID – minimal internal effort

By Tino Rabe, Microsoft Power Pages MVP • October 14, 2025 • 13 min read

Table of Contents

1. Introduction and Objectives

Objective

This documentation describes the process for onboarding new portal users in Power Pages[1] with external identity management (Entra External ID[2]). The focus is on the task distribution between internal business departments and external portal users.

Key Message

The internal business department performs activities exclusively in Dataverse[3]. All interaction with the external identity provider is completed entirely by the portal user themselves.

Internal Effort

2
Steps

Time Required

~1
Minute per user[4]

Systems (internal)

Dataverse
+ Power Pages

Entra External ID

No
Interaction

2. Role Distribution and Responsibilities

Internal Business Department (Dataverse)

Step Activity System
1 Create contact record[5] Dataverse
2 Initiate invitation[6] Power Pages

Note: No direct interaction with Entra External ID required.

External Portal User (Entra External ID)

Step Activity System
1 Open invitation link Email Client
2 Define password[7] Entra External ID
3 Activate account Entra External ID
4 Perform initial login[8] Power Pages

Note: Completely independent completion without internal support.

Important

The business department has no activities in the external identity provider.

3. Detailed Process: Internal Business Department

1
Create Contact Record
Required Data:
  • • Email address (required, unique)
  • • First name (required)
  • • Last name (required)
  • • Status: Active
System:

Microsoft Dataverse (Model-Driven App[9] or Power Pages Admin[10])

Time Required:

Approx. 30 seconds[4]

2
Initiate Invitation
Process:

The invitation function is triggered via Power Pages Admin for the created contact.[6] The system automatically generates a unique redemption code and sends an email to the registered email address.

System Process:

Power Pages creates an invitation record in Dataverse and sends a preconfigured email template.[11]

Time Required:

Approx. 5 seconds (button click)[4]

Completion of Internal Activities

After completing these two steps, all business department activities are finished. Further process steps occur automatically or are performed by the portal user.

4. Detailed Process: Portal User (Independent)

Important

All following steps are completed independently by the portal user. The internal business department has no tasks in this process section.

1
Receive Invitation Email

The portal user automatically receives an email with a unique invitation link. Validity: Standard 7 days.[12]

2
Validate Redemption Code

By clicking the link, the portal user is redirected to Power Pages. The system validates the redemption code and redirects to Entra External ID upon successful validation.[13]

3
Register in Entra External ID

The portal user is redirected to the signup page of the external identity provider.[14] There, they enter and confirm a self-selected password and any additional profile data.

4
Account Activation

After successful registration, Entra External ID creates an active user account. The link to the Dataverse contact occurs via the email address.[15]

5
Authentication and Portal Access

After completing registration, the portal user is automatically redirected to the Power Pages portal and authenticated.[8] From this point, full portal access is available.

Result

The portal user is now fully registered and can independently log into the portal in the future with their credentials (email + password). Password management is handled exclusively through Entra External ID.[16]

5. System Architecture and Data Flow

Overview of System Components

Dataverse

  • Contact records[3]
  • Invitation records
  • Permission management[17]

Power Pages

  • Invitation management[6]
  • OAuth2/OIDC integration[18]
  • Portal frontend[1]

Entra External ID

  • Authentication[2]
  • User accounts
  • Password management[16]

Data Flow: User Onboarding

Business Dept
Dataverse

Create contact + initiate invitation

Power Pages
Email
Portal User

Send invitation link

Portal User
Entra External ID

Registration + authentication (completely independent)

Important Note

The integration between Power Pages and Entra External ID occurs via standardized OAuth2/OpenID Connect protocols.[18] The business department requires no knowledge of these technical details and has no activities in the external identity provider.

6. Frequently Asked Questions (FAQ)

Is interaction with Entra External ID required by the business department?
No. The business department performs activities exclusively in Dataverse and Power Pages Admin. All interaction with the external identity provider is completed independently by the portal user.
Does the business department need to manage or reset passwords?
No. Password management is handled entirely by Entra External ID.[16] Portal users can independently perform password resets. The business department has no access to passwords.
What is the validity period of an invitation?
Default validity: 7 days.[12] After expiration, the invitation can be resent (identical process as initial sending).
Is bulk creation of portal users possible?
Yes. Via Power Automate[19], contact records and invitations can be created automatically from lists (e.g., Excel, CSV). This significantly reduces manual effort for larger user groups.
How is a portal user deactivated?
The contact record in Dataverse is set to status "Inactive".[20] Authentication via Entra External ID is then no longer possible. Reactivation occurs by changing the status to "Active".
What happens if email delivery fails?
The invitation can be resent via the Power Pages Admin interface. Most common cause: spam filter at the recipient. The portal user should be instructed to check their spam folder.

7. Summary

Effort for Internal Business Department

Number of Steps

2

Time Required

~1
Minute[4]

Systems

Dataverse
+ Power Pages

Entra External ID

No
Interaction

Advantages of the Architecture

1
Minimal Internal Effort

Only two simple steps required per portal user

2
No Password Management

Completely outsourced to Entra External ID[16]

3
Self-Service for Portal Users

Registration and login completely independent[7]

4
Scalability

Bulk import via Power Automate possible for larger user groups[19]

Key Message

Onboarding new portal users requires the internal business department exclusively to create a contact record and initiate an invitation. All further process steps, especially all interaction with the external identity provider, are completed independently by the portal user. This results in minimal effort for the business department while maintaining high process scalability.

Questions About the Onboarding Process?

In a free 30-minute consultation, I'll show you how to optimally implement the process in your Power Pages environment.

Book Free Consultation Now
Tino Rabe

Tino Rabe

Microsoft Power Pages MVP

I help mid-sized companies build secure and GDPR-compliant customer portals with Microsoft Power Pages. My focus: Fast implementation, measurable ROI, no vendor lock-ins.

LinkedIn YouTube Email

Related Articles

Power Pages Costs & Licensing 2025

Complete overview of licensing models, prices, and TCO

Read article →

Power Pages License Value: What You Really Get

Skeptical about licensing costs? The honest value analysis

Read article →