Portal Authentication Design for Power Apps Portal

Correct Answers: B, D and E

By default, anybody can use the Power Apps portal as an unauthenticated user.

However, if users want to register for the portal login, there are two methods: Local authentication - creates a local identity with a username and password stored in a Dataverse database internally.

External authentication - uses credentials of the third-party identity providers, like OAuth2 (Microsoft, Twitter, Facebook, Google, etc.), OpenID (Azure AD, Azure AD B2C), and WS-Federation and SAML 2.0 (AD on-premises).

Option B is correct because a portal creates a contact record in the Dataverse database for each authenticated user.

Option D is correct because a portal assigns a web role to each authenticated user.

The role defines a user's access to portal resources.

Option E is correct because a portal administrator can enable/disable Identity providers and set them as default on the portal's Authentication Settings panel.

On the same panel, you can add a new provider.

Option A is incorrect because portal users must have a unique email address for each portal account.

Users cannot reuse an email address.

Option C is incorrect because users do not require an invitation code for portal sign-up if open registration is enabled.

Option F is incorrect because the Facebook provider uses OAuth2 but not OpenID protocol.

For more information about Power Apps portal authentication, please visit the below URLs:

Sure, I'd be happy to help! Here are the correct statements about portal authentication for the Power Apps portal:

A. Portal users can have several logins with the same email address

• This statement is true. Portal users can have multiple logins with the same email address, and each login can have different security roles or web roles assigned to it. This allows for greater flexibility in managing user access to portal content and functionality.

B. Each authenticated portal user has a contact record in the Dataverse database

• This statement is also true. When a user logs into the portal, their identity is authenticated through Dataverse, and a contact record is created for them in the database. This contact record is used to store information about the user, such as their name, email address, and any other relevant details.

C. If open registration is enabled, users must provide an invitation code for portal sign-up

• This statement is false. If open registration is enabled, users can sign up for the portal without requiring an invitation code. Open registration allows anyone to create an account and access the portal's content and functionality.

D. Each registered portal user must have an assigned web role

• This statement is true. Web roles are used to control what portal content and functionality each user can access. When a user registers for the portal, they are assigned a default web role. The portal admin can then assign additional web roles to the user as needed to grant them access to specific features or content.

E. Portal admin can set a default identity provider on the Authentication Settings panel

• This statement is true. The Authentication Settings panel allows the portal admin to configure various authentication options, including setting a default identity provider. The default identity provider determines how users authenticate when they log into the portal.

F. Facebook authentication provider uses OpenId protocol.

• This statement is also true. The Facebook authentication provider uses the OpenID Connect protocol, which allows users to authenticate with their Facebook credentials. OpenID Connect is a widely used authentication protocol that provides a secure and standardized way for users to authenticate with web applications and services.

I hope this helps clarify the correct statements about portal authentication for the Power Apps portal!