web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

Welcome to the Power Platform Communities
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Pages / Power Pages logout doe...
Power Pages
Suggested Answer

Power Pages logout does not force re-authentication with Microsoft Entra ID

(0) ShareShare
ReportReport
Posted on by CU23020029-0 Microsoft Employee

Hello,

I am implementing authentication in Power Pages using Microsoft Entra ID and have a question regarding the logout and re-login behavior.

Current behavior

The current login flow works as follows:

  1. User accesses the Power Pages site

  2. User clicks a custom login button created in Power Pages

  3. User selects Microsoft Entra ID as the login provider

  4. Microsoft account sign-in page is displayed

  5. User enters ID and password and clicks Sign in

  6. At the “Stay signed in?” prompt, the user selects No

  7. User is successfully logged in and redirected to the Power Pages home page

  8. User clicks the logout button on the site

  9. When the user clicks Microsoft Entra ID again to log in, the user is signed in immediately without seeing the Microsoft login page

If the browser cookies are manually cleared after step 8, the login flow behaves as expected and steps 4–7 are shown again.

Expected behavior

Our expected behavior is:

  • Even if the user does not manually clear browser cookies

  • When the user clicks the logout button in Power Pages

  • The next login attempt should always show the Microsoft account sign-in page (ID/password prompt)

Question

It seems that the Microsoft Entra ID SSO session or browser authentication cookies are still valid after logging out of Power Pages.

  • Is there a way to fully sign out from the Microsoft Entra ID session when logging out of Power Pages?

  • Or is there a configuration to force re-authentication and always show the login prompt on the next login?

Any guidance, recommended configuration, or best practices would be greatly appreciated.

Thank you.

Categories:
Power Apps portals
I have the same question (0)
  • Suggested answer
    Fubar Profile Picture
    Fubar 8,463 Super User 2026 Season 1 on at
    Believe if you turn on the "External logout" setting setting on the Entra Identity Provider setup in Power Pages that should force the user to re-login.
    You could also potentially look at the Nonce & Token/Session lifetime settings.
     
  • Suggested answer
    Inogic Profile Picture
    Inogic 1,135 Moderator on at
    Hi,
     
    If you want users to be forced to re-enter their credentials after logging out, you need to enable the External logout option in your Power Pages site’s Entra identity provider settings. This will confirm that the authentication session is fully terminated and in the next login will have the Microsoft sign-in page again shown to user.

    If External logout is not enabled, the existing Entra ID session/cookie remains valid and Microsoft silently reauthenticates the user without prompting for credentials. While token and session lifetime settings can also be adjusted, enabling External logout is the simplest and most effective fix.

    Steps to enable External logout:
    1. Go to Power Pages and open your site.
    2. Select Set upIdentity providers.
    3. Open your Microsoft Entra ID (Azure AD) identity provider.
    4. Enable the External logout option.
    5. Save the changes and restart the site if required.
    After this, logging out will fully end the Entra session and the next login will require credentials again.
     
    Hope this helps.

    Thanks!
    Inogic
  • Suggested answer
    oliver.rodrigues Profile Picture
    oliver.rodrigues 9,398 Most Valuable Professional on at
    A few things here you can do:
    • Change the Header Web Template, adding the tag &prompt=login to the sign-in URL, this will enforce the entra sign-in page
      • note that this probably only works if you have the entra as your default sign in
      • If not, you might still be able to apply JS on the sign-in page to set this behaviour
    • The other thing I would advise is to configure the session timeout policy in Entra, this will ensure that the token expires
      • If you are using Entra External, I think the minimum is 1 hour
    I tried multiple times to get the cookies / tokens to sync between them, but I couldn't yet get a final/perfect working solution

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Users!

Kudos to our 2025 Community Spotlight Honorees

Congratulations to our 2025 community superstars!

Congratulations to the January Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Pages

#1
Suriyanarayanan V Profile Picture

Suriyanarayanan V 45

#2
oliver.rodrigues Profile Picture

oliver.rodrigues 14 Most Valuable Professional

#3
DP_Prabh Profile Picture

DP_Prabh 13

Last 30 days Overall leaderboard

Featured topics

Solution to LinkedIn Authentication in Power Apps Portals
Welcome to the Power Pages forum!

Product updates

Microsoft Power Platform Community release plans