Hi all,
I need a synchronous way to assign web roles in Power Pages at sign-in based on identity provider:
- Microsoft Entra (SSO) → Employee web role
- Microsoft Entra B2C → External web role
This is required to immediately show/hide content and enforce Table Permissions / Web Page Access Control Rules. I cannot use asynchronous options (e.g., Power Automate) because they force a log out/in before roles take effect, which is unacceptable UX.
What I've tried:
- Liquid checks to detect provider
- (Good for UI only, not security and also not sustainable since the check would need to be done on every page new & old)
- Background jobs/flows
- (Too slow; roles apply only after re-login)
- Default role assignment at registration
- (Doesn't handle provider-based logic)
Questions:
- Is there a supported way to assign/resolve web roles synchronously at authentication based on the identity provider?
- Can Power Pages map claims (e.g., identityprovider, iss, or a custom B2C claim like external=true) to web roles so they’re active immediately?
- Are there authentication event hooks or custom handlers that run synchronously to set roles before the first page renders?
Pseudocode - Desired Behavior:
OnAuthenticationSuccess(user):
idp = claims['http://schemas.microsoft.com/identity/claims/identityprovider']
if idp == 'entra-id':
principal.AddRole('Employee')
else if idp == 'entra-b2c':
principal.AddRole('External')
// role should be active in the current session immediately
If you’ve achieved this, could you share:
- Exact configuration (claim types, site settings, mapping steps)
- Whether it worked synchronously without re-login
- Any gotchas (caching, timing, first-request behavior)
Thanks Power Pages Community!
I have the same question (0)
