Azure AD Integration with Sitecore 10.2

Sitecore identity server that comes with Sitecore 9.1 allows you to log in through an external identity provider like Azure Active Directory, Facebook, Apple, or Google. It is built on Federation Authentication.

What is Federation Authentication?

Federation authentication is a technology to allows users to access multiples application, tools, and domains using one credential. Using one set of credential user can access multiple applications, and resources after authentication.

Federation authentication consists of two systems, the Identity provider and the Service provider. Identity providers that maintain/create/manage identity information like name, email address, device, and location. Some examples of identity providers are Azure AD, Google, Facebook, and Apple. Service providers basically refer to a website, software, or app that the user is trying to access and SP basically relies on the identity provider to authenticate the user and provide an identity.

There are three most commonly used protocols:

SAML
OAuth2.0
OpenID Connect

Now come to the point, how can integrate Azure AD with Sitecore? Below are the steps to integrate Azure AD with Sitecore.

Azure AD Configuration

Go to the Azure portal and log in.
Then go to Azure Active Directory -> App registrations.

Next click on the New registration button.

Fill name, supported account type, and redirect URI and click on register button.

Now go to the Manifest tab and update groupMembershipClaims value to SecurityGroup.

Go to the Authentication tab and check the ID tokens checkbox.

Go to the Groups inside Azure Active Directory, and create a new group if you don't have already one.

Make sure you have added members to Demo_Admin group.
Finally, go to the Overview tab and save the client Id and tenant Id which are going to be used in the Sitecore config later.

Sitecore Identity Server Configuration

Open inetpub\wwwroot\identityserverwebsite\sitecore\Sitecore.Plugin.IdentityProvider.AzureAd\Config\Sitecore.Plugin.IdentityProvider.AzureAd.xml and update ClientId and TenantId which was saved in previous step.

Restart the Sitecore Identity Application and go to Sitecore Content Management to log in, now Azure AD button will be visible.

Wait Wait Wait, this is not an end. A few steps are still pending :)

Uncomment the below line from Sitecore.Plugin.IdentityProvider.AzureAd.xml and Copy the group id from Demo_Admin group and paste it. This I have done only for one group but it can be for multiple groups in a similar manner.

Sitecore Configuration

Create patch file in code,

Now restart your identity website and go to content management URL and click on Azure AD.

	<configuration xmlns:patch="http://www.sitecore.net/xmlconfig/" xmlns:role="http://www.sitecore.net/xmlconfig/role/" xmlns:set="http://www.sitecore.net/xmlconfig/set/">
	<sitecore role:require="Standalone or ContentManagement">
	<federatedAuthentication>
	<identityProviders>
	<identityProvider id="SitecoreIdentityServer/IdS4-AzureAd" type="Sitecore.Owin.Authentication.Configuration.DefaultIdentityProvider, Sitecore.Owin.Authentication">
	<param desc="name">$(id)</param>
	<param desc="domainManager" type="Sitecore.Abstractions.BaseDomainManager" resolve="true" />
	<caption>Log in with Sitecore Identity: Azure AD</caption>
	<icon>/sitecore/shell/themes/standard/Images/24x24/msazure.png</icon>
	<domain>sitecore</domain>
	</identityProvider>
	</identityProviders>
	<propertyInitializer>
	<maps>
	<map name="set Email" type="Sitecore.Owin.Authentication.Services.DefaultClaimToPropertyMapper, Sitecore.Owin.Authentication" resolve="true">
	<data hint="raw:AddData">
	<source name="email" />
	<target name="Email" />
	</data>
	</map>
	<map name="set FullName" type="Sitecore.Owin.Authentication.Services.DefaultClaimToPropertyMapper, Sitecore.Owin.Authentication" resolve="true">
	<data hint="raw:AddData">
	<source name="name" />
	<target name="FullName" />
	</data>
	</map>
	</maps>
	</propertyInitializer>
	</federatedAuthentication>
	</sitecore>
	</configuration>

view raw Azure AD Integration hosted with ❤ by GitHub

Enter your username and password, after that Azure AD will redirect back to your Sitecore instance after successful login. You can go to User Manager, Sitecore will create same user here.

Sitecore 10.2 - “Failed to start service ‘Sitecore Marketing Automation Engine’” on Windows 11

Sitecore 10.2 - “Failed to start service ‘Sitecore Marketing Automation Engine' ” on Windows 11 Today I started to install Sitecore 10.2 using Sitecore Instance Manager on Windows 11 and I got this issue “Failed to start service ‘Sitecore Marketing Automation Engine' ” . Error : On event viewer it was showing the below error: I also tried to run ‘ Sitecore.MAEngine.exe ’ like this C:\Windows\system32>C:\inetpub\wwwroot\sclocal102xconnect.dev.local\App_Data\jobs\continuous\AutomationEngine\Sitecore.MAEngine.exe Which was throwing below error: Starting Marketing Automation Engine... 2022-01-29 22:21:11 ERR Error initializing XConnect client. System.AggregateException: One or more errors occurred. ---> Sitecore.XConnect.XdbCollectionUnavailableException: An error occurred while sending the request. ---> System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The underlying connection was closed: An unexpected err...

Swati Gupta (3x Sitecore MVP) | Blogs

Search This Blog