It has been quite some time since I have blogged, there is just way too much work, and that is great, I am not even complaining.

I just wanted to take a little break from work and write a blog, and try to illustrate and help with getting started with Active Directory integration. This should be one of the essential components when starting any Sitecore architectural planning.

In this blog I will cover both Active Directory integration on premises as well as Azure Active Directory.

At first this seems to be a very completed to me, but then after reading the official documentation is made much more sense. Obviously after you set it up yourself you will have an understanding, on how to get it accomplished.

Reference for On-Premises integration:

Active Directory on premises integration

So let’s get to it.

First you will need to create yourself or request to have a OU (Organization Unit) created for you and add all the users that you are want to be able to access Sitecore.

While the IT Department is setting that up, in some companies it takes quite some time. Let’s go to Sitecore and install the package.

You can download the latest package from official Sitecore dev web site.

Once you download it, go to Desktop > Development Tools > Installation Wizardsitecore-launchpad.png

and install the Sitecore Package that you have downloaded.

Next Step we will be modifying Configuration files, that will plug it in with your current AD infrastructure.

  • ConnectionStrings.config
  • Domains.config
  • Web.Config
ConnectionStrings.config

<connectionStrings>
<add name=”ManagersConnString”
connectionString=”LDAP://testsrv/OU=Managers,DC=testdomain,DC=sitecore,DC=net” />
</connectionStrings>

Domains.config
<domain name=”ad” ensureAnonymousUser=”false”/>
Web.config

<add name=”ad”
type=”LightLDAP.SitecoreADMembershipProvider”
connectionStringName=”ManagersConnString”
applicationName=”sitecore”
minRequiredPasswordLength=”1″
minRequiredNonalphanumericCharacters=”0″
requiresQuestionAndAnswer=”false”
requiresUniqueEmail=”false”
connectionUsername=”[put the username here]”
connectionPassword=”[put the password here]”
connectionProtection=”Secure”
attributeMapUsername=”sAMAccountName”
enableSearchMethods=”true”
/>

More details on each available parameter can be found from the official documentation, link provided above in the references.
The only that you need to remember to map your users to specific roles within Sitecore.
Once you map everything to the appropriate roles, you will have no problem logging into the Sitecore.

Azure Active Directory integration

So this is a much easier process IMHO.

For this approach you will need to use Federated Authentication.

Reference from official web site:

I would really recommend to read this blog by Bas Lijten as well, it has a lot of useful information.

So lets proceed:

At this point I imagine that you have Federated Authentication set up and you have read the links provided above and you have AZURE AD, and you are setting this up for a client. So you already have Azure Active Directory set up.

In my case my organization is TONY 🙂

sitecore-active-directory.png

So you will need to access App Registrations and create your own application:

sitecore-active-directory-app-registration.png

As you can see by the name of my app I am integrating with Sitecore 9.

Once is registered you will go ahead and use the application ID and add it to your configuration file.

Make sure to specify the reply-url:
sitecore-reply-urls.png
<settings>
<setting name=”ClientId” value=”application ID when you register your application into Azure through APP registration” />
<setting name=”AADInstance” value=”https://login.microsoftonline.com/{0}” />
<setting name=”Tenant” value=”your azure active directory e.g. Test.onmicrosoft.com” />
<setting name=”PostLogoutRedirectURI” value=”https://sc9.local/sitecore/login&#8221; />
<setting name=”RedirectURI” value=”https://sc9.local/sitecore&#8221; />
</settings>

Also you will need to edit the Manifest and change the groupMembershipClaims
"groupMembershipClaims": "SecurityGroup",
Once you plug it all in you will be able to access Sitecore and you login window would look like this:
sitecore-azure-ad-login.png
You might have a question how to map AD groups to Sitecore groups, here is a configuration for it:
<transformation name="devRole" type="Sitecore.Owin.Authentication.Services.DefaultTransformation, Sitecore.Owin.Authentication">
<sources hint="raw:AddSource">
<claim name="groups" value="AZURE AD GROUP ID" />
</sources>
<targets hint="raw:AddTarget">
<claim name="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" value="sitecore\{ROLE}" />
</targets>
<keepSource>true</keepSource>
</transformation>
If you have any question comment here, or reach out to me on twitter @tmamedbekov
You can also ask a question on Sitecore Slack, we have the best community.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s