It has been quite some time since I have blogged, there is just way too much work, and that is great, I am not even complaining.
I just wanted to take a little break from work and write a blog, and try to illustrate and help with getting started with Active Directory integration. This should be one of the essential components when starting any Sitecore architectural planning.
In this blog I will cover both Active Directory integration on premises as well as Azure Active Directory.
At first this seems to be a very completed to me, but then after reading the official documentation is made much more sense. Obviously after you set it up yourself you will have an understanding, on how to get it accomplished.
Reference for On-Premises integration:
- https://dev.sitecore.net/Downloads/Active_Directory.aspx
- https://sdn.sitecore.net/upload/sdn5/sitecore6modules/ad/sitecore_active_directory_module_guide.pdf
Active Directory on premises integration
So let’s get to it.
First you will need to create yourself or request to have a OU (Organization Unit) created for you and add all the users that you are want to be able to access Sitecore.
While the IT Department is setting that up, in some companies it takes quite some time. Let’s go to Sitecore and install the package.
You can download the latest package from official Sitecore dev web site.
Once you download it, go to Desktop > Development Tools > Installation Wizard
and install the Sitecore Package that you have downloaded.
Next Step we will be modifying Configuration files, that will plug it in with your current AD infrastructure.
- ConnectionStrings.config
- Domains.config
- Web.Config
<connectionStrings>
<add name=”ManagersConnString”
connectionString=”LDAP://testsrv/OU=Managers,DC=testdomain,DC=sitecore,DC=net” />
</connectionStrings>
<domain name=”ad” ensureAnonymousUser=”false”/>
<add name=”ad”
type=”LightLDAP.SitecoreADMembershipProvider”
connectionStringName=”ManagersConnString”
applicationName=”sitecore”
minRequiredPasswordLength=”1″
minRequiredNonalphanumericCharacters=”0″
requiresQuestionAndAnswer=”false”
requiresUniqueEmail=”false”
connectionUsername=”[put the username here]”
connectionPassword=”[put the password here]”
connectionProtection=”Secure”
attributeMapUsername=”sAMAccountName”
enableSearchMethods=”true”
/>
Azure Active Directory integration
So this is a much easier process IMHO.
For this approach you will need to use Federated Authentication.
Reference from official web site:
I would really recommend to read this blog by Bas Lijten as well, it has a lot of useful information.
So lets proceed:
At this point I imagine that you have Federated Authentication set up and you have read the links provided above and you have AZURE AD, and you are setting this up for a client. So you already have Azure Active Directory set up.
In my case my organization is TONY 🙂
So you will need to access App Registrations and create your own application:
As you can see by the name of my app I am integrating with Sitecore 9.
Once is registered you will go ahead and use the application ID and add it to your configuration file.
<setting name=”ClientId” value=”application ID when you register your application into Azure through APP registration” />
<setting name=”AADInstance” value=”https://login.microsoftonline.com/{0}” />
<setting name=”Tenant” value=”your azure active directory e.g. Test.onmicrosoft.com” />
<setting name=”PostLogoutRedirectURI” value=”https://sc9.local/sitecore/login” />
<setting name=”RedirectURI” value=”https://sc9.local/sitecore” />
</settings>
"groupMembershipClaims": "SecurityGroup",
<transformation name="devRole" type="Sitecore.Owin.Authentication.Services.DefaultTransformation, Sitecore.Owin.Authentication">
<sources hint="raw:AddSource">
<claim name="groups" value="AZURE AD GROUP ID" />
</sources>
<targets hint="raw:AddTarget">
<claim name="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" value="sitecore\{ROLE}" />
</targets>
<keepSource>true</keepSource>
</transformation>
