Last active
June 28, 2022 17:20
-
-
Save cheeto-bandito/522a7e3f0f48e5583ffbfa6c3f04fc0b to your computer and use it in GitHub Desktop.
Sitecore Identity Azure AD
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version="1.0" encoding="utf-8"?> | |
<Settings> | |
<Sitecore> | |
<ExternalIdentityProviders> | |
<IdentityProviders> | |
<AzureAd type="Sitecore.Plugin.IdentityProviders.IdentityProvider, Sitecore.Plugin.IdentityProviders"> | |
<AuthenticationScheme>IdS4-AzureAd</AuthenticationScheme> | |
<DisplayName>Azure AD</DisplayName> | |
<Enabled>true</Enabled> | |
<ClientId>{Enter Client Id}</ClientId> | |
<TenantId>{Enter Tenant Id}</TenantId> | |
<MetadataAddress></MetadataAddress> | |
<ClaimsTransformations> | |
<!--Place transformation rules here. --> | |
<ClaimsTransformation1 type="Sitecore.Plugin.IdentityProviders.DefaultClaimsTransformation, Sitecore.Plugin.IdentityProviders"> | |
<SourceClaims> | |
<Claim1 type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" /> | |
</SourceClaims> | |
<NewClaims> | |
<Claim1 type="email" /> | |
</NewClaims> | |
</ClaimsTransformation1 > | |
<ClaimsTransformation2 type="Sitecore.Plugin.IdentityProviders.DefaultClaimsTransformation, Sitecore.Plugin.IdentityProviders"> | |
<SourceClaims> | |
<Claim1 type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" /> | |
</SourceClaims> | |
<NewClaims> | |
<Claim1 type="email" /> | |
</NewClaims> | |
</ClaimsTransformation2> | |
<!--Transformation samples--> | |
<!--AzureAD user group to Sitecore role transformation.--> | |
<BusinessAnalystTransformation type="Sitecore.Plugin.IdentityProviders.DefaultClaimsTransformation, Sitecore.Plugin.IdentityProviders"> | |
<SourceClaims> | |
<BusinessAnalyst type="groups" value="d090379b-XXXX-XXXX-XXXX-XXXXXXXXXXXX" /> | |
</SourceClaims> | |
<NewClaims> | |
<Claim1 type="role" value="sitecore\Author" /> | |
</NewClaims> | |
</BusinessAnalystTransformation> | |
<ProjectManagerTransformation type="Sitecore.Plugin.IdentityProviders.DefaultClaimsTransformation, Sitecore.Plugin.IdentityProviders"> | |
<SourceClaims> | |
<ProjectManager type="groups" value="2c35b54c-XXXX-XXXX-XXXX-XXXXXXXXXXXX" /> | |
</SourceClaims> | |
<NewClaims> | |
<Claim1 type="role" value="sitecore\Author" /> | |
</NewClaims> | |
</ProjectManagerTransformation> | |
<QualityAssuranceTransformation type="Sitecore.Plugin.IdentityProviders.DefaultClaimsTransformation, Sitecore.Plugin.IdentityProviders"> | |
<SourceClaims> | |
<QualityAssurance type="groups" value="bf9352ae-XXXX-XXXX-XXXX-XXXXXXXXXXXX" /> | |
</SourceClaims> | |
<NewClaims> | |
<Claim1 type="role" value="sitecore\Author" /> | |
</NewClaims> | |
</QualityAssuranceTransformation> | |
<WebUITransformation type="Sitecore.Plugin.IdentityProviders.DefaultClaimsTransformation, Sitecore.Plugin.IdentityProviders"> | |
<SourceClaims> | |
<WebUI type="groups" value="5b245352-XXXX-XXXX-XXXX-XXXXXXXXXXXX" /> | |
</SourceClaims> | |
<NewClaims> | |
<Claim1 type="role" value="sitecore\Author" /> | |
</NewClaims> | |
</WebUITransformation> | |
<AppUITransformation type="Sitecore.Plugin.IdentityProviders.DefaultClaimsTransformation, Sitecore.Plugin.IdentityProviders"> | |
<SourceClaims> | |
<AppUI type="groups" value="9a0e2346-XXXX-XXXX-XXXX-XXXXXXXXXXXX" /> | |
</SourceClaims> | |
<NewClaims> | |
<Claim1 type="role" value="sitecore\Author" /> | |
</NewClaims> | |
</AppUITransformation> | |
<!--AzureAD user in specific group to Sitecore admin user transformation--> | |
<ArchTransformation type="Sitecore.Plugin.IdentityProviders.DefaultClaimsTransformation, Sitecore.Plugin.IdentityProviders"> | |
<SourceClaims> | |
<Arch type="groups" value="35bec449-XXXX-XXXX-XXXX-XXXXXXXXXXXX" /> | |
</SourceClaims> | |
<NewClaims> | |
<Claim1 type="http://www.sitecore.net/identity/claims/isAdmin" value="true"/> | |
</NewClaims> | |
</ArchTransformation> | |
<SitecoreDeveloperTransformation type="Sitecore.Plugin.IdentityProviders.DefaultClaimsTransformation, Sitecore.Plugin.IdentityProviders"> | |
<SourceClaims> | |
<SitecoreDeveloper type="groups" value="61ec76c5-XXXX-XXXX-XXXX-XXXXXXXXXXXX" /> | |
</SourceClaims> | |
<NewClaims> | |
<Claim1 type="http://www.sitecore.net/identity/claims/isAdmin" value="true"/> | |
</NewClaims> | |
</SitecoreDeveloperTransformation> | |
</ClaimsTransformations> | |
</AzureAd> | |
</IdentityProviders> | |
</ExternalIdentityProviders> | |
</Sitecore> | |
</Settings> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment