Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save cheeto-bandito/522a7e3f0f48e5583ffbfa6c3f04fc0b to your computer and use it in GitHub Desktop.
Save cheeto-bandito/522a7e3f0f48e5583ffbfa6c3f04fc0b to your computer and use it in GitHub Desktop.
Sitecore Identity Azure AD
<?xml version="1.0" encoding="utf-8"?>
<Settings>
<Sitecore>
<ExternalIdentityProviders>
<IdentityProviders>
<AzureAd type="Sitecore.Plugin.IdentityProviders.IdentityProvider, Sitecore.Plugin.IdentityProviders">
<AuthenticationScheme>IdS4-AzureAd</AuthenticationScheme>
<DisplayName>Azure AD</DisplayName>
<Enabled>true</Enabled>
<ClientId>{Enter Client Id}</ClientId>
<TenantId>{Enter Tenant Id}</TenantId>
<MetadataAddress></MetadataAddress>
<ClaimsTransformations>
<!--Place transformation rules here. -->
<ClaimsTransformation1 type="Sitecore.Plugin.IdentityProviders.DefaultClaimsTransformation, Sitecore.Plugin.IdentityProviders">
<SourceClaims>
<Claim1 type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" />
</SourceClaims>
<NewClaims>
<Claim1 type="email" />
</NewClaims>
</ClaimsTransformation1 >
<ClaimsTransformation2 type="Sitecore.Plugin.IdentityProviders.DefaultClaimsTransformation, Sitecore.Plugin.IdentityProviders">
<SourceClaims>
<Claim1 type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" />
</SourceClaims>
<NewClaims>
<Claim1 type="email" />
</NewClaims>
</ClaimsTransformation2>
<!--Transformation samples-->
<!--AzureAD user group to Sitecore role transformation.-->
<BusinessAnalystTransformation type="Sitecore.Plugin.IdentityProviders.DefaultClaimsTransformation, Sitecore.Plugin.IdentityProviders">
<SourceClaims>
<BusinessAnalyst type="groups" value="d090379b-XXXX-XXXX-XXXX-XXXXXXXXXXXX" />
</SourceClaims>
<NewClaims>
<Claim1 type="role" value="sitecore\Author" />
</NewClaims>
</BusinessAnalystTransformation>
<ProjectManagerTransformation type="Sitecore.Plugin.IdentityProviders.DefaultClaimsTransformation, Sitecore.Plugin.IdentityProviders">
<SourceClaims>
<ProjectManager type="groups" value="2c35b54c-XXXX-XXXX-XXXX-XXXXXXXXXXXX" />
</SourceClaims>
<NewClaims>
<Claim1 type="role" value="sitecore\Author" />
</NewClaims>
</ProjectManagerTransformation>
<QualityAssuranceTransformation type="Sitecore.Plugin.IdentityProviders.DefaultClaimsTransformation, Sitecore.Plugin.IdentityProviders">
<SourceClaims>
<QualityAssurance type="groups" value="bf9352ae-XXXX-XXXX-XXXX-XXXXXXXXXXXX" />
</SourceClaims>
<NewClaims>
<Claim1 type="role" value="sitecore\Author" />
</NewClaims>
</QualityAssuranceTransformation>
<WebUITransformation type="Sitecore.Plugin.IdentityProviders.DefaultClaimsTransformation, Sitecore.Plugin.IdentityProviders">
<SourceClaims>
<WebUI type="groups" value="5b245352-XXXX-XXXX-XXXX-XXXXXXXXXXXX" />
</SourceClaims>
<NewClaims>
<Claim1 type="role" value="sitecore\Author" />
</NewClaims>
</WebUITransformation>
<AppUITransformation type="Sitecore.Plugin.IdentityProviders.DefaultClaimsTransformation, Sitecore.Plugin.IdentityProviders">
<SourceClaims>
<AppUI type="groups" value="9a0e2346-XXXX-XXXX-XXXX-XXXXXXXXXXXX" />
</SourceClaims>
<NewClaims>
<Claim1 type="role" value="sitecore\Author" />
</NewClaims>
</AppUITransformation>
<!--AzureAD user in specific group to Sitecore admin user transformation-->
<ArchTransformation type="Sitecore.Plugin.IdentityProviders.DefaultClaimsTransformation, Sitecore.Plugin.IdentityProviders">
<SourceClaims>
<Arch type="groups" value="35bec449-XXXX-XXXX-XXXX-XXXXXXXXXXXX" />
</SourceClaims>
<NewClaims>
<Claim1 type="http://www.sitecore.net/identity/claims/isAdmin" value="true"/>
</NewClaims>
</ArchTransformation>
<SitecoreDeveloperTransformation type="Sitecore.Plugin.IdentityProviders.DefaultClaimsTransformation, Sitecore.Plugin.IdentityProviders">
<SourceClaims>
<SitecoreDeveloper type="groups" value="61ec76c5-XXXX-XXXX-XXXX-XXXXXXXXXXXX" />
</SourceClaims>
<NewClaims>
<Claim1 type="http://www.sitecore.net/identity/claims/isAdmin" value="true"/>
</NewClaims>
</SitecoreDeveloperTransformation>
</ClaimsTransformations>
</AzureAd>
</IdentityProviders>
</ExternalIdentityProviders>
</Sitecore>
</Settings>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment