cheeto-bandito/Sitecore.Plugin.IdentityProvider.AzureAd.xml

## Sitecore.Plugin.IdentityProvider.AzureAd.xml
<?xml version="1.0" encoding="utf-8"?>
<Settings>
    <Sitecore>
        <ExternalIdentityProviders>
            <IdentityProviders>
                <AzureAd type="Sitecore.Plugin.IdentityProviders.IdentityProvider, Sitecore.Plugin.IdentityProviders">
                    <AuthenticationScheme>IdS4-AzureAd</AuthenticationScheme>
                    <DisplayName>Azure AD</DisplayName>
                    <Enabled>true</Enabled>
                    <ClientId>{Enter Client Id}</ClientId>
		    <TenantId>{Enter Tenant Id}</TenantId>
                    <MetadataAddress></MetadataAddress>
                    <ClaimsTransformations>
                        <!--Place transformation rules here. -->
                        <ClaimsTransformation1 type="Sitecore.Plugin.IdentityProviders.DefaultClaimsTransformation, Sitecore.Plugin.IdentityProviders">
                            <SourceClaims>
                                <Claim1 type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" />
                            </SourceClaims>
                            <NewClaims>
                                <Claim1 type="email" />
                            </NewClaims>
                        </ClaimsTransformation1 >
                        <ClaimsTransformation2 type="Sitecore.Plugin.IdentityProviders.DefaultClaimsTransformation, Sitecore.Plugin.IdentityProviders">
                            <SourceClaims>
                                <Claim1 type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" />
                            </SourceClaims>
                            <NewClaims>
                                <Claim1 type="email" />
                            </NewClaims>
                        </ClaimsTransformation2>
                        <!--Transformation samples-->
                        <!--AzureAD user group to Sitecore role transformation.-->
			<BusinessAnalystTransformation type="Sitecore.Plugin.IdentityProviders.DefaultClaimsTransformation, Sitecore.Plugin.IdentityProviders">
                            <SourceClaims>
                                <BusinessAnalyst type="groups" value="d090379b-XXXX-XXXX-XXXX-XXXXXXXXXXXX" />
                            </SourceClaims>
                            <NewClaims>
                                <Claim1 type="role" value="sitecore\Author" />
                            </NewClaims>
                        </BusinessAnalystTransformation>
			<ProjectManagerTransformation type="Sitecore.Plugin.IdentityProviders.DefaultClaimsTransformation, Sitecore.Plugin.IdentityProviders">
                            <SourceClaims>
				<ProjectManager type="groups" value="2c35b54c-XXXX-XXXX-XXXX-XXXXXXXXXXXX" />
                            </SourceClaims>
                            <NewClaims>
                                <Claim1 type="role" value="sitecore\Author" />
                            </NewClaims>
                        </ProjectManagerTransformation>
			<QualityAssuranceTransformation type="Sitecore.Plugin.IdentityProviders.DefaultClaimsTransformation, Sitecore.Plugin.IdentityProviders">
                            <SourceClaims>
				<QualityAssurance type="groups" value="bf9352ae-XXXX-XXXX-XXXX-XXXXXXXXXXXX" />
                            </SourceClaims>
                            <NewClaims>
                                <Claim1 type="role" value="sitecore\Author" />
                            </NewClaims>
                        </QualityAssuranceTransformation>
			<WebUITransformation type="Sitecore.Plugin.IdentityProviders.DefaultClaimsTransformation, Sitecore.Plugin.IdentityProviders">
                            <SourceClaims>
				<WebUI type="groups" value="5b245352-XXXX-XXXX-XXXX-XXXXXXXXXXXX" />
                            </SourceClaims>
                            <NewClaims>
                                <Claim1 type="role" value="sitecore\Author" />
                            </NewClaims>
                        </WebUITransformation>
			<AppUITransformation type="Sitecore.Plugin.IdentityProviders.DefaultClaimsTransformation, Sitecore.Plugin.IdentityProviders">
                            <SourceClaims>
				<AppUI type="groups" value="9a0e2346-XXXX-XXXX-XXXX-XXXXXXXXXXXX" />
                            </SourceClaims>
                            <NewClaims>
                                <Claim1 type="role" value="sitecore\Author" />
                            </NewClaims>
                        </AppUITransformation>
                        <!--AzureAD user in specific group to Sitecore admin user transformation-->
                        <ArchTransformation type="Sitecore.Plugin.IdentityProviders.DefaultClaimsTransformation, Sitecore.Plugin.IdentityProviders">
                            <SourceClaims>
                                <Arch type="groups" value="35bec449-XXXX-XXXX-XXXX-XXXXXXXXXXXX" />
                            </SourceClaims>
                            <NewClaims>
                                <Claim1 type="http://www.sitecore.net/identity/claims/isAdmin" value="true"/>
                            </NewClaims>
                        </ArchTransformation>
			<SitecoreDeveloperTransformation type="Sitecore.Plugin.IdentityProviders.DefaultClaimsTransformation, Sitecore.Plugin.IdentityProviders">
                            <SourceClaims>
				<SitecoreDeveloper type="groups" value="61ec76c5-XXXX-XXXX-XXXX-XXXXXXXXXXXX" />
                            </SourceClaims>
                            <NewClaims>
                                <Claim1 type="http://www.sitecore.net/identity/claims/isAdmin" value="true"/>
                            </NewClaims>
                        </SitecoreDeveloperTransformation>
                    </ClaimsTransformations>
                </AzureAd>
            </IdentityProviders>
        </ExternalIdentityProviders>
    </Sitecore>
</Settings>
	<?xml version="1.0" encoding="utf-8"?>
	<Settings>
	<Sitecore>
	<ExternalIdentityProviders>
	<IdentityProviders>
	<AzureAd type="Sitecore.Plugin.IdentityProviders.IdentityProvider, Sitecore.Plugin.IdentityProviders">
	<AuthenticationScheme>IdS4-AzureAd</AuthenticationScheme>
	<DisplayName>Azure AD</DisplayName>
	<Enabled>true</Enabled>
	<ClientId>{Enter Client Id}</ClientId>
	<TenantId>{Enter Tenant Id}</TenantId>
	<MetadataAddress></MetadataAddress>
	<ClaimsTransformations>
	<!--Place transformation rules here. -->
	<ClaimsTransformation1 type="Sitecore.Plugin.IdentityProviders.DefaultClaimsTransformation, Sitecore.Plugin.IdentityProviders">
	<SourceClaims>
	<Claim1 type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" />
	</SourceClaims>
	<NewClaims>
	<Claim1 type="email" />
	</NewClaims>
	</ClaimsTransformation1 >
	<ClaimsTransformation2 type="Sitecore.Plugin.IdentityProviders.DefaultClaimsTransformation, Sitecore.Plugin.IdentityProviders">
	<SourceClaims>
	<Claim1 type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" />
	</SourceClaims>
	<NewClaims>
	<Claim1 type="email" />
	</NewClaims>
	</ClaimsTransformation2>
	<!--Transformation samples-->
	<!--AzureAD user group to Sitecore role transformation.-->
	<BusinessAnalystTransformation type="Sitecore.Plugin.IdentityProviders.DefaultClaimsTransformation, Sitecore.Plugin.IdentityProviders">
	<SourceClaims>
	<BusinessAnalyst type="groups" value="d090379b-XXXX-XXXX-XXXX-XXXXXXXXXXXX" />
	</SourceClaims>
	<NewClaims>
	<Claim1 type="role" value="sitecore\Author" />
	</NewClaims>
	</BusinessAnalystTransformation>
	<ProjectManagerTransformation type="Sitecore.Plugin.IdentityProviders.DefaultClaimsTransformation, Sitecore.Plugin.IdentityProviders">
	<SourceClaims>
	<ProjectManager type="groups" value="2c35b54c-XXXX-XXXX-XXXX-XXXXXXXXXXXX" />
	</SourceClaims>
	<NewClaims>
	<Claim1 type="role" value="sitecore\Author" />
	</NewClaims>
	</ProjectManagerTransformation>
	<QualityAssuranceTransformation type="Sitecore.Plugin.IdentityProviders.DefaultClaimsTransformation, Sitecore.Plugin.IdentityProviders">
	<SourceClaims>
	<QualityAssurance type="groups" value="bf9352ae-XXXX-XXXX-XXXX-XXXXXXXXXXXX" />
	</SourceClaims>
	<NewClaims>
	<Claim1 type="role" value="sitecore\Author" />
	</NewClaims>
	</QualityAssuranceTransformation>
	<WebUITransformation type="Sitecore.Plugin.IdentityProviders.DefaultClaimsTransformation, Sitecore.Plugin.IdentityProviders">
	<SourceClaims>
	<WebUI type="groups" value="5b245352-XXXX-XXXX-XXXX-XXXXXXXXXXXX" />
	</SourceClaims>
	<NewClaims>
	<Claim1 type="role" value="sitecore\Author" />
	</NewClaims>
	</WebUITransformation>
	<AppUITransformation type="Sitecore.Plugin.IdentityProviders.DefaultClaimsTransformation, Sitecore.Plugin.IdentityProviders">
	<SourceClaims>
	<AppUI type="groups" value="9a0e2346-XXXX-XXXX-XXXX-XXXXXXXXXXXX" />
	</SourceClaims>
	<NewClaims>
	<Claim1 type="role" value="sitecore\Author" />
	</NewClaims>
	</AppUITransformation>
	<!--AzureAD user in specific group to Sitecore admin user transformation-->
	<ArchTransformation type="Sitecore.Plugin.IdentityProviders.DefaultClaimsTransformation, Sitecore.Plugin.IdentityProviders">
	<SourceClaims>
	<Arch type="groups" value="35bec449-XXXX-XXXX-XXXX-XXXXXXXXXXXX" />
	</SourceClaims>
	<NewClaims>
	<Claim1 type="http://www.sitecore.net/identity/claims/isAdmin" value="true"/>
	</NewClaims>
	</ArchTransformation>
	<SitecoreDeveloperTransformation type="Sitecore.Plugin.IdentityProviders.DefaultClaimsTransformation, Sitecore.Plugin.IdentityProviders">
	<SourceClaims>
	<SitecoreDeveloper type="groups" value="61ec76c5-XXXX-XXXX-XXXX-XXXXXXXXXXXX" />
	</SourceClaims>
	<NewClaims>
	<Claim1 type="http://www.sitecore.net/identity/claims/isAdmin" value="true"/>
	</NewClaims>
	</SitecoreDeveloperTransformation>
	</ClaimsTransformations>
	</AzureAd>
	</IdentityProviders>
	</ExternalIdentityProviders>
	</Sitecore>
	</Settings>