Azure AD SSO configuration example

Before configuring your Sitecore Content Hub to authenticate using the Azure AD single sign-on (SSO), you must create and configure an Azure application registration.

To do this, you must perform the following steps:

  1. Create your application registration.

  2. Configure the token.

  3. Expose your API.

Important

Refer to the official Microsoft Azure documentation for the correct procedures.

When exposing your API, retrieve the following information to use when configuring SSO in Content Hub:

  • Application ID URI, for example api://111bb1a1-bb1b-1111-11bb-b11b111b111b.

  • Federation metadata document, for example https://login.microsoftonline.com/000000000-c000-4dc9-bb7e-a000df000a1e/federationmetadata/2007-06/federationmetadata.xml.

  • EntityID, for example https://sts.windows.net/00000184-c000-4dc9-bb7e-a000df000a1e/.

With these values, you can configure the authentication setting using the following JSON schema:

RequestResponse

   "ExternalAuthenticationProviders": {
      "global_username_claim_type": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name",
      "global_email_claim_type": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
      "saml": [
        {
          "metadata_location": "Federation metadata document value",
          "sp_entity_id": "Application ID URI value",
          "idp_entity_id": "EntityID",
          "provider_name": "AzureAD SSO",
          "messages": {
            "signIn": "AzureAD SSO"
          },
          "authentication_mode": "Passive",
          "module_path": "AuthServices",
          "is_enabled": true
        }
      ]
    }
  }

Do you have some feedback for us?

If you have suggestions for improving this article,