Sitecore Identity server authentication

Abstract

Describes how Sitecore Identity authenticates users.

You can use the Sitecore Identity (SI) server to sign in standard Sitecore Client users from ASP.NET Membership (Sitecore core or security databases), and also users from external providers.

You can use the Sitecore Identity server to:

You provide credentials on the SI server login page to sign in as a Sitecore user. 

The SI server uses identityserver-contrib-membership. This project allows the ASP.NET 2.0 Membership Database to be used as the Identity Server User Store in IdentityServer4. You configure the connection string to the Membership database with the Sitecore:IdentityServer:SitecoreMembershipOptions:ConnectionString setting. You can use dependency injection for more advanced customization of the SI server and to replace Membership with another solution, if necessary.

You can use the SI server as a gateway to one or more external identity providers (subproviders or inner providers). When you have configured a subprovider, a login button appears on the login screen of the SI server. You can create a login link that will bypass the SI server login page and redirect users directly to the subprovider login page.

The SI server includes an Azure AD identity provider.

For more information, see Federation Gateway.