Skip to main content

Sitecore Identity server authentication


Describes how Sitecore Identity authenticates users.

You can use the Sitecore Identity (SI) server to sign in standard Sitecore Client users from ASP.NET Membership (Sitecore core or security databases), and also users from external providers.

You can use the Sitecore Identity server to:

You provide credentials on the SI server login page to sign in as a Sitecore user. 

The SI server uses identityserver-contrib-membership. This project allows the ASP.NET 2.0 Membership database to be used as the Identity Server User Store in IdentityServer4.

You configure the connection string to the database with the Membership tables in the Config\Sitecore.IdentityServer.Host.xml file, in the Sitecore:IdentityServer:SitecoreMembershipOptions:ConnectionString setting.

The Core database stores standard Microsoft ASP.NET Membership tables, but if you have several CM servers, you can move these tables to a separate security database.

You can use dependency injection for more advanced customization of the Sitecore Identity server and to replace Membership with another solution, if necessary.

You can use the SI server as a gateway to one or more external identity providers (subproviders or inner providers). When you have configured a subprovider, a login button appears on the login screen of the SI server. You can create a login link that will bypass the SI server login page and redirect users directly to the subprovider login page.

The SI server includes an Azure AD identity provider.

For more information, see Federation Gateway.