Azure AD Setup
1/ Go to you Azure Active Directory → App Registrations → New Registration
2/ Give a name to the application, you can leave the Redirect URI as blank now. Then click Register.
3/ Go to Authentication Tab → Add a platform → Web
4/ Redirect URIs: http://<Sitefinity Instance>/Sitefinity/Authenticate/OpenID/signin-custom
5/ Select the tokens you would like to be issued by the authorization endpoint: Check ID Tokens
1/ Spin up (If you haven’t) and run the Sitefinity Instance
2/ Login to Sitefinity backend → Go to Administration → Advanced → Authentication → SecurityTokenService → AuthenticationProviders → OpenIDConnect
3/ Do the following settings:
|ClientID||<Azure AD App – Application (client) ID>|
|Allowed scopes||openid profile email|
|Authority||https://login.microsoftonline.com/<Azure AD App Directory (tenant) ID>/v2.0|
|Redirect URI||http://<Sitefinity instance>/Sitefinity/Authenticate/OpenID/signin-custom|
|Post logout redirect URI||http://<Sitefinity instance>|
|Title||Azure AD Login|
|Auto assigned roles||Administrators|
|Require email claim from this provider||False|
4/ Restart Sitefinity
a/ Visit http://<Sitefinity instance>/Sitefinity → Click Azure Login
b/ It will prompt you a permission request for first time login, simply press Accept.
c/ It will prompt for your username + password. Fulfill it and it will route you back to Sitefinity dashboard
d/ Then go to Administration → Users, you will see an unknown user and a default user while both having same email address.
e/ It is working!
- Intercept AzureAD callback response, and create necessary users with proper profile
- Hide the default login method completely
- a/ Create a file under /Content/Pages/login.html
- b/ Comment unnecessary blocks: login.html (github.com)
- c/ Restart Sitefinity, and you will see only Azure Login button
- d/ Consider to write a script to redirect on page load