Sitefinity AzureAD Integration with OpenID Connect

sitefinity | 2021-01-20

Enable seamless SSO (Single Sign-On) with Microsoft Azure AD using OpenID Connect in your Sitefinity instance.

☁️ Azure AD Setup

Go to Azure Active Directory → App registrations → New registration.
Enter a name for your application (you can skip Redirect URI for now), then click Register.
Navigate to the Authentication tab → Add a platform → choose Web.
Under Redirect URIs, enter: http://<your-sitefinity-instance>/Sitefinity/Authenticate/OpenID/signin-custom
Enable ID tokens under “Authorization endpoint”.

🏗️ Sitefinity Setup

Start or run your Sitefinity instance.
Go to the backend → Administration → Advanced →
Authentication → SecurityTokenService →
AuthenticationProviders → OpenIDConnect.
Apply the following configuration:

Setting	Key
ClientID	Azure AD App – Application (client) ID
Response type	id_token
Allowed scopes	openid profile email
Authority
Metadata address
Redirect URI
Post logout redirect URI
Title	Azure AD Login
Enabled	True
Auto assigned roles	Administrators
Require email claim from this provider	True (We can check the metadata address to understand what to map)
Claims to fields mappings	Email: email, SitefinityProfile.FirstName: name, SitefinityProfile.Nickname: nickname

Restart your Sitefinity instance.

✅ Verification Steps

Visit:
https://<your-sitefinity-instance>/Sitefinity → Click Azure Login
Accept the permissions prompt (shown on first login).
Enter your Azure AD credentials — you’ll be redirected back to the dashboard.
Check under Administration → Users – you’ll notice both a default and an Azure-created user with the same email.

🎉 It’s working!

🔧 Optional Enhancements

Handle Claims / Provisioning: Intercept Azure AD callback to auto-create and map user profiles.
Hide default login:

Create /Content/Pages/login.html
Comment out unnecessary blocks (see example: login.html)
Restart Sitefinity
Optionally add a script to auto-redirect to Azure login on page load

screen6

📚 References