Set Up SSO in Sitecore XM Cloud Using Azure Active Directory

Single Sign-On (SSO) simplifies user authentication by allowing users to log in once and access multiple applications seamlessly. In this blog post, we’ll guide you through setting up SSO in Sitecore XM Cloud using Azure Active Directory (Azure AD).

Why SSO?

SSO enhances security and user experience by:

• Reducing password fatigue.
• Centralizing authentication management.
• Supporting modern security practices like Multi-Factor Authentication (MFA).

Azure AD, a robust identity management platform, integrates seamlessly with Sitecore XM Cloud to enable SSO.

Prerequisites

Before getting started, ensure you have:

• Access to an Azure Active Directory instance with administrative privileges.
• A Sitecore XM Cloud environment.
• Basic understanding of OAuth 2.0 and OpenID Connect protocols.

Step 1: Configure Azure AD

Register an Application in Azure AD

1. Log in to the Azure portal.
2. Navigate to Azure Active Directory > App registrations > New registration.
3. Enter a name for the application (e.g., “Sitecore XM Cloud SSO”).
4. Specify the supported account types (e.g., single tenant or multi-tenant).
5. Enter the redirect URI:

• Type: Web
• URI: https://auth.sitecorecloud.io/login/callback

6. Click Register.

Enable Authentication:

Go to the Authentication tab and check the ID tokens checkbox.

Copy the client ID from the Overview tab, we will need it for creating SSO Connection in Sitecore XM Cloud.

Step 2: Configure Sitecore XM Cloud

Access Sitecore XM Cloud Admin Panel

1. Log in to your Sitecore XM Cloud admin interface https://portal.sitecorecloud.io/.
2. Click on Admin from the top menu.
3. Now Click on Add SSO Connection > OpenID Connect

In the Add SSO connection dialog, enter the details for your connection, then click Save. Please refer this doc for more details.

• Email Domain: The name of your new SSO connection. This name appears in the list of SSO connections within your Sitecore Cloud Portal organization.
• Connection Type (Front Channel or Back Channel): Specifies how the identity provider’s authorization server returns result parameters from the authorization endpoint. Refer to your identity provider’s documentation to determine the appropriate option.
• Issuer URL: The URL of the identity provider’s discovery document, also referred to as the metadata address by some providers. On newly created App Registration click on Endpoints to get this URL. Example: https://{yourDomain}/.well-known/openid-configuration.
• Scopes: A space-separated list of scopes requested via the OpenID Connect scope parameter. The required scopes are openid and the one that returns the email claim. It's recommended to include scopes for the following claims: name, given_name, family_name, and nickname.
• Client ID: The client ID associated with the application you created while registering the Sitecore Cloud Portal with your identity provider (copied during the Azure AD setup).
• Client Secret: The client secret for the application created during the registration of the Sitecore Cloud Portal with your identity provider. This is required for Back Channel (Authorization Code flow).
• Callback URL: The URL where the identity provider sends the authentication response. You may need to add this URL (referred to as the redirect URI by some providers like Azure AD) during the Sitecore Cloud Portal registration process with your identity provider.

Test the SSO connection:

Testing your SSO connection is optional but we strongly recommend it to ensure that the connection works. You can test an SSO connection at any time by trying to sign in using your identity provider.

To test the connection:

1. Navigate to the Sitecore Cloud Portal SSO page and click Test for the connection you want to test.
2. In the Test SSO connection dialog, click Start test.
3. On the tab that opens, sign in using your identity provider.

If the SSO connection test failed, try again or verify that your SSO connection settings are correct.

Additional Resources

• Azure Active Directory Documentation
• Sitecore XM Cloud Authentication Guide

That’s it. Integrating Azure AD with Sitecore XM Cloud for SSO streamlines authentication, enhances security, and improves the user experience. With this setup, you can leverage Azure AD’s robust identity management capabilities while enjoying the scalability and flexibility of Sitecore XM Cloud.

You can find my other blogs here.

Thank you!