The first step in using Sitecore's SaaS product is to add SSO, a user authentication mechanism. In this article, we will focus on the SSO configuration.
Add SSO as a login for Sitecore Cloud Portal - Microsoft Entra ID
Sitecore Cloud PortalPublished: 2024-07-11
In addition, we have published another article regarding the cooperation with Auth0.
About SSO Settings
Access the Sitecore Cloud Portal, open the Admin menu, and click Single sign-on (SSO) on the left side to open the single sign-on configuration screen as shown below.
Sitecore Cloud Portal supports identity providers using either the OpenID Connect (OIDC) or Security Assertion Markup Language (SAML) protocols. An organization can have up to five SSO connections, each supporting up to 50 domains.
The following pages are helpful in setting up the system.
In this article, we will go over the work in an actual environment.
Initial Setup of Sitecore Cloud Portal
In this case, we will be connecting to Microsoft Entra ID (formerly Azure Active Directory ) using SAML. If you have not configured any settings, click the Add SSO Connection button on the screen. A screen for entering a domain will appear.
After entering the domain, the following items for configuring SAML authentication will appear
The above items are values that will be used later in the Entra ID admin center. Once this screen is closed, the screen under configuration will appear as shown below.
On the list screen, you can always refer to the value of the previous setting by clicking on the Configure button.
Before moving on to Entra ID configuration, we will proceed with domain verification. Clicking on the Verify domains button will display information about the records to be added to the DNS.
When setting this value in DNS, make sure that the TXT record recognizes this string in the form TXT @ the above string.
At this stage, click the Close button, as no other buttons can be used.
This completes the initial setup on the Sitecore Cloud Portal side.
Develop an environment for Entra ID
To proceed with the configuration, you will need to obtain various parameters from your Microsoft Entra ID and fill in the above items. First, access the Microsoft Entra admin center.
Select Applications - Enterprise Applications from the menu on the left.
Click on the + New Application, which appears on the screen, click on Create Your Own Application, which appears on the screen below.
Create an application, this time named Sitecore Cloud Portal.
After a short while, the application is created as follows.
Then select Single sign-on from the menu. The Single Sign-On selection screen will appear as shown below.
This time, to add SAML authentication, click the button in the upper right corner. After clicking, you will be taken to the following screen.
Two required items are provided in the basic SAML configuration section. These are the two items provided in the Sitecore Cloud Portal. Set the Identifier and ACS URL items as follows (the screenshot below is masked with respect to values)
When you save the file, a dialog box will appear asking if you want to run the test. dialog box will appear, but we will not perform this test at this time.
Finally, add users who can use this application by clicking on the Users and Groups item in the menu on the left side. The result of the addition is the following screen.
This completes the configuration on the Entra ID side.
Additional Sitecore Cloud Portal settings
The settings in Entra ID have been completed and we will return to the settings on the Sitecore Cloud Portal side again. First, display the configuration screen where the domain authentication has been completed.
Clicking on the Configure button will take you to Step 2, where you will configure the settings for meta data.
The data to be set here can be obtained from the Entra ID administration screen. In the Single Sign-On settings screen that you have already set up, there is an item called Federation Metadata XML, click here to download the XML data (bottom screen).
The XML data obtained here is used to configure the items in Step 2 and save the configuration.
Sign-in Test
Click on the Test button from the Settings screen. The Start test button will appear as shown below.
The following screen is displayed when the login is successful for the account specified in the Entra ID Users and Groups.
Now you can log in, click on the Enable SSO Connection button to enable SSO settings.
Once enabled as shown below, SSO configuration is complete.
Summary
In this article, we have linked with Entra ID via Sitecore Cloud Portal and SSO. We will introduce the actual user addition, permission settings, etc. in the next article.