Umbraco.Community.AzureSSO
1.3.0
See the version list below for details.
dotnet add package Umbraco.Community.AzureSSO --version 1.3.0
NuGet\Install-Package Umbraco.Community.AzureSSO -Version 1.3.0
<PackageReference Include="Umbraco.Community.AzureSSO" Version="1.3.0" />
paket add Umbraco.Community.AzureSSO --version 1.3.0
#r "nuget: Umbraco.Community.AzureSSO, 1.3.0"
// Install Umbraco.Community.AzureSSO as a Cake Addin #addin nuget:?package=Umbraco.Community.AzureSSO&version=1.3.0 // Install Umbraco.Community.AzureSSO as a Cake Tool #tool nuget:?package=Umbraco.Community.AzureSSO&version=1.3.0
Umbraco.Community.AzureSSO
Add Azure AD SSO to Umbraco v10-11 sites. This will allow you to automatically create Umbraco user accounts for users in your AD. This will then associate the Umbraco users with groups based on their AD group, and the configuration below.
First you, or an Azure AD administration will need to create an App Registration in the Azure Portal which will be used to authenticate the site against Azure AD. Follow these instructions to setup the new App Registration
To install
dotnet add package Umbraco.Community.AzureSSO
In startup.cs under ConfigureServices add:
.AddMicrosoftAccountAuthentication()
In the services.AddUmbraco bindings
For example:
var builder = services.AddUmbraco(_env, _config)
.AddBackOffice()
.AddWebsite()
.AddComposers()
.AddMicrosoftAccountAuthentication()
.AddAzureBlobMediaFileSystem();
To configure add the following section to the root of your appsettings.json file and customise as appropriate
"AzureSSO": {
"Credentials": {
"Instance": "https://login.microsoftonline.com/",
"Domain": "<domain>",
"TenantId": "<tenantId>",
"ClientId": "<clientId>",
"CallbackPath": "/umbraco-microsoft-signin/",
"SignedOutCallbackPath ": "/umbraco-microsoft-signout/",
"ClientSecret": "<clientSecret>"
},
"DisplayName": "Azure AD",
"DenyLocalLogin": true,
"AutoRedirectLoginToExternalProvider": true,
"TokenCacheType": "InMemory",
"GroupBindings": {
"<AD group>": "<umbraco group>",
"<another AD group>": "<umbraco group>"
},
"SetGroupsOnLogin": true,
"DefaultGroups": [
"editor"
],
"Icon": "fa fa-lock",
"ButtonStyle": "btn-microsoft",
},
You'll need to configure these settings based on the values in Azure:
Setting | Description |
---|---|
Domain | The value in Primary domain in the Azure Active Directory Overview |
TenantId | The value in Directory (tenant) ID on the app registration Overview |
ClientId | The value in Application (Client) ID on the app registration Overview |
ClientSecret | The client secret created for the app registration |
You can also customise the configuration by setting these settings:
Setting | Description |
---|---|
DisplayName | The display name for use on the login button |
Icon | The class name for the icon to use |
ButtonStyle | The class name for the button style |
AutoRedirectLoginToExternalProvider | Automatically redirect to the external login provider |
DenyLocalLogin | Allow users to login via Umbraco's standard login |
GroupBindings | The bindings for AD group to Umbraco group |
SetGroupsOnLogin | Whether or not to reset the users assigned groups on each login |
TokenCacheType | Token Cache Type to use: InMemory, Session, Distributed (defaults to InMemory) |
DefaultGroups | The groups to assign to users regardless of any AD groups assigned (defaults to none) |
ButtonStyle
The standard set is shown at https://lipis.github.io/bootstrap-social/
Group Bindings
To bind these you'll need to specify the active directory group and then the matching Umbraco group.
For example we use: "GIBE\Producers" : "editors"
to bind everyone in the GIBE\Producers
group to the Umbraco editors group.
Beware these will be reset on each login, so changing groups in umbraco will only take effect until the user next logs in. If a user is removed from an AD group they'll automatically be removed from the matching Umbraco group on next login.
Alternate Group Bindings using Group Id
If you are having problems with NET BIOS group names, you can set the groups claim in the App Registration to use Group Id rather than NetBIOSDomain\sAMAccountName
You can now use the guid format for the Group Id like: "xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx": "admin", "44a38651-xxxx-4c92-b1b6-51cf26ff9bab": "editor"
Product | Versions Compatible and additional computed target framework versions. |
---|---|
.NET | net6.0 is compatible. net6.0-android was computed. net6.0-ios was computed. net6.0-maccatalyst was computed. net6.0-macos was computed. net6.0-tvos was computed. net6.0-windows was computed. net7.0 is compatible. net7.0-android was computed. net7.0-ios was computed. net7.0-maccatalyst was computed. net7.0-macos was computed. net7.0-tvos was computed. net7.0-windows was computed. net8.0 was computed. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. |
-
net6.0
- Microsoft.Identity.Web.MicrosoftGraph (>= 1.25.10)
- Umbraco.Cms.Core (>= 10.0.0)
- Umbraco.Cms.Web.BackOffice (>= 10.0.0)
-
net7.0
- Microsoft.Identity.Web.MicrosoftGraph (>= 1.25.10)
- Umbraco.Cms.Core (>= 11.0.0)
- Umbraco.Cms.Web.BackOffice (>= 11.0.0)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.