Learn how to setup user authentication in Sitecore 9.1+.
The latest versions of Sitecore (9.1+) have added support to modern authentication and authorization standards, federated authentication methodology, and industry standard technologies. The revamped identity structure makes it much easier to extend and customize the authentication experience in Sitecore, especially when it comes to federated authentication or SSO.
This article is going to be an overview of the Sitecore Identity and related techs, and in what ways we can customize it.
SSO: A Single-Sign-On function that authenticates a user using a single set of credentials and allows the user the access multiple applications within an organization by signing in once. E.g., Signing into Bed Bath Beyond gives you access to Buy Buy Baby.
Federated Authentication: SSO + allowing authentication to multiple organizations. E.g., Signing into Microsoft may give you access to Salesforce, Atlassian, etc.
Authentication protocol/standards: There are a few authentication protocols/standards: OpenID Connect, OAuth, and SAML. Federated authentication uses one or more protocols to standardize the authentication communication cycle.
OWIN: OWIN is a standard/specification that allows web apps to be decoupled from web servers. It defines a standard way for middleware to be used in a pipeline to handle requests and associated responses. Microsoft has an implementation of OWIN called Katana (https://github.com/aspnet/AspNetKatana) distributed as NuGet packages (Microsoft.Owin.*).
ASP.NET Identity: The standard authentication and authorization provider in latest ASP.NET versions based on OWIN middleware. In a SSO context, ASP.NET Identity by itself is usually used to receive the security token from other identity providers. https://docs.microsoft.com/en-us/aspnet/identity/overview/getting-started/introduction-to-aspnet-identity
IdentityServer4: An open-source project provides an OpenID Connect and OAuth 2.0 framework for ASP.NET Core. In Sitecore, this library is used as the identity provider and security token issuer and many functionalities and customizations rely on it. https://github.com/IdentityServer/IdentityServer4
Sitecore Identity server: A standalone authentication and authorization application based on IdentityServer4 and .NET Core, introduced since Sitecore 9.0. This server is created as a separate site when installing a new Sitecore (9.0+) instance and used as the identity provider for Sitecore backend login out of the box.
Sitecore Identity: A specific mechanism to log in to Sitecore. It was introduced in Sitecore 9.1. It builds on the Federated Authentication functionality and the Sitecore Identity server.
We should be able to form a general understanding of how authentication technologies are tied up together in Sitecore Identity.
However, understanding the above is just the beginning, there are numerous ways of customization and extension that can make the Federated authentication experience much more streamlined for an organization. The goal is to make our Sitecore implementation a part of the overall organization structure so that editors and visitors alike can login to Sitecore (frontend or backend) in a consistent way.
Here are a few scenarios:
This article is just an overview of the Sitecore Identity and technologies involved and will be the start of a series of blogs that detail each customization and integration technique and provide examples on the things we find important but not elaborated or organized in Sitecore documentation.
Sign up to receive our latest insights right in your inbox.