Azure AD Identity provider in 7.3 -> how to fully integrate withouth re-creating all accounts & linking them?
Hi,
Let me explain what I'm trying to do.
An organisation has an AD set up in Azure.
What they do not want to do is create the same user (let's say the company's webmaster) that is present in that AD over and over again for every company marketing website.
That webmaster would have a pwd per website, quite a hassle etc. etc.
So, enter the new ASP Identity providers, more specific into the AzureAD Authentication.
Now, what I expected is that when go to the /umbraco url and click "Sign in with Active directory" that, because the link is made between Umbraco & the Azure AD tenant, all users of that tenant could log in, without extra work.
What would we have to do to accomplish that? After successful configuration in the owin class, create a "Sync" method that creates and links those users?
Or maybe an option to auto link all BO users to the AD?
Then you would still have to create the users, but if the login matches the AD user name, the link can be made automatically?
I must admit I'm new to this, so all help in the right direction is welcome!
Would you be able to shine some light on how to setup Azure AD itself to work with this setup. I have tried number of different options and so far I keep on getting login screen.
hello @jimmiymiloseski
i am try to implement Azure AD in umbraco with your code and i got an error in GetUserTypeByName show's like
" 'IUserService' does not contain a definition for 'GetUserTypeByName'
and no accessible extension method 'GetUserTypeByName' accepting
afirst argument of type 'IUserService' could be found (are you missing
a using directive or an assembly reference?)"
var writerUserType = userService.GetUserTypeByName("writer");
Can you please tell me what wrong ?
Thank you.
Azure AD Identity provider in 7.3 -> how to fully integrate withouth re-creating all accounts & linking them?
Hi,
Let me explain what I'm trying to do.
An organisation has an AD set up in Azure.
What they do not want to do is create the same user (let's say the company's webmaster) that is present in that AD over and over again for every company marketing website.
That webmaster would have a pwd per website, quite a hassle etc. etc.
So, enter the new ASP Identity providers, more specific into the AzureAD Authentication.
What I've done is:
Then I've set the UmbracoStandardOwinStartup in the web.config like so:
And there I added this line:
Now, what I expected is that when go to the /umbraco url and click "Sign in with Active directory" that, because the link is made between Umbraco & the Azure AD tenant, all users of that tenant could log in, without extra work.
What would we have to do to accomplish that? After successful configuration in the owin class, create a "Sync" method that creates and links those users?
Or maybe an option to auto link all BO users to the AD? Then you would still have to create the users, but if the login matches the AD user name, the link can be made automatically?
I must admit I'm new to this, so all help in the right direction is welcome!
Many thanks in advance!!
Or maybe it would be a good idea to code a "auto link" to the AD when the user successfully signs in via the "standard" login?
I've managed to figure out a work around for this, its a little hacky but manages to create a user if they exist in active directory
Modify the adOptions to the below in UmbracoADAuthExtensions.cs.
This will use the userService and user manager to create a new user if they dont exist and associate their active directory credentials to it.
Cool, I can see myself needing this same functionality at some point. Thanks for contributing.
Hey Jan,
Great write-up!
Would you be able to shine some light on how to setup Azure AD itself to work with this setup. I have tried number of different options and so far I keep on getting login screen.
My AzureAD manifest - http://puu.sh/n2F5B/0603d05890.json
I have setup my AD user is assigned to my test app.
Thanks!
You should use the
ExternalSignInAutoLinkOptionsto auto-link accounts instead of implementing this logic yourself.Unfortunately this isn't fully documented yet but you can see here:
http://issues.umbraco.org/issue/U4-6753
https://our.umbraco.org/forum/developers/api-questions/73317-auto-create-and-link-backoffice-account
hello @jimmiymiloseski i am try to implement Azure AD in umbraco with your code and i got an error in GetUserTypeByName show's like
var writerUserType = userService.GetUserTypeByName("writer"); Can you please tell me what wrong ? Thank you.
is working on a reply...