However, when I go to /umbraco/ I see a button to login in with my AD credentials, but I can also still log in using the default login provider:
It also seems that before you can login with the AD credentials you have to link it to your 'normal login'
My question is how do I configure umbraco so it uses ONLY Azure Active Directory, in addition is there a way to avoid the user having to have a 'normal' account before they can login to the back office with there AD credentials?
We did a similar thing, so the user has to login once - and as soon as he is registered with AD, we reset the password for Umbraco so he can only use AD going forward.
Not the best solution, but it works.
Rather belatedly - you need to hook up the Auto-Linking features on the Identity provider - this is referenced at the end of Shannon's guide without any further details.
I wrote up my experiences with Azure AD and auto linking on my blog here:
To fully remove the ability to log in with a username and password, you'll need to remove those fields from the login page - I recommend a simple plugin that replaces the login control with one with just the External Providers controls so that you still have a simple upgrade path. Do note though that if your users have already created accounts with their email addresses, you'll need to get them to link their accounts before you remove the login form, as the auto-linker will complain that there is already an account for that email address.
Configuring Azure Active Directory login with Umbraco
I have sucessfully configured umbraco to use Azure Active Directory, following this guide:
https://shazwazza.com/post/configuring-azure-active-directory-login-with-umbraco/
However, when I go to /umbraco/ I see a button to login in with my AD credentials, but I can also still log in using the default login provider:
It also seems that before you can login with the AD credentials you have to link it to your 'normal login'
My question is how do I configure umbraco so it uses ONLY Azure Active Directory, in addition is there a way to avoid the user having to have a 'normal' account before they can login to the back office with there AD credentials?
We did a similar thing, so the user has to login once - and as soon as he is registered with AD, we reset the password for Umbraco so he can only use AD going forward. Not the best solution, but it works.
Rather belatedly - you need to hook up the Auto-Linking features on the Identity provider - this is referenced at the end of Shannon's guide without any further details.
I wrote up my experiences with Azure AD and auto linking on my blog here:
https://doodle.uk/blogs/2019/06/21/setting-up-umbraco-azure-ad-authentication
To fully remove the ability to log in with a username and password, you'll need to remove those fields from the login page - I recommend a simple plugin that replaces the login control with one with just the External Providers controls so that you still have a simple upgrade path. Do note though that if your users have already created accounts with their email addresses, you'll need to get them to link their accounts before you remove the login form, as the auto-linker will complain that there is already an account for that email address.
Hi All,
I have followed the same steps as per https://shazwazza.com/post/configuring-azure-active-directory-login-with-umbraco/, once AD authenticate success, getting below error.
Any suggestions/inputs how to resolve Sequence contains more than one element exception ?
Thanks, Gurumurthy J V
Once a user is logged in using the AAD plugin, how does the user log out of Umbraco? It seems that there is no "log out" controls to do so.
is working on a reply...