How to avoid nonsensical usernames when Integrating Sitecore 9.1 with Active Directory


As we now know Sitecore 9.1 uses Identity Server to handle logins instead of the old methods. Identity is run as a separate app and replaces traditional Sitecore login process. When you install a new instance of Sitecore 9.1 and name it ‘sc910’ for example you’ll see these three folders in your wwwroot:

 

How to avoid nonsensical usernames when Integrating Sitecore 9.1 with Active Directory

 

If you are thinking you want to integrate Sitecore Identity Server with Azure Directory, I would recommend first going through Sitecore’s documentation on Sitecore Identity to start with. You can find it here: https://doc.sitecore.com/developers/91/sitecore-experience-manager/en/using-federated-authentication-with-sitecore.html

There are also excellent blog posts out there that you might find very helpful as you go through the integration process. For example, this one is very detailed and super informative: https://sitecore.derekc.net/tag/sitecore-identity/

I’ve recently discovered that there’s one piece in this puzzle that I wish somebody warned me about. When you’ve integrated with AD and your first user signs into a common Sitecore instance at your organization new user is created for them in Sitecore. The login process goes without a hitch and everything works! Exciting! This user locks an item and starts content work. More people join them and work is now in full swing. Some time goes by and then you get a message from your content editor that says “What can be done to help me understand who has a Sitecore item locked? I can see the username but it makes no sense. It’s a bunch of random characters and numbers. I figured I could copy it, go to user manager, search for that username and go from there but it’s so inconvenient!” You login, look at the usernames in User Manager and sure enough they look like this:

 

How to avoid nonsensical usernames when Integrating Sitecore 9.1 with Active Directory

 

You are thinking “great! Sitecore is not going to let me rename those unless I directly change them in the database.” And it just doesn’t feel right. Is there a better alternative? There is! You can write code to create usernames that contain either first and last name or user’s email or any combination of the above. Whatever makes sense. Now let’s see what’s needed to make it happen. 

First, we need code. Create your own public class and inherit from DefaultExternalUserBuilder in Sitecore.Owin.Authentication.Services namespace.

 

public class CreateUniqueUser : DefaultExternalUserBuilder

    {

        public CreateUniqueUser(string isPersistentUser) : base(bool.Parse(isPersistentUser)) { }

 

        [SuppressMessage("Microsoft.Naming", "CA1726:UsePreferredTerms", MessageId = "Login")]

        protected override string CreateUniqueUserName(UserManager userManager,  ExternalLoginInfo externalLoginInfo)

        {

            Assert.ArgumentNotNull((object)userManager, nameof(userManager));

            Assert.ArgumentNotNull((object)externalLoginInfo, nameof(externalLoginInfo));

            IdentityProvider = this.FederatedAuthenticationConfiguration.GetIdentityProvider(externalLoginInfo.ExternalIdentity);

            if (identityProvider == null)

            {

                Log.Error("Error in CreateUniqueUserName: identityProvider is null", this);

                throw new InvalidOperationException("Unable to retrieve identity provider for given identity");

            }           

               

            string domain = identityProvider.Domain;

            var emailClaim = externalLoginInfo.ExternalIdentity.Claims.FirstOrDefault(x => x.Type == "email");

 

            if(emailClaim != null)

                return domain + "\\" + emailClaim.Value;

           

            return domain + "\\" + "noname";

        }

    }

}

 

I have tried getting email addresses with externalLoginInfo.Email but it was blank. Not sure where things went wrong but there’s a different way to get to it. We need to dig into claims. Look at the second line of code from the bottom – “domain + “\\” + emailClaim.Value”. That’s what will allows us to use email address as the username.

Next we are going to need a config patch. Let’s pretend you added the class above to a Helix module somewhere in your MySite.Foundation.Extensions. This is what your patch might look like. We need to make sure our mapEntry name is ‘all sites’ and not any other.

 

<sitecore>

       <federatedAuthentication>

            <identityProvidersPerSites>

                <mapEntry name="all sites" type="Sitecore.Owin.Authentication.Collections.IdentityProvidersPerSitesMapEntry, Sitecore.Owin.Authentication">

                    <sites hint="list">

                        <site>regexp:.*site>

                    sites>

                    <externalUserBuilder type=" MySite.Foundation.Extensions.Pipeline.CreateUniqueUser, MySite.Foundation.Extensions">

                        <param desc="isPersistentUser">trueparam>

                    externalUserBuilder>

                mapEntry>

            identityProvidersPerSites>

        federatedAuthentication>

sitecore>

 

With these two pieces in place when a new user logs in they’ll get a nice looking username that’s the same as their email. What about existing usernames you might ask? Well, we can easily remove those users and no harm done. Next time they sign in – they are treated as brand new logins and a properly formatted username gets created for them.

 

SEARCH ARTICLES

CATEGORIES

Sitecore 144
Commerce 100
Web Development 100
Sitecore Commerce 83
Sitecore Experience Commerce 9 64
Sitecore Experience Commerce 59
Content Management 55
eCommerce 48
B2B eCommerce 42
Sitecore Experience Platform 39
Sitecore Platinum Partner 39
Architecture 34
Insite 29
User Experience 26
Strategy 22
B2C eCommerce 21
B2B Commerce Blogs 21
commerceconnect 21
CloudCraze 20
SaaS (Software as a Service) 20
Cloud 17
Commerce Server 17
Salesforce B2B Commerce Cloud 16
Mobile 13
Search 13
Plugins 12
Analytics 12
Application Development 12
Digital Transformation 11
Sitecore Symposium 11
SPEAK 10
Helix 10
DMS 8
Social 8
Business Process 7
Authentication 7
5 Reasons 7
BI and Big Data 6
Data Visualization 6
Sitecore Presentation 6
Coveo 6
NET Development 5
Microsoft Azure 5
Automation 5
Front-End Development 4
SaaS (Software as a Service) 4
Digital Strategy 4
Brightcove 4
Press Release 4
Avalara Tax 3
Sitecore Experience Accelerator (SXA) 3
Sitecore Layouts 3
Video 3
SPE 3
Multi-site 3
Multi-lingual 3
Accessibility 3
Habitat 3
Vault 3
Identity 2
Managed Services 2
CDN 2
SMB 2
Cryptocurrency 2
Sitecore Forms 2
Sitecore Experience Commerce 9 Promotions 2
Uncategorized 2
EXM 2
Conversational Commerce 2
Sitecore SaaS 2
Security 2
Unit Testing 2
Headless Architecture 2
Sitecore Experience Awards 2
Google 1
Content Delivery Network 1
Configure Price Quote 1
CPQ 1
Blockchain 1
Coupons 1
Sitecore Rss 1
Artificial Intelligence 1
Machine Learning 1
Okta 1
RFP Process 1
NoSQL 1
Flex Accelerator for Sitecore 1
Reviews 1
SEO 1
Page Labels 1