Sitecore External User builder for Azure Active Directory Integration

Issue:

When we integrate any external identity provider, the default user domain is always Sitecore. We will need to differentiate external users from the Sitecore based user logins in User manager.

Solution:

We could achieve this with a simple custom user builder. We need to ensure the default functionality is extended. The implementation is similar to default user builder with some customization. The default builder will create a unique name with hash of max length 10 and default all users to Sitecore domain. In this implementation, I am using email which is the default user name in Azure ad.

Comment the External user builder in the config file located on CM instance (App_Config\Include\IdentityProvider)

Sitecore.Owin.Authentication.Services.DefaultExternalUserBuilder and add the custom user builder like the following

Full config in available here https://bala.one/sitecore-10-identity-server-azure-ad/

Ensure the domain is added to the Sitecore Domain manager.

Ensure the domain name matches the code

Result

The implementation gets the domain name set as ad and also the fully qualified name prefixed with ad.

Ref:

For Sitecore Azure AD integration. Please follow Derek posts that explains in detail.

https://sitecore.derekc.net/tag/sitecore-identity/