Sitecore Federated Authentication – Part 3 – Sitecore User and Claims Identity

If you have followed my previous post, I hope you should now be able to login to Sitecore using External Identity Provider. In this post, we will see more about Claims Identity and store required values in Sitecore User Profile also we’ll create a user with the user’s email address instead of the hash code.

Claims Identity

Claims-based identity is a common way for applications to acquire the identity information they need about users inside their organization, in other organizations, and on the Internet.

Both Google and Facebook provide different claim identity name and value. So in order to bind properly, we have to update the configuration as below. You should explore Facebook Graph API from Facebook and OAuth 2.0 Playground from Google in order to get more information about the user.

In order to store the Full Name value of a user in Sitecore, I was trying to add claim directly to a Full Name Property in Sitecore User Profile for a user in Property Initializer Mapping. But each time I try to add it always store sitecore\APTixbqulVz0qp5xEbNrkA in the Full Name instead storing Nikki Punjabi as a name, which I was getting from both the identity providers as a claim value.


Added a new claim by copying the value of name from the external identity provider into FullName claim and then in Property Initializer copy the value of FullName claim to Sitecore User Property FullName.

Update Property Initializer Mapping:

So now, we have added email, name and comment claim. Email Claim will add the email address in the Email Address Property of Sitecore User, similarly, Name Claim will go in Full Name and Comment Claim in the Comment Property. Note: Here we haven’t provided the value in the target property so it will set whatever value we get in the Claim Name from the respective Identity Provider.

In Facebook Identity Provider, I was not getting the email and name properly, in order to get that we have to set the Field and Scope in the FacebookAuthentication.cs.

Now if you try to login with external Identity Provider, you’ll get all the required information in User Profile.

That’s great!

Create Sitecore User with Email Address

It looks fine with the above information getting stored in Sitecore User Profile. One can easily understand that from where the user is authenticated and logged in to the system. Still, if you would like to go with Username that you can override CreateUniqueUserName method.

Once you have added the above class we need to update the config file.

Update <externalUserBuilder> as below for Facebook and Google in mapEntry:

Now, when you test facebook or google login, you’ll see the actual user is getting created with sitecore\user-email-id instead of hash code.

In this case, I faced an issue with the same email address. I am having the same email address for Facebook and Google, therefore after signing in once with Facebook and then with Google, I get the above error. So the quickest solution I found was to create a separate domain for Facebook and Google and update domain with facebook and google respectively in the <identityProvider> configuration.

There could be another solution to this. This series was done as a part of exploring the topic. If you have any other approach, please feel free to share in the comments below.

Mapping property in Sitecore 9 federated authentication

Happy Authenticating! 🙂


Leave a Reply

Your email address will not be published. Required fields are marked *