hi,
I have setup back office with Azure Active Directory. In AD, I have two user groups
- Content Designer (to be mapped to Administrator in Umbraco)
- Content Author (to be mapped to Writter in Umbraco)
Users are added to these two groups in active directory respectively and I am getting correct values in Claims for logged in user
So in in Extension Class, I have code to auto link user with Umbraco
ExternalSignInAutoLinkOptions externalSignInAutoLink = new ExternalSignInAutoLinkOptions(
autoLinkExternalAccount: true,
defaultUserGroups: new[] { groupname },
defaultCulture: "en-US");
externalSignInAutoLink.OnAutoLinking = (BackOfficeIdentityUser user, ExternalLoginInfo info) =>
{
var extClaim = info.Email;// loginInfo.ExternalIdentity.FindFirst("emailaddress");
user.Claims.Add(new Umbraco.Core.Models.Identity.IdentityUserClaim<int>
{
ClaimType = ClaimTypes.Email,
ClaimValue = extClaim
});
extClaim = info.DefaultUserName;
user.Claims.Add(new Umbraco.Core.Models.Identity.IdentityUserClaim<int>
{
ClaimType = ClaimTypes.Name,
ClaimValue = extClaim
});
};
BackOfficeExternalLoginProviderOptions backofficeLogin = new BackOfficeExternalLoginProviderOptions();
backofficeLogin.AutoLinkOptions = externalSignInAutoLink;
backofficeLogin.DenyLocalLogin = true;
backofficeLogin.AutoRedirectLoginToExternalProvider = true;
adOptions.SetBackOfficeExternalLoginProviderOptions(backofficeLogin);
But I have problem with passing groupname (either Administrator or Editor based on logined user’s group) to autolink dynamically during login. Because code getting setup at start up and then autolink is getting called afterwards.
Also, Is there any way to resync profile after changed in the group in AD ? Currently sync works only for the first time.
Please guide me on how to achieve this.
This is a companion discussion topic for the original entry at https://our.umbraco.com/forum/105972-adding-backoffice-user-to-group-dynamically