Configure Azure AD B2B

Azure Active Directory (Azure AD) business-to-business (B2B) allows you to share resources and collaborate with companies outside of your organization without having to manage the user identities of those external users.

For more information, see What is Azure AD B2B collaboration?

To configure Azure AD B2B, you must configure the OpenIDConnect provider in Sitefinity CMS advanced settings.
Perform the following:

1. In Sitefinity CMS backend, navigate to Administration » Settings » Advanced.
   
2. In the left pane, expand Authentication » SecurityTokenService » AuthenticationProviders and click OpenIDConnect.
   
3. Fill out the following:
   • In Client ID, enter the unique GUID which is the Application ID in Azure.
     
   • In Response type, enter id_token
     
   • In Allowed scopes, enter openid profile rememberMe email
     
   • In Authority, enter
     https://login.microsoftonline.com/<your Azure domain name>.onmicrosoft.com/
   • In redirectUri, enter
     http://<your Sitefinity domain>/Sitefinity/Authenticate/OpenID/signin-custom

     NOTE: The redirectUri you enter must match the reply URL you configured in the Azure application's Settings » Reply URLs section. If there are more than one URLs, the redirectUri must match the first reply URL in the list.

   • In Post logout redirect URI, enter http://<your Sitefinity domain>
     
   • Select the Enabled checkbox .
     
   • In Title, enter the text that will be displayed on the login button.
     
   • In Auto-assigned roles, enter the roles that the user will automatically acquire after the first login.
     For more information about using auto-assigned roles together with user groups, see Use external authentication providers with user groups.
     For example, enter Administrators
   • Select Require email claim from this provider checkbox.
4. Save your changes.