From dd59fdf095cfabdcd403d4f7df42414ea1cca321 Mon Sep 17 00:00:00 2001 From: Muslim Al Ali Date: Wed, 26 Mar 2025 09:40:31 +0100 Subject: [PATCH 1/3] Update external-login-providers.md --- umbraco-cloud/set-up/external-login-providers.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/umbraco-cloud/set-up/external-login-providers.md b/umbraco-cloud/set-up/external-login-providers.md index 8f0d4fde10a..4b956735fe8 100644 --- a/umbraco-cloud/set-up/external-login-providers.md +++ b/umbraco-cloud/set-up/external-login-providers.md @@ -180,7 +180,7 @@ The **alias** must be unique across different login providers in the same enviro Learn about what type of data and information you need for each field in the configuration form. -
FieldDescriptionFormatting
AliasA unique alias for the provider.

Use only lower-case.

Spaces are not allowed.

Client IdA unique Client ID generated in the external login provider.Entra ID: Guid
Auth0: Random characters
Google: {randomchars}.apps.googleusercontent.com
Client SecretA secret that is generated in the External Login Provider and is associated with the Client Id.
AuthorityThe URL for the External Login Provider. This can be found in the External Login Provider.Entra ID: https://login.microsoftonline.com/<Directory (tenant)>
Auth0: https://{accountId}.uk.auth0.com
Google: https://accounts.google.com
ScopesThese are OpenID-Connect scopes. These are the minimum requirement and will allow the app to authenticate and get the users profile data, email and name.Default values: openid, profile and email.
Auth TypeCurrently only OpenIDConnect is available.Default: OpenIdConnect
Default User GroupChoose which Umbraco User Group the user should be assigned to if nothing else is defined.
Custom User Group added to the backoffice will also be available.		Default Options:
Administrators
Writers
Editors
Translators
Sensitive Data
Enforce User Group on loginA checkbox to choose whether each login will re-evaluate the users role or if it should happen only on the first login.N/A
User Group MappingsUse this field to map roles within the login provider with Umbrac User Groups.

Example: A user with the "Content Editor" role in the login provider, will be added to the Writer User Group in Umbraco.		Login Provider Role = Umbraco User Group
No User Group Found BehaviourThis decides what happens if the mapping for the users User Group hasn't been defined. The options are to select the Default User Group or to disallow the user access to the backoffice.Options: UseDefaultUserGroup, Unauthorized
User Group Claim NameThe User Group Claim Name is used by the Cloud project when identifying the users role on the login provider.
+
FieldDescriptionFormatting
AliasA unique alias for the provider.

Use only lower-case.

Spaces are not allowed.

Client IdA unique Client ID generated in the external login provider.Entra ID: Guid
Auth0: Random characters
Google: {randomchars}.apps.googleusercontent.com
Client SecretA secret that is generated in the External Login Provider and is associated with the Client Id.
AuthorityThe URL for the External Login Provider. This can be found in the External Login Provider.Entra ID: https://login.microsoftonline.com/<Directory (tenant)>
Auth0: https://{accountId}.uk.auth0.com
Google: https://accounts.google.com
ScopesThese are OpenID-Connect scopes. These are the minimum requirement and will allow the app to authenticate and get the users profile data, email and name.Default values: openid, profile and email.
Auth TypeCurrently only OpenIDConnect is available.Default: OpenIdConnect
Default User GroupChoose which Umbraco User Group the user should be assigned to if nothing else is defined.
Custom User Group added to the backoffice will also be available.		Default Options:
Administrators
Writers
Editors
Translators
Sensitive Data
Enforce User Group on loginA checkbox to choose whether each login will re-evaluate the users role or if it should happen only on the first login.N/A
User Group MappingsUse this field to map roles within the login provider with Umbrac User Groups.

Example: A user with the "Content Editor" role in the login provider, will be added to the Writer User Group in Umbraco.		Login Provider Role = Umbraco User Group
No User Group Found BehaviourThis decides what happens if the mapping for the users User Group hasn't been defined. The options are to select the Default User Group or to disallow the user access to the backoffice.Options: UseDefaultUserGroup, Unauthorized
User Group Claim NameYour provider may assign users to specific roles (e.g., Admin, Editor, Viewer).

The User Group Claim Name is the field in the authentication token (claim) that identifies these roles. Our system reads this claim to determine a user’s permissions.

Example: If your provider sends roles in a claim named "user_roles", you would set the User Group Claim Name to "user_roles" so our system can properly recognize user permissions.
### Configuration scenarios From d92c459fcc26a4d190a3534a2d1965f95225d4d8 Mon Sep 17 00:00:00 2001 From: Esha Noronha <82437098+eshanrnh@users.noreply.github.com> Date: Thu, 27 Mar 2025 09:31:48 +0100 Subject: [PATCH 2/3] Update umbraco-cloud/set-up/external-login-providers.md --- umbraco-cloud/set-up/external-login-providers.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/umbraco-cloud/set-up/external-login-providers.md b/umbraco-cloud/set-up/external-login-providers.md index 4b956735fe8..9afa978db62 100644 --- a/umbraco-cloud/set-up/external-login-providers.md +++ b/umbraco-cloud/set-up/external-login-providers.md @@ -180,7 +180,7 @@ The **alias** must be unique across different login providers in the same enviro Learn about what type of data and information you need for each field in the configuration form. -
FieldDescriptionFormatting
AliasA unique alias for the provider.

Use only lower-case.

Spaces are not allowed.

Client IdA unique Client ID generated in the external login provider.Entra ID: Guid
Auth0: Random characters
Google: {randomchars}.apps.googleusercontent.com
Client SecretA secret that is generated in the External Login Provider and is associated with the Client Id.
AuthorityThe URL for the External Login Provider. This can be found in the External Login Provider.Entra ID: https://login.microsoftonline.com/<Directory (tenant)>
Auth0: https://{accountId}.uk.auth0.com
Google: https://accounts.google.com
ScopesThese are OpenID-Connect scopes. These are the minimum requirement and will allow the app to authenticate and get the users profile data, email and name.Default values: openid, profile and email.
Auth TypeCurrently only OpenIDConnect is available.Default: OpenIdConnect
Default User GroupChoose which Umbraco User Group the user should be assigned to if nothing else is defined.
Custom User Group added to the backoffice will also be available.		Default Options:
Administrators
Writers
Editors
Translators
Sensitive Data
Enforce User Group on loginA checkbox to choose whether each login will re-evaluate the users role or if it should happen only on the first login.N/A
User Group MappingsUse this field to map roles within the login provider with Umbrac User Groups.

Example: A user with the "Content Editor" role in the login provider, will be added to the Writer User Group in Umbraco.		Login Provider Role = Umbraco User Group
No User Group Found BehaviourThis decides what happens if the mapping for the users User Group hasn't been defined. The options are to select the Default User Group or to disallow the user access to the backoffice.Options: UseDefaultUserGroup, Unauthorized
User Group Claim NameYour provider may assign users to specific roles (e.g., Admin, Editor, Viewer).

The User Group Claim Name is the field in the authentication token (claim) that identifies these roles. Our system reads this claim to determine a user’s permissions.

Example: If your provider sends roles in a claim named "user_roles", you would set the User Group Claim Name to "user_roles" so our system can properly recognize user permissions.
+
FieldDescriptionFormatting
AliasA unique alias for the provider.

Use only lower-case.

Spaces are not allowed.

Client IdA unique Client ID generated in the external login provider.Entra ID: Guid
Auth0: Random characters
Google: {randomchars}.apps.googleusercontent.com
Client SecretA secret that is generated in the External Login Provider and is associated with the Client Id.
AuthorityThe URL for the External Login Provider. This can be found in the External Login Provider.Entra ID: https://login.microsoftonline.com/<Directory (tenant)>
Auth0: https://{accountId}.uk.auth0.com
Google: https://accounts.google.com
ScopesThese are OpenID-Connect scopes. These are the minimum requirement and will allow the app to authenticate and get the users profile data, email and name.Default values: openid, profile and email.
Auth TypeCurrently only OpenIDConnect is available.Default: OpenIdConnect
Default User GroupChoose which Umbraco User Group the user should be assigned to if nothing else is defined.
Custom User Group added to the backoffice will also be available.		Default Options:
Administrators
Writers
Editors
Translators
Sensitive Data
Enforce User Group on loginA checkbox to choose whether each login will re-evaluate the users role or if it should happen only on the first login.N/A
User Group MappingsUse this field to map roles within the login provider with Umbrac User Groups.

Example: A user with the "Content Editor" role in the login provider, will be added to the Writer User Group in Umbraco.		Login Provider Role = Umbraco User Group
No User Group Found BehaviourThis decides what happens if the mapping for the users User Group hasn't been defined. The options are to select the Default User Group or to disallow the user access to the backoffice.Options: UseDefaultUserGroup, Unauthorized
User Group Claim NameYour provider may assign users to specific roles (For example: Admin, Editor, Viewer).

The **User Group Claim Name** is the field in the authentication token (claim) that identifies these roles. The system reads this claim to determine a user’s permissions.

Example: If your provider sends roles in a claim named `user_roles`, you would set the **User Group Claim Name** to `user_roles` so the system can properly recognize user permissions.
### Configuration scenarios From f6b4320a04e5d135d830ef55fca63a82b844d7eb Mon Sep 17 00:00:00 2001 From: Esha Noronha <82437098+eshanrnh@users.noreply.github.com> Date: Thu, 27 Mar 2025 09:35:16 +0100 Subject: [PATCH 3/3] Update umbraco-cloud/set-up/external-login-providers.md --- umbraco-cloud/set-up/external-login-providers.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/umbraco-cloud/set-up/external-login-providers.md b/umbraco-cloud/set-up/external-login-providers.md index 9afa978db62..29e4dcf8062 100644 --- a/umbraco-cloud/set-up/external-login-providers.md +++ b/umbraco-cloud/set-up/external-login-providers.md @@ -180,7 +180,7 @@ The **alias** must be unique across different login providers in the same enviro Learn about what type of data and information you need for each field in the configuration form. -
FieldDescriptionFormatting
AliasA unique alias for the provider.

Use only lower-case.

Spaces are not allowed.

Client IdA unique Client ID generated in the external login provider.Entra ID: Guid
Auth0: Random characters
Google: {randomchars}.apps.googleusercontent.com
Client SecretA secret that is generated in the External Login Provider and is associated with the Client Id.
AuthorityThe URL for the External Login Provider. This can be found in the External Login Provider.Entra ID: https://login.microsoftonline.com/<Directory (tenant)>
Auth0: https://{accountId}.uk.auth0.com
Google: https://accounts.google.com
ScopesThese are OpenID-Connect scopes. These are the minimum requirement and will allow the app to authenticate and get the users profile data, email and name.Default values: openid, profile and email.
Auth TypeCurrently only OpenIDConnect is available.Default: OpenIdConnect
Default User GroupChoose which Umbraco User Group the user should be assigned to if nothing else is defined.
Custom User Group added to the backoffice will also be available.		Default Options:
Administrators
Writers
Editors
Translators
Sensitive Data
Enforce User Group on loginA checkbox to choose whether each login will re-evaluate the users role or if it should happen only on the first login.N/A
User Group MappingsUse this field to map roles within the login provider with Umbrac User Groups.

Example: A user with the "Content Editor" role in the login provider, will be added to the Writer User Group in Umbraco.		Login Provider Role = Umbraco User Group
No User Group Found BehaviourThis decides what happens if the mapping for the users User Group hasn't been defined. The options are to select the Default User Group or to disallow the user access to the backoffice.Options: UseDefaultUserGroup, Unauthorized
User Group Claim NameYour provider may assign users to specific roles (For example: Admin, Editor, Viewer).

The **User Group Claim Name** is the field in the authentication token (claim) that identifies these roles. The system reads this claim to determine a user’s permissions.

Example: If your provider sends roles in a claim named `user_roles`, you would set the **User Group Claim Name** to `user_roles` so the system can properly recognize user permissions.
+
FieldDescriptionFormatting
AliasA unique alias for the provider.

Use only lower-case.

Spaces are not allowed.

Client IdA unique Client ID generated in the external login provider.Entra ID: Guid
Auth0: Random characters
Google: {randomchars}.apps.googleusercontent.com
Client SecretA secret that is generated in the External Login Provider and is associated with the Client Id.
AuthorityThe URL for the External Login Provider. This can be found in the External Login Provider.Entra ID: https://login.microsoftonline.com/<Directory (tenant)>
Auth0: https://{accountId}.uk.auth0.com
Google: https://accounts.google.com
ScopesThese are OpenID-Connect scopes. These are the minimum requirement and will allow the app to authenticate and get the users profile data, email and name.Default values: openid, profile and email.
Auth TypeCurrently only OpenIDConnect is available.Default: OpenIdConnect
Default User GroupChoose which Umbraco User Group the user should be assigned to if nothing else is defined.
Custom User Group added to the backoffice will also be available.		Default Options:
Administrators
Writers
Editors
Translators
Sensitive Data
Enforce User Group on loginA checkbox to choose whether each login will re-evaluate the users role or if it should happen only on the first login.N/A
User Group MappingsUse this field to map roles within the login provider with Umbrac User Groups.

Example: A user with the "Content Editor" role in the login provider, will be added to the Writer User Group in Umbraco.		Login Provider Role = Umbraco User Group
No User Group Found BehaviourThis decides what happens if the mapping for the users User Group hasn't been defined. The options are to select the Default User Group or to disallow the user access to the backoffice.Options: UseDefaultUserGroup, Unauthorized
User Group Claim NameYour provider may assign users to specific roles (For example: Admin, Editor, Viewer).

The
User Group Claim Name
is the field in the authentication token (claim) that identifies these roles. The system reads this claim to determine a user’s permissions.

Example: If your provider sends roles in a claim named user_roles, you would set the
User Group Claim Name
to user_roles so the system can properly recognize user permissions.
### Configuration scenarios