Sitecore Identity Claims Mapping Gotchas
Sitecore introduced Identity server in Sitecore 9.1 version to manage authentication and authorization. It allows you to use Federated Authentication to integrate with external identity providers like Azure AD, ADFS and OKTA. I previously worked on integrating Sitecore with ADFS and more recently with OKTA for providing a SSO experience across all the corporate apps. The process for setting up Federated Authentication with an external identity provider is well documented . However, there are a couple of things that were not in the documentation that caught me off guard and broke my OKTA -> Sitecore claims mapping recently. In this article, I am going to share how to avoid those pitfalls. To give you some context, I am mapping OKTA group membership to Sitecore roles as suggested in this Sitecore documentation . I have setup OKTA to pass groups claims to the identity server and mapping individual groups to Sitecore roles. For admins I am mapping the admin group claim to the Sitecore&#