Skip to main content


Sitecore Identity Configuration with Azure Front Door

Woman Using Facial Recognition Technology To Access Her Tablet Computer

Use Case

I want all requests to my Azure PaaS Sitecore 10.3 + Identity 7.x site to use Azure Front Door. I do not want to configuring custom domains on my web apps and the web apps should be secured with private endpoints.


By default, Sitecore Identity uses the host, protocol, and port from the HTTP request when creating links. This means these values would come from the request Front Door makes to the Identity web app on the default Azure domain and login flow for CM + Identity would not work. In the past, this was solved by: adding custom domains to web apps or adding a custom plugin or overriding request headers or foregoing the use of a reverse proxy and allowing direct access to CM/Identity (gasp!)


Assuming Front Door has been configured with endpoints and routes for your CM and Identity and all other required configuration has been done (setting client secrets, AllowedCorsOrigins, etc.), you can update the PublicOrigin property to override the origin used for link generation:

  • Go to sitecore/Sitecore.Plugin.IdentityServer/Config/identityServer.xml
  • Enable the <PublicOrigin> node
  • Set the value to your Front Door Identity domain

This will ensure the Identity custom domain from Front Door is used for link generation. This also allows the full login flow to complete with all requests going through Front Door and without introducing a security risk.


I hope you find this article helpful. Follow me on LinkedIn for future posts.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Luke Pace

Luke is a Lead Technical Consultant who started his Sitecore career as a certified back-end developer but has transitioned to DevOps for the last 6 years.

More from this Author

Follow Us