Tuesday, 31 March 2026

How to Set Up Single Sign-On (SSO) in SitecoreAI (XM Cloud)

March 31, 2026 0

 



In this blog, I'll explain how you can set up Single Sign-On (SSO) in Sitecore AI (XM Cloud). SSO simplifies login management, allowing teams to access the Sitecore Cloud Portal and its applications using their existing identity providers. Sitecore Cloud Portal supports identity providers that use either OpenID Connect (OIDC) or Security Assertion Markup Language (SAML) protocol.

We had a requirement to implement SSO using Microsoft Entra ID. Here I'll explain the step-by-step process to implement that.

Prerequisites

Before starting the configuration, please ensure you have the following access:

  • Azure AD Permissions: The ability to register Sitecore Cloud Portal as an application in Azure AD.
  • Sitecore Cloud Portal Administrative Access: You must hold an Organization Admin or Organization Owner role in Sitecore Cloud Portal.
  • Domain Configuration Access: Permission to create a TXT record with your domain host provider.

Set Up Azure Entra ID

  1. Log in to the Azure Portal.



  2. Go to Microsoft Entra ID → Manage → App registrations.



  3. Click on the New Registration button.
  4. Provide the necessary details:
    • Name – A unique name for your application.
    • Supported account types – Choose based on your requirement:
      • Single tenant only – Use this if your application is meant for users within your organization only.
      • Multi Entra ID tenant – Choose this to allow users from other organizations (e.g., partners) to log in using their credentials.
      • Any Entra ID Tenant + Personal Microsoft accounts – Select this to support both organizational users and personal Microsoft accounts.
      • Personal accounts only – Choose this if the application is intended solely for individual users with personal Microsoft accounts.
    • Redirect URI – Under Redirect URI, select Web and enter https://auth.sitecorecloud.io/login/callback in the URL text box. The redirect URI is the endpoint to which the user is sent by the authorization server after completing its interaction, and to which an access token or authorization code is sent upon successful authorization.




  5. Copy the Application (Client) ID from the newly created app page — you will need it when creating the SSO connection in Sitecore XM Cloud.



  6. Go to the Authentication tab → Settings and check the ID tokens checkbox.



Configure SSO in Sitecore Cloud Portal

  1. Log in to Sitecore Cloud Portal.
  2. Navigate to the SSO Settings:
    • Click on Admin from the top menu.
    • Click Single Sign-On (SSO) from the left navigation, then click Add SSO connection.
    • In the drop-down menu, select OpenID Connect.



  3. In the Add SSO connection dialog, fill in the required details:
    • Email Domain: Enter the email domain(s) associated with this SSO connection (e.g., lng-consultancy.com). You can add up to 50 email domains for a single connection. Only team members with email addresses matching the domains specified here will be able to log in via SSO. Make sure the domains you add are valid and owned by your organization.
    • Connection Type: Choose either Front Channel or Back Channel based on your identity provider's documentation.
    • Discovery URL: Enter the discovery document URL for your Azure Entra ID tenant. Use the Tenant ID copied during the Azure setup. For example: https://login.microsoftonline.com/{yourTenantID}/v2.0/.well-known/openid-configuration
    • Scopes: Include openid, profile, and email. Optionally, add scopes for claims like name, given_name, family_name, and nickname.
    • Client ID: Use the Client ID copied during the Azure Entra ID setup.
    • Client Secret: If using Back Channel (Authorization Code flow), enter the client secret generated in Azure Entra ID.
    • Callback URL: This is the redirect URI provided during app registration (https://auth.sitecorecloud.io/login/callback).



  4. Verifying Your Domain : After saving, a TXT record will be generated. Copy the TXT record and add it to your domain's DNS records. Without domain verification, users will not be able to log in using SSO.
    Example: If your organization owns lng-consultancy.com and lngconsultancy.co.in, you can add both domains in the Email Domain field to allow employees with either domain to log in using their Azure AD credentials.



Enabling the SSO Connection

After verifying the domain and optionally testing your SSO connection, you can enable it.

  1. Navigate to the Sitecore Cloud Portal SSO page.
  2. Locate the SSO connection you want to enable and click Enable.
  3. Once enabled, team members with email addresses matching the SSO connection domain can log in using their identity provider.
I hope this helps you set up SSO in the Sitecore Cloud Portal (XM Cloud). Feel free to drop a comment if you have any questions!

References

Tags # Azure AD # Azure App Registration # DXP Continue Reading
By at No comments:
Labels: , , , , , , , , , , , , , ,

Friday, 27 February 2026

Sitecore CDP: From Events to Decisions – An Architect’s Practical Guide

February 27, 2026 0

 


What I’ve Learned Designing CDP the Right Way

When teams implement Sitecore CDP, the focus usually goes to personalization use cases, dashboards, and decision models. But in real projects, I’ve seen something different. If your event model and identity strategy are weak, nothing else works properly. Personalization behaves inconsistently. Reports don’t add up. Profiles get duplicated. Consent becomes messy.

So in this post, I want to walk through what actually matters when designing Sitecore CDP — based on what I’ve seen in real implementations.


1. Event Taxonomy Design for Sitecore CDP

Your event taxonomy is your foundation.

If you don’t define it early and clearly, every team will send data differently — and you’ll spend months fixing it later.

Start With Business Intent, Not Pages

A common mistake is modeling events around pages:

  • home_page_click
  • product_page_click
  • checkout_page_click

This ties your data to the UI.

Instead, model around user intent:

  • product_viewed
  • product_added_to_cart
  • checkout_started
  • checkout_completed

Now your model works across:

  • Web
  • Mobile apps
  • Email journeys
  • Future channels

That’s how you future-proof it.


Naming Conventions

Keep it simple and consistent.

I recommend:

lowercase + underscores + business action

Examples:

  • product_viewed
  • cart_updated
  • form_submitted
  • account_logged_in

Avoid:

  • Environment prefixes (dev_, prod_)
  • Version numbers in event names
  • Brand-specific naming unless absolutely required

Let schema versioning handle evolution — not the event name.


Versioning Strategy

Events will evolve. That’s normal.

The mistake is changing them without a plan.

What works well:

  • Add a schema_version field inside the payload
  • Only add new optional fields
  • Avoid deleting existing properties suddenly

If a field must be removed, deprecate it first.
Remember: decision models might still be using it.

Future-Proofing Your Event Model

Before finalizing your taxonomy, ask:

  • Will this work across brands?
  • Will this work in mobile apps?
  • Will this work in offline or call center scenarios?
  • Will this still make sense 3 years from now?

For example:

Instead of web_banner_clicked use promotion_clicked

Now it works everywhere.

That small decision saves major rework later.

2. Designing Identity Resolution in Complex Ecosystems

Identity is where most CDP projects struggle.

In reality, one user can have:

  • Anonymous browser ID
  • CRM ID
  • Email
  • Mobile app ID
  • Loyalty ID

If you don’t define how these connect, you’ll end up with duplicate or broken profiles.

Anonymous → Known Transitions

This is a critical moment.

A user browses anonymously. Then they log in or submit their email.

What should happen?

You must:

  • Link anonymous history to the known profile
  • Merge safely
  • Avoid losing past behavioral data

Best practice:

  • Send both identifiers during the transition
  • Merge using strong identifiers (email, customer ID)
  • Never merge using weak signals like name only

If this is not designed carefully, you’ll see:

  • Fragmented journeys
  • Reset personalization
  • Inconsistent reporting

Multi-Device and Multi-Brand Scenarios

In enterprise setups, things get more complex.

A customer might:

  • Browse Brand A on desktop
  • Use Brand B mobile app
  • Purchase through call center

Now you must decide:

  • Are profiles shared across brands?
  • Is identity enterprise-wide or brand-level?
  • What about regional data boundaries?

Define clearly:

Identity Scope

  • Brand-level
  • Region-level
  • Enterprise-level

Identifier Priority

For example:

  • Customer ID
  • Email
  • Loyalty ID
  • Device ID

Document this. Socialize it. Govern it.

Identity chaos usually comes from unclear ownership — not technical limitations.

3. Data Modeling Mistakes I See Often

Over-Collection

Some teams send everything:

  • Every click
  • Every scroll
  • Every hover

More data does not mean better personalization.

It usually means:

  • Higher storage cost
  • Slower processing
  • Noisy segments
  • Harder debugging

Before sending any event, ask:

Will this drive a business decision?

If not, don’t send it.

Poor Event Normalization

Across brands, I’ve seen this:

Brand A sends:
productId

Brand B sends:
product_id

Brand C sends:
sku (Stock Keeping Unit)

Now try building a unified segment.

Standardize:

  • Attribute names
  • Data types
  • Value formats

Create a shared event contract and enforce it.

Identity Chaos

This is the hardest to fix later.

Symptoms:

  • Duplicate profiles
  • Conflicting attributes
  • Random merges
  • Personalization behaving unpredictably

Root cause:
No documented identity strategy.

Identity resolution is not just configuration.
It’s enterprise data architecture.

4. GDPR and Consent Architecture with CDP

Consent must be part of your data model from day one.

Not something added later.

What Data to Send

Send:

  • Behavioral interaction data
  • Pseudonymous identifiers
  • Business events
  • Consent status

Be cautious with:

  • Sensitive personal data
  • Financial information
  • Health data

Minimize data collection wherever possible.

What Data to Suppress

Do not send:

  • Events before required consent (based on region)
  • Users who have opted out
  • Internal test traffic

Consent logic should sit before data flows into CDP.

Modeling Consent Events

Treat consent as its own event.

For example:

consent_updated

  • consent_type
  • consent_status
  • timestamp
  • source

This gives you:

  • Full audit history
  • Clean compliance reporting
  • Better suppression logic
  • Dynamic personalization based on consent state

And most importantly — transparency.

Practical Architecture Diagram Outline



Real Enterprise Case Study Example



Final Thoughts

Sitecore CDP is not just about connecting data sources. It’s about designing a clean, scalable event and identity foundation.

If you rush taxonomy and identity design, you’ll spend years fixing personalization issues.

If you invest time upfront, you unlock:

  • Reliable personalization
  • Accurate reporting
  • Predictable decision models
  • Cleaner compliance

In my experience, CDP success has very little to do with features — and everything to do with architecture discipline.


References



Tags # CDP architecture # Customer Data Platform # event taxonomy Continue Reading
By at No comments:
Labels: , , , , , , , ,

Saturday, 14 February 2026

Composable DXP Architecture with Sitecore SaaS: An Architect’s Perspective

February 14, 2026 0

 


Sitecore’s SaaS products — Sitecore AI with XM Cloud, Content Hub, CDP, Personalize, Sitecore Search, and Sitecore Connect — gives architects all the building blocks for a modern composable DXP. The challenge is not what to buy, but how to place each capability without overlap, duplication, or architectural drift.

This post breaks down where each Sitecore SaaS product fits, where it explicitly does not, and the most common misconceptions that derail composable implementations.

The Core Principle of Composable DXP

Composable architecture is based on clearly separating responsibilities:

  • Content Authoring intelligence resides in upstream systems and is decoupled from runtime delivery.
  • The experience delivery layer is intentionally lightweight, stateless, and deterministic, focused purely on rendering and orchestration.
  • Decisioning, personalization, experimentation, and optimization are executed within dedicated engines (e.g., CDP, Personalization) rather than embedded in the presentation tier.
  • Integration follows an event-driven architecture (EDA) pattern using APIs, webhooks, and message streams instead of tightly coupled, point-to-point integrations.

Sitecore SaaS

Sitecore AI with XM Cloud: Content Backbone, Authoring Intelligence

Sitecore AI improves the content creation and authoring layer in a composable DXP.It helps content teams to generate, improve, tagging, and organize content.

Its main role is to provide intelligence during the content creation process. It is not to handle real-time personalization or decision-making when users are visiting the website.

Where Sitecore AI Fits:

  • Structured content authoring and governance
  • Headless-first content delivery
  • Workflow, approvals, and publishing
  • Multi-channel content reuse
  • AI-assisted content drafting and summarization
  • SEO and content quality recommendations
  • Metadata, tagging, and semantic enrichment
  • Content consistency and discoverability

Where Sitecore AI Does Not Fit:

  • Real-time personalization
  • Audience targeting
  • Decision orchestration
  • Behavioral analysis
If SitecoreAI is making runtime decisions in your architecture, something has gone wrong.

Sitecore CDP: The Customer Information

Sitecore CDP is the system where we store customer data and behavior. It helps to understand the customer, based on everything we know?

Where CDP Fits

  • Identity resolution and profile unification
  • Event ingestion from all touchpoints
  • Audience segmentation
  • Historical and real-time behavioral insights

Where CDP Does Not Fit

  • Content creation or management
  • UI-level personalization rendering
  • Frontend experience orchestration

CDP informs decisions — it does not render experiences.

Sitecore Personalize: The Decisioning Engine


Sitecore Personalize is a real-time personalization and experimentation engine. It uses customer behavioral data from CDP to deliver tailored content, offers, and experiences to each user. It also supports A/B testing and optimization to continuously improve engagement and conversion.

It decides what should this user see right now?

Where Personalize Fits

Real-time decisioning
Offer and experience selection
A/B and multivariate testing
Context-aware personalization
Personalize answers a different question:

Where Personalize Does Not Fit

  • Content authoring
  • Long-term data storage
  • Analytics reporting beyond experiments
Personalize depends on CDP context and XM Cloud content, it does not replace either.

Sitecore Search: The Discovery Engine

Sitecore Search sits in the delivery layer and focuses on intelligent content and product discovery. It consumes structured content from XM Cloud and behavioral signals (where available) to improve search relevance and recommendations. However, it complements but not replaces CDP or Personalize for customer data management and real-time decisioning.

Where Sitecore Search Fits

  • AI-driven search relevance
  • Semantic search and ranking
  • Faceting and filtering
  • Query personalization (based on context signals)
  • Content and product indexing

Where Sitecore Search Does Not Fit

  • Full customer profile management
  • Cross-channel journey orchestration
  • Experience-level decisioning beyond search results

Search answers a specific runtime question: Given this query and context, what content should rank first?
Search optimizes discovery, not the entire experience.

Content Hub: The Content Operations Engine


Sitecore Content Hub is a centralized content and Assets operations platform that manages content across its full lifecycle, from planning and creation to approval and distribution. It combines DAM, content management, and marketing resource management to ensure governance, collaboration, and structured content delivery across channels.
Content Hub belongs in the content operations layer, upstream of XM Cloud

Where Content Hub Fits

  • Digital Asset Management (DAM)
  • Product Content Management (PCM)
  • Content Planning & Marketing Resource Management (MRM)
  • Workflow, collaboration, and brand governance
  • Centralized asset distribution across channels

Where Content Hub Does Not Fit

  • Runtime experience delivery
  • Real-time personalization
  • Frontend rendering
  • Customer profile management

Content Hub answers an operational question:
How do we create, manage, approve, and distribute content at enterprise scale?

Sitecore Connect: The Integration Layer

Sitecore Connect is an integration layer that connects Sitecore products with external systems like CRM, ERP, and marketing platforms. It enables low-code, event-driven integrations and automated workflows without building custom point-to-point connections, supporting a scalable composable architecture. Connect ensures your composable stack stays loosely coupled.

Where Connect Fits

  • SaaS-to-SaaS integrations
  • Trigger-based workflows
  • Event propagation between Sitecore products and external systems
  • Decoupled integration patterns

Where Connect Does Not Fit

  • Core business logic execution
  • High-frequency synchronous runtime calls
  • Replacing enterprise integration platforms

Use Connect for orchestration — not as a runtime dependency.

Putting It Together: Reference Responsibility Map

Capability

Sitecore AI

CDP

Personalize

Search

Content Hub

Connect

Content authoring

Digital asset management

Content delivery

Customer profiles

Real-time decisioning

Experiments & testing

AI content enrichment

Intelligent search & ranking

Event-based integration

 

Wrong vs Right Architecture: A Reality Check for Architects

❌ The Wrong Architecture 

In many so-called composable DXP setups, everything is pushed into XM Cloud.

Typical mistakes:

  • Personalization rules built directly inside CMS components
  • Frontend calling multiple systems synchronously at runtime
  • AI treated as a real-time decision engine
  • Direct point-to-point integrations between products

What this looks like:

  • XM Cloud deciding who sees what
  • Sitecore AI used for runtime personalization
  • Frontend full of conditional logic
  • CDP used only as a data storage system

What happens because of this:

  • Personalization issues are hard to debug
  • Runtime performance becomes slow and unstable
  • Scaling to new channels requires major rewrites
  • Architects become bottlenecks

This type of setup may work in a demo. It does not survive real traffic or real business growth.

✅ The Right Architecture (Truly Composable)

In a proper composable setup, each product has a clear and strict responsibility.

  • XM Cloud handles content authoring and publishing
  • Sitecore AI improves content before publishing
  • CDP manages customer identity and behavior data
  • Personalize handles real-time decisioning
  • The frontend stays lightweight and predictable
  • Connect manages integrations using asynchronous, event-driven flows

What this gives you:

  • Stable and predictable performance
  • Independent scaling of each system
  • Faster experimentation and testing
  • Clear ownership between teams

This approach is cleaner, safer, and built to scale.

Architect’s Rule of Thumb

If personalization logic lives inside your CMS, you don’t have a composable DXP — you have a monolith exposed through APIs.

Common Misconceptions That Break Composable DXPs

XM Cloud Can Handle Personalization

XM Cloud can render personalized content. It should not decide personalization rules.
Decisioning belongs to Personalize.

Sitecore AI Replaces CDP or Personalize

Sitecore AI helps content authors. CDP and Personalize help end users.
They solve different problems in different layers.

We Can Add CDP and Personalize Later

Skipping optimization in the initial design leads to:

  • Tight frontend coupling
  • Rework during scaling
  • Inconsistent personalization logic

Composable architecture must be designed for future growth from the start.

Point-to-Point Integrations Are Faster

Yes — initially.

But without Connect or event-driven integration:

  • SaaS sprawl increases
  • Ownership becomes unclear
  • Changes become risky

Final Architect’s Take

Composable DXP with Sitecore SaaS works only when responsibilities are clearly defined:

  • Content Hub manages content operations and assets
  • XM Cloud handles content delivery
  • Sitecore AI supports authoring intelligence
  • Sitecore Search manages discovery
  • CDP manages customer data
  • Personalize makes decisions
  • Connect handles integrations

When each product does only what it is designed to do, composable architecture becomes simple and scalable.

Design with clarity.
Scale with confidence.


Tags # CDP # Composable DXP # Content Hub Continue Reading
By at No comments:
Labels: , , , , , , , , , , ,