Create a recycling bin for logging and restoring deleted documents
Help you editors restore deleted documents in a dataset using a webhook and a singleton bin document type.
Go to Create a recycling bin for logging and restoring deleted documentsConfigure and enable SSO authentication in your Sanity instance using the SAML protocol and Microsoft Azure AD as an identity provider (IdP.)
During the setup and configuration process, it's a good idea to keep two windows side by side:
Go to Sanity Manage and select the organization you want to enable SSO for.
To navigate to the service provider configuration inside Sanity Manage:
To navigate to the identity provider configuration in Azure:
In Enterprise applications:
If you're keeping two browser tabs or windows open side by side, now you should have one on the configuration screen inside Sanity Manage, and the other on the configuration screen in Azure.
Now, configure Azure to send the claims that Sanity requires in the expected form.
The claims (attributes) that Sanity expects are listed inside Sanity Manage:
For each claim:
Once all claims have been added:
Sanity requires user.firstName
and user.surname
. The mapping in the example replaces both fields with user.displayname
.
Enterprise customers can map user identity provider roles to service provider roles. For example, users with an Azure example-azure-user-role
role are mapped to the Sanity viewer
role when they log in.
groups
claim with the format set to unspecified
. In Azure, add a new group claim:
Select the groups that you want Azure to send to Sanity, and assign the group claim a descriptive name:
Once you're done, save the changes.
In Azure, browse to the Set up {application name}
block:
Get the Azure URLs for login and authentication, and add them to the Your Identity Provider details configuration section inside Sanity Manage:
In this scenario:
In the SAML specification, InResponseTo
is defined as
The ID of a SAML protocol message in response to which an attesting entity can present the assertion.
This setting is identity provider-specific. Azure doesn’t support it. Therefore, ensure that Enable InResponseTo is deselected/disabled.
The Signed SAML Assertion option notifies the Sanity instance that the identity provider is configured to use the signing certificate found in the Sanity service provider details section.
This is an optional step configured in Verification certificates:
Unless you have already uploaded the certificate, leave the Want assertion signed deselected under Signed SAML Assertion.
To get an X.509 certificate:
Ensure you save all changes inside Sanity Manage and in Azure.
Sanity Composable Content Cloud is the headless CMS that gives you (and your team) a content backend to drive websites and applications with modern tooling. It offers a real-time editing environment for content creators that’s easy to configure but designed to be customized with JavaScript and React when needed. With the hosted document store, you query content freely and easily integrate with any framework or data source to distribute and enrich content.
Sanity scales from weekend projects to enterprise needs and is used by companies like Puma, AT&T, Burger King, Tata, and Figma.
Help you editors restore deleted documents in a dataset using a webhook and a singleton bin document type.
Go to Create a recycling bin for logging and restoring deleted documentsIn this guide you will learn how to setup such a listener-based structure and also how to combine the results with the workflow plugin metadata.
Go to Dynamic folder structure using the currentUser and workflow statesStreamline your editorial workflow: use comments to manage asynchronous collaborative reviews in the studio.
Go to Use Comments for authors and editorsSet up comments so that they’re available in the studio to authors and editors.
Go to Enable Comments inside Sanity Studio