More on that in a later blogpost, Using that Callbackpath, the actual claimsIdentity is created and all the claim transformations that are specified in your identity provider configuration are applied. However, this approach to user authentication requires custom solution code through the Security API. Code and config are posted here : https://stackoverflow.com/questions/56267030/implementing-custom-identity-server-4-for-sitecore-9-1. On success, the visitor becomes associated with the authenticated user account and obtains authorization matching the user account's membership roles. This can be completely configured according to the business requirements of the website. This redirects the visitor to the external provider’s authentication page where the visitor is authenticated. When a user is created, it can immediately be associated with one or more security roles through the Security API. Hi Bas, The way that this was working when the site was outside of Sitecore was that there was forms authentication being done and when a page was trying to be accessed without the user being logged in the Return URL would be used to return the user to the proper page after login. We just need to remove .example from the end of the file. The digital experience platform and best-in-class CMS empowering the world's smartest brands. On the final step of login process in the call to /identity/externallogincallback the cookies are missing. General profile property mappings from the IdentityServer4 claims -->