> 1. Set any claims returned from AzureAD to Sitecore UserName.
We can create your own UserBuilder class. It can be defined within the following configuration node:
<externalUserBuilder type="My type goes here">
The custom class should be based on default Sitecore.Owin.Authentication.Services.DefaultExternalUserBuilder, the only method you need to override is CreateUniqueUserName.
> 2. Do not automatically create users. (login can not be done unless user exist.)
Users are created by the ApplicationUserResolver implementation. To change the logic you will need to register a custom one.
Implment step below:
1. Create a custom CustomtApplicationUserResolver class, which is based on Sitecore.Owin.Authentication.Services.ApplicationUserResolver ( Copy the code from the default implementation - Sitecore.Owin.Authentication.Services.DefaultApplicationUserResolver. you can get code samples using any reverse engineering tool such as RedGate .NET Reflector)
2. In the ResolveApplicationUserAsync method you will need to add your custom logic that will deny creation of new users.
3. Register a custom service configurator that will replace the standard ApplicationUserResolver implementation with the custom one