Get started with Opti ID

Opti ID provides multiple options for managing user identity and permissions so that you can choose the best fit for your organization.

1. Local login – Invited users set up Opti ID-specific accounts. You manage user identity and permissions within Opti ID.
2. SSO without SCIM – Invited users log in to Opti ID through an Opti ID single sign-on (SSO) app that you add to your identity provider's (IdP's) app portal. See Overview of configuring your own SSO for Opti ID. You manage user permissions within Opti ID.
3. SSO with SCIM – Manage user identity and permissions within your IdP and automate the information between your IdP and Opti ID. See Overview of SCIM provisioning for Opti ID.

Skip to the corresponding section for the configuration you want to implement.

Option 1: Configure local login

Local login sets up Opti ID-specific accounts for invited users. You manage user identity and permissions within Opti ID.

1. Complete the initial technical contact login. This is the person who logs into Opti ID first and configures it for the rest of your organization. Contact your Customer Success Manager (CSM) if you do not know who the technical contact is. You can change the technical contact later.
2. (Optional) Brand your login page.
3. Review the local user password policy and how to reset your password.
4. (Optional) Configure multi-factor authentication (MFA).
5. Review the system roles for your Optimizely products. If you want to personalize permission levels, create custom roles.
6. Create groups to simplify the process of giving multiple users the same level of access.
7. Invite users, assigning them to roles or groups so that they have the appropriate access to your Optimizely products.

Option 2: Configure SSO without SCIM

SSO without SCIM lets invited users log in to Opti ID through an Opti ID SSO app that you add to your IdP's app portal. You manage user permissions within Opti ID.

1. Complete the initial technical contact login. This is the person who logs into Opti ID first and configures it for the rest of your organization. Contact your CSM if you do not know who the technical contact is. You can change the technical contact later.
2. (Optional) Brand your login page.
3. Configure SSO. You can configure up to five SSO connections if needed. Opti ID supports Entra ID, Okta, and PingOne.
   1. Configure the SAML or OIDC SSO connection in your IdP.
      • Configure SAML SSO with Entra ID
      • Configure SAML SSO with Okta
      • Configure SAML SSO with PingOne
      • Configure OIDC SSO with Entra ID
      • Configure OIDC SSO with Okta
      • Configure OIDC SSO with PingOne
   2. (Optional) Sync groups from your IdP to Opti ID.
      • Sync groups from Entra ID
      • Sync groups from Okta
      • Sync groups from PingOne
   3. (Optional) Configure organizational domains to automatically provision users who log in with a specific domain.
   4. (Optional) Enable IdP-initiated login for a more seamless login experience.
      • Enable IdP-initiated SSO login for Entra ID
      • Enable IdP-initiated SSO login for Okta
4. Review the system roles for your Optimizely products. If you want to personalize permission levels, create custom roles.
5. Create groups to simplify the process of giving multiple users the same level of access.
6. Invite users, assigning them to roles or groups so that they have the necessary access to your Optimizely products.

Option 3: Configure SSO with SCIM

SSO with SCIM lets you manage user identity and permissions within your IdP and automate the information between your IdP and Opti ID.

1. Complete the initial technical contact login. This is the person who logs into Opti ID first and configures it for the rest of your organization. Contact your CSM if you do not know who the technical contact is. You can change the technical contact later.
2. (Optional) Brand your login page.
3. Configure SSO. You can configure up to five SSO connections if needed. Opti ID supports Entra ID, Okta, and PingOne.
   1. Configure the SAML or OIDC SSO connection in your IdP.
      • Configure SAML SSO with Entra ID
      • Configure SAML SSO with Okta
      • Configure SAML SSO with PingOne
      • Configure OIDC SSO with Entra ID
      • Configure OIDC SSO with Okta
      • Configure OIDC SSO with PingOne
   2. (Optional) Enable IdP-initiated login for a more seamless login experience.
      • Enable IdP-initiated SSO login for Entra ID
      • Enable IdP-initiated SSO login for Okta
4. Configure SCIM in your IdP.
   • Create a SCIM provisioning app in Microsoft Entra ID – Use OIDC or SAML for SSO, and manage SSO and SCIM on two separate Entra ID apps.
   • Create a SCIM provisioning app in Okta – Use OIDC or SAML for SSO, and manage SSO and SCIM on two separate Okta apps.
   • Create a single Okta app for SCIM provisioning and SAML SSO – Use only SAML for SSO, and manage SSO and SCIM on a single Okta app.
   • Create a SCIM provisioning app in PingOne – Use OIDC or SAML for SSO, and manage SSO and SCIM on two separate PingOne apps.
5. Review the system roles for your Optimizely products. If you want to personalize permission levels, create custom roles.
6. Create groups in your SCIM app to simplify the process of giving multiple users the same level of access.
7. Add users to your SCIM app, assigning them to roles or groups so that they have the necessary access to your Optimizely products.