Opti ID provides multiple options for managing user identity and permissions so that you can choose the best fit for your organization.
- Local login – Invited users set up Opti ID-specific accounts. You manage user identity and permissions within Opti ID.
- SSO without SCIM – Invited users log in to Opti ID through an Opti ID single sign-on (SSO) app that you add to your identity provider's (IdP's) app portal. See Overview of configuring your own SSO for Opti ID. You manage user permissions within Opti ID.
- SSO with SCIM – Manage user identity and permissions within your IdP and automate the information between your IdP and Opti ID. See Overview of SCIM provisioning for Opti ID.
Skip to the corresponding section for the configuration you want to implement.
Prerequisite
Provision your Optimizely Content Management System (CMS) 12 instances.
Configuration options
Option 1: Configure local login
Local login sets up Opti ID-specific accounts for invited users. You manage user identity and permissions within Opti ID.
- Complete the initial technical contact login. This is the person who logs into Opti ID first and configures it for the rest of your organization. Contact your Customer Success Manager (CSM) if you do not know who the technical contact is. You can change the technical contact later.
- (Optional) Brand your login page.
- Review the local user password policy and how to reset your password.
- (Optional) Configure multi-factor authentication (MFA).
- Install, enable, test, and run Opti ID for CMS 12.
- Review the system roles for your Optimizely products. If you want to personalize permission levels, create custom roles.
- Create groups to simplify the process of giving multiple users the same level of access.
- Invite users, assigning them to roles or groups so that they have the appropriate access to your CMS instance.
Option 2: Configure SSO without SCIM
SSO without SCIM lets invited users log in to Opti ID through an Opti ID SSO app that you add to your IdP's app portal. You manage user permissions within Opti ID.
- Complete the initial technical contact login. This is the person who logs into Opti ID first and configures it for the rest of your organization. Contact your CSM if you do not know who the technical contact is. You can change the technical contact later.
- (Optional) Brand your login page.
-
Configure SSO. You can configure up to five SSO connections if needed. Opti ID supports Entra ID, Okta, and PingOne.
- Configure the SAML or OIDC SSO connection in your IdP.
- (Optional) Sync groups from your IdP to Opti ID.
- (Optional) Configure organizational domains to automatically provision users who log in with a specific domain.
- (Optional) Enable IdP-initiated login for a more seamless login experience.
- Install, enable, test, and run Opti ID for CMS 12.
- Review the system roles for your Optimizely products. If you want to personalize permission levels, create custom roles.
- Create groups to simplify the process of giving multiple users the same level of access.
- Invite users, assigning them to roles or groups so that they have the necessary access to your CMS instance.
Option 3: Configure SSO with SCIM
SSO with SCIM lets you manage user identity and permissions within your IdP and automate the information between your IdP and Opti ID.
- Complete the initial technical contact login. This is the person who logs into Opti ID first and configures it for the rest of your organization. Contact your CSM if you do not know who the technical contact is. You can change the technical contact later.
- (Optional) Brand your login page.
-
Configure SSO. You can configure up to five SSO connections if needed. Opti ID supports Entra ID, Okta, and PingOne.
- Configure the SAML or OIDC SSO connection in your IdP.
- (Optional) Enable IdP-initiated login for a more seamless login experience.
- Configure SCIM in your IdP.
- Install, enable, test, and run Opti ID for CMS 12.
- Review the system roles for your Optimizely products. If you want to personalize permission levels, create custom roles.
- Create groups in your SCIM app to simplify the process of giving multiple users the same level of access.
- Add users to your SCIM app, assigning them to roles or groups so that they have the necessary access to your CMS instance.
Install, enable, test, and run Opti ID for CMS 12
Complete this section at the designated step in your chosen Opti ID configuration (for example, step 4 of option 2).
1. Install Opti ID for CMS 12
Install the following NuGet package in your solution using the NuGet Package Manager in Visual Studio or the command line:
dotnet add package EPiServer.OptimizelyIdentity
In startup.cs
in the ConfigureServices
method, enable Opti ID with the following:
services.AddOptimizelyIdentity(useAsDefault: true);
Opti ID is only enabled in shell modules, preview, and edit mode by default. UseAsDefault
enables Opti ID globally throughout the application. You can configure AuthenticationOptions
when more control is needed over which authentication scheme is active. The namespace EPiServer.OptimizelyIdentity.OptimizelyIdentityDefaults
contains constants if you must reference the scheme name while configuring.
Remove any calls to services.AddCmsAspNetIdentity<TUser>()
if you are not using ASP.NET Identity.
2. Enable Opti ID for CMS 12
- Log into the Opti ID Admin Center.
- Go to Product Access > Products > Optimizely Content Management System.
- Select the CMS instance for which you want to enable Opti ID.
- Go to the Details tab and click Edit.
- Select Opti ID Enabled and click Save.
3. Test Opti ID for CMS 12
Before testing, ensure you have assigned your user to at least one of the built-in system roles for CMS. Deploy the code changes to DXP to start testing or run the application by setting up Opti ID locally.
/ui/cms/
after you have installed Opti ID.4. Run Opti ID locally
You can use Opti ID locally on any of the following URLs:
https://localhost:5000
https://localhost:5096
https://localhost:6921
https://localhost:7595
For this to work, you also need the settings below, which you can find in DXP Management Portal (PaaS Portal) > API > Opti ID dev key. You can only use keys from the integration environment locally. These settings are provided automatically when the application is deployed to Optimizely Digital Experience Platform (DXP).
In appsettings.json
, add the following to run Opti ID locally:
{
"EPiServer": {
"Cms": {
"OptimizelyIdentity": {
"InstanceId": "xxx",
"ClientId": "xxx",
"ClientSecret": "xxx"
}
}
}
}
When you confirm Opti ID works locally, deploy the code changes to DXP, then continue to the next step for your chosen configuration option.
- Option 1: Configure local login
- Option 2: Configure SSO without SCIM
- Option 3: Configure SSO with SCIM
FAQs
Can my site visitors use ASP.NET Identity or any other authentication scheme?
Yes. The Opti ID authentication scheme is enforced in protected modules, such as the edit and admin UI and add-ons. Enable any other authentication scheme and ensure Opti ID is not set as the default authentication scheme:
services.AddOptimizelyIdentity(useAsDefault: false);
Why do I get an error in Okta when testing locally?
Ensure you are using one of the allowed URLs and running your application with HTTPS enabled.
Why is the edit UI not loading and giving a 404 error?
Ensure you are accessing the CMS on the/ui/cms
path.
Please sign in to leave a comment.