Install Opti ID for CMS

  • Updated

Install the following NuGet package in your solution using the NuGet Package Manager in Visual Studio or the command line:

dotnet add package EPiServer.OptimizelyIdentity

In startup.cs in the ConfigureServices method, enable Opti ID with the following:

services.AddOptimizelyIdentity(useAsDefault: true);

Opti ID is only enabled in shell modules, preview, and edit mode by default. UseAsDefault enables Opti ID globally throughout the application. You can configure AuthenticationOptions when more control is needed over which authentication scheme is active. The namespace EPiServer.OptimizelyIdentity.OptimizelyIdentityDefaults contains constants if you must reference the scheme name while configuring.

Remove any calls to services.AddCmsAspNetIdentity<TUser>() if you are not using ASP.NET Identity.

Opti ID automatically maps the virtual roles CmsEditors and CmsAdmins. You must remove the mapping of these if you already have any.

Edit and admin modes are accessible on /ui/cms/.

Run Opti ID locally

You can use Opti ID locally on https://localhost:5000. For this to work, you also need the settings below, which you can find in DXP Management Portal (PaaS Portal) > API > Opti ID dev key. These settings are provided automatically when the application is deployed to Optimizely Digital Experience Platform (DXP).

In appsettings.json, add the following to run Opti ID locally:

{
  "EPiServer": {
    "Cms": {
      "OptimizelyIdentity": {
        "InstanceId": "xxx",
        "ClientId": "xxx",
        "ClientSecret": "xxx"
      }
    }
  }
}

Configure single sign-on with Microsoft Entra ID

(Optional) Read and complete the steps in each article to properly integrate Opti ID with Microsoft Entra ID:

  1. Configure single sign-on (SSO) in your Opti ID organization
  2. Configure your Domain Name System (DNS) domains in the Opti ID organization
  3. Configure group sync between Microsoft Entra ID and Opti ID
  4. Set up groups, roles, and users in Opti ID Admin Center

As per the group sync setup, you must establish a groups claim with precisely the list of groups you have defined in Entra ID and Opti ID. The group's name in Entra ID and Opti ID must match so that group membership is properly synced.

Ensure that in Entra ID, the groups are assigned to the registered Optimizely Content Management System (CMS) application. In Opti ID, the groups must define the product entitlements and the CMS roles for those users belonging to the group.

After this is properly set up, when a user logging in through Opti ID switches to the CMS product instance, the CMS reads the roles assigned to the user in any Opti ID group containing that user and the CMS product instance and enables CMS features accordingly.