Frequently asked questions (FAQ)

Opti ID unifies Optimizely's access and authorization across its products. It provides a single entry point to log in, navigate between entitled products, and manage users and their entitlements through the Admin Center.

With Opti ID, you can:

• Log in using centralized authentication with single sign-on (SSO) supporting any SAML or OIDC identity provider, SCIM, local login, and multi-factor authentication (MFA).
• Switch between Optimizely applications without re-authentication.
• Centrally manage user roles and create custom permissions in the Admin Center.
• Access simulation and administrative features in the Admin Center.
• View account and user dashboards, including usage and billing data.

Opti ID provides a seamless login experience across Optimizely products without re-authentication. It also unlocks the following key capabilities:

• Switch between accounts and products.
• Centrally manage product permissions through the Admin Center, including configuration for users, accounts, entitlements, reporting, and insights.
• Access to Optimizely Opal, Optimizely Connect Platform (OCP), Optimizely Reporting, and the Optimizely App Directory.

Opti ID makes all Optimizely products accessible as part of a cohesive suite from a single location, whether you use one product or the entire suite.

Optimizely provides Opti ID as a complimentary foundational service. Existing users must migrate their organizations to Opti ID, and Optimizely provides net-new users with Opti ID by default.

Opti ID supports

• Any SAML or OIDC IdP, including but not limited to Duo, Entra ID, Google, Okta, OneLogin, and PingOne.
• SCIM provisioning.
• Local login.
• Multi-factor authentication (MFA).

Opti ID supports both SAML and OIDC for connections with your identity provider (IdP). Opti ID requires a new single sign-on (SSO) connection. You cannot reuse your existing SSO configuration.

Yes. You can enable MFA for added security.

Yes. Non-single sign-on (SSO) users can log in as a local user using email and password. Optimizely enables this by default. You do not need to request it.

Yes. You can provision and sync users with SCIM. You can also generate SCIM tokens yourself.

No. The main benefit of Opti ID is single login access to all your entitled products. You only need to sign in again after your session expires (Okta-controlled timeout).

Yes. Until your organization migrates fully to Opti ID, you can continue logging in directly at the application level. Without Opti ID, Optimizely requires reauthentication between applications, and the product switcher is not available.

All users go to home.optimizely.com after authentication, unless you have access to only one application instance, in which case Opti ID redirects you directly to your instance.

Administrators go to home.optimizely.com when they log in, where they see the global navigation bar with the product drop-down list that displays all purchased products and instances. The products in the global navigation bar also display as product tiles on the home dashboard. 

The Admin Center displays as one of the available products (both in the product drop-down list and as a product tile). They can access the Admin Center to manage users, roles, and entitlements.

Non-administrators go to home.optimizely.com when they log in, where they see the global navigation bar with the product drop-down list that displays only the products and instances to which they have access. The products in the global navigation bar also display as product tiles on the home dashboard.

Yes. All Optimizely products include a login page with a single sign-on (SSO) link that redirects automatically to Opti ID.

Yes, Opti ID is mandatory for net-new organizations. Optimizely encourages existing organizations to migrate as soon as possible. The goal is for all organizations to use Opti ID to get the full benefits of Optimizely.

Yes. You can customize the login page to match your branding.

You must change your password when switching to Opti ID for the following reasons:

• It is a standard security practice when changing your authentication provider.
• Optimizely does not retain passwords to protect your personally identifiable information (PII). 

The global navigation bar includes all the organizations you manage. You can switch between accounts seamlessly without needing to log in again.

Only products that have migrated to Opti ID are available in the product drop-down list. If you believe you should have access to other products, contact your administrator to add you to the appropriate group with the correct permissions.

You only see products you are entitled to use. If you need access to other products, contact your administrator.

Yes. Opti ID uses HMAC to determine instance permissions for users in the context of Optimizely Content Marketing Platform (CMP).

The Admin Center is the central place where administrators manage their organization in Opti ID. Here, administrators can

• View and manage all entitlements.
• Manage users and their product roles and permissions.
• Create custom roles specific to their organization.

The Admin Center continues to expand, adding reporting tools and self-service capabilities, like trials and freemiums.

The technical contact for your organization is the primary administrator for the organization. This user

• Is the first official user in Opti ID with Admin Center access.
• Can manage account settings, users, and entitlements.
• Can invite additional users and assign them roles, including administrator roles for specific products or across the account.

The Optimizely Customer Success Manager (CSM), Support, and Enablement teams provide support for Opti ID use and migration.

Yes. Administrators can invite users directly through the Admin Center. The invitation workflow also lets administrators track who has accepted their access.

No. Once your organization uses Opti ID, the Admin Center centralizes user management.

Yes. The Admin Center is the single location for managing all users for organizations using Opti ID. As your organization moves to Opti ID, you can no longer manage users and permissions in individual applications.

Yes. You can integrate Azure AD with Opti ID to automatically sync users and groups. See Configure organizational domains and SCIM provisioning.

No. You can migrate users automatically using Just-In-Time (JIT) migration or SCIM provisioning. Bulk upload functionality in the Admin Center is coming soon. See Configure organizational domains and SCIM provisioning.

Groups let you organize users with similar roles or entitlements, reflecting your internal teams or structure. For example

• Groups that match Azure AD configurations.
• Product-specific groups.
• Role-based groups like editors, approvers, and publishers.

By default, every account includes two groups, Everyone and Administrators.

Groups provide flexibility for managing users, roles, and entitlements. You can apply permissions at the group level, and any changes automatically apply to all users in the group.

Users can have multiple roles through group membership. A user can belong to multiple groups, each granting different roles and access to different product instances.

The organization's technical contact or administrator creates groups and adds users with the appropriate entitlements. Users receive an email notification to accept their access and create a password.

Once you accept your Opti ID invitation and set a password, you log in through Opti ID. You see the global navigation bar with the product drop-down list. Logging in with your old application credentials redirects you to https://login.optimizely.com. You should update any bookmarked URLs accordingly to avoid redirects.

Yes. Admins can update instance names in the Admin Center.

The technical contact only needs to notify users to log in at https://login.optimizely.com. If Admin Center groups mirror your organization’s internal groups, you can automatically sync users to the correct groups, roles, and instances using your identity provider (IdP), like Entra ID, Okta, or PingOne.

When users log in, their organization's identity provider (IdP) tells Opti ID which internal groups they belong to. Opti ID then automatically maps these internal groups to the corresponding groups and roles in the Admin Center, so users are assigned the correct permissions without extra configuration.

You must log in at https://login.optimizely.com.

See Sync groups from Entra ID, Sync groups from Okta, or Sync groups from PingOne.

It depends on whether your organization has migrated to Opti ID.

• Migrated to Opti ID – Manage roles and permissions centrally in the Admin Center.
• Not yet migrated to Opti ID – Manage roles and permissions within your individual Optimizely application. See your product's user documentation.

Additional information.

• Optimizely prepackages system roles, and you cannot edit them. These roles provide a foundation for building your entitlements.
• You can create custom roles in the Admin Center to tailor permissions for your team.