Hi

We have upgraded to Optimizely cms 12 and are able to Login from Optimizely default login. The next step is to login with our custom identity manager .

We are able to use “AddOpenIdConnect” and “AddCookie” like login with azure documented here: https://docs.developers.optimizely.com/content-cloud/v12.0.0-content-cloud/docs/integrate-azure-ad-using-openid-connect

We get back a authenticated token with claims like username, roles ex. from our identity manager. This data is then synchronized see code example

(In the code example we do some mappings from “role” to “ClaimTypes.Role” )

o.Events.OnSignedIn = async (ctx) =>
            {
                if (ctx.Principal?.Identity is ClaimsIdentity claimsIdentity)
                {
                    var synchronizingUserService = ctx
                      .HttpContext
                      .RequestServices
                      .GetRequiredService<ISynchronizingUserService>();

                    var claims = new List<Claim>(claimsIdentity.Claims);
                    ClaimHelper.PatchClaims(claims);
                    var nid = new ClaimsIdentity(claims, "id_token", ClaimTypes.Name, ClaimTypes.Role);

                    await synchronizingUserService.SynchronizeAsync(nid);
                }
            };

 Optimizely then send us to “/Account/AccessDenied?ReturnUrl=”   and episerver is not logged in.

 For Optimizely 11 we used owin to connect. I have verified that the claims is the same.

 Is there some requirements for the claims?

 Or do we need to do something after the synchronization part?

Thanks for help!