November Happy Hour will be moved to Thursday December 5th.

AI OnAI Off

Implementing SSO oAuth OpenID Connect client on a site - not admin interface or API

Ashish Gururani
Ashish Gururani
Vote:
 

There is a lot of documenation on enabling SSO/oAuth for the admin interface and/or for the API.

Is there anything to implement/enable it on the end user website that is created using Epi/Optimizely? For example an end-user goes to the site, clicks on login, goes to an external login page using oAuth, returns back to the website and is now logged in. Not sure how to explain it any better but I am not talking about the admin interface an/or giving access to the API. For version 12 is fine... we can apply the same concept to 11.

Any help or pointers for a sample implemention would be helpful. 

#286317
Aug 29, 2022 21:02
Bac Nguyen
Bac Nguyen
Vote:
 

Hi Ashish,

Have you tried following this docs? Integrate Azure AD using OpenID Connect (optimizely.com)?

It's about integrating Optimizely CMS with Azure AD, but I think it would be the same for other providers. 

#286352
Aug 30, 2022 2:02
Ashish Gururani
Ashish Gururani
Vote:
 

Thanks for the response. Does that still seem to be for the Optimizely admin interface/users? The reason I am asking is because. 

  1. It has these instrutions... "Create WebAdmins, WebEditors and Administartors app role: This is an example of app roles that declare WebAdmins and WebEditors. You can modify it according to your application roles."
  2. Doesn't specify how to wire up your "login button"
#286543
Sep 02, 2022 14:22
Minesh Shah (Netcel)
Minesh Shah (Netcel)
Vote:
 

Ashish, this would be pretty standard for any kind of Identity Provider / SSO Integration, as part of you implementation you can Synch the roles you setup in oAuth to the CMS, this is also detailed in the blog mentioned by Bac, 

                    // Syncs user and roles so they are available to the CMS
                    var synchronizingUserService = ctx
                        .HttpContext
                        .RequestServices
                        .GetRequiredService<ISynchronizingUserService>();

                    await synchronizingUserService.SynchronizeAsync(claimsIdentity);

You are also able to map virtual roles either via appSettings or Programatically, see here for information : https://docs.developers.optimizely.com/content-cloud/v12.0.0-content-cloud/docs/virtual-roles

The interface for logging a user in will all be hadled via the provider be it Auth0, Okta or Azure AD etc

#286626
Sep 04, 2022 20:21
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.