Vulnerability in EPiServer.Forms

Try our conversational search powered by Generative AI!

Implementing SSO oAuth OpenID Connect client on a site - not admin interface or API


There is a lot of documenation on enabling SSO/oAuth for the admin interface and/or for the API.

Is there anything to implement/enable it on the end user website that is created using Epi/Optimizely? For example an end-user goes to the site, clicks on login, goes to an external login page using oAuth, returns back to the website and is now logged in. Not sure how to explain it any better but I am not talking about the admin interface an/or giving access to the API. For version 12 is fine... we can apply the same concept to 11.

Any help or pointers for a sample implemention would be helpful. 

Aug 29, 2022 21:02

Hi Ashish,

Have you tried following this docs? Integrate Azure AD using OpenID Connect (

It's about integrating Optimizely CMS with Azure AD, but I think it would be the same for other providers. 

Aug 30, 2022 2:02

Thanks for the response. Does that still seem to be for the Optimizely admin interface/users? The reason I am asking is because. 

  1. It has these instrutions... "Create WebAdmins, WebEditors and Administartors app role: This is an example of app roles that declare WebAdmins and WebEditors. You can modify it according to your application roles."
  2. Doesn't specify how to wire up your "login button"
Sep 02, 2022 14:22

Ashish, this would be pretty standard for any kind of Identity Provider / SSO Integration, as part of you implementation you can Synch the roles you setup in oAuth to the CMS, this is also detailed in the blog mentioned by Bac, 

                    // Syncs user and roles so they are available to the CMS
                    var synchronizingUserService = ctx

                    await synchronizingUserService.SynchronizeAsync(claimsIdentity);

You are also able to map virtual roles either via appSettings or Programatically, see here for information :

The interface for logging a user in will all be hadled via the provider be it Auth0, Okta or Azure AD etc

Sep 04, 2022 20:21
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.