Okta integration for Optimizely CMS

Instructions for integrating Okta into an Optimizely CMS web app. By following these steps, you can seamlessly integrate Okta's authentication and authorization features into your Optimizely CMS web app.

Installation

To integrate Okta into your Optimizely CMS web app, follow these steps:

Install nuget packages

Install the following NuGet packages to your project:

Okta.AspNetCore

Add credentials

In the appsettings.json file, add the following configuration:

{
  "Okta": {
    "OktaDomain": "https://<your-domain>.okta.com/",
    "ClientId": "<client-id>",
    "ClientSecret": "<client-secret>",
    "AuthorizationServerId": "<authentication-server-id>"
  }
}

Register

In the Startup.cs file, include the following code:

using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
using Microsoft.Extensions.Configuration;
using Okta.AspNetCore;

public class Startup
{
  private readonly IWebHostEnvironment _webHostEnvironment;
  private readonly IConfiguration _configuration;

  public Startup(
      IWebHostEnvironment webHostEnvironment,
      IConfiguration configuration)
  {
      _webHostEnvironment = webHostEnvironment;
      _configuration = configuration;
  }

  public void ConfigureServices(IServiceCollection services)
  {
    if (_webHostEnvironment.IsDevelopment())
    {
      // Write Personally Identifiable Information (PII) to the log
      IdentityModelEventSource.ShowPII = true;
    }

    services
      .AddAuthentication(o =>
      {
        o.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
        o.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
        o.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
      })
      .AddCookie()
      .AddOktaMvc(new OktaMvcOptions
      {
        OktaDomain = _configuration
          .GetSection("Okta:OktaDomain").Value,

        ClientId = _configuration
          .GetSection("Okta:ClientId").Value,

        ClientSecret = _configuration
          .GetSection("Okta:ClientSecret").Value,

        AuthorizationServerId = _configuration
          .GetSection("Okta:AuthorizationServerId").Value,

        Scope = new List<string> { "openid", "profile", "email" },
      });
  }
}

Usage

To protect a specific controller/action, decorate it with the following code:

using Microsoft.AspNetCore.Authorization;

[Authorize]
public class UserController : Controller {
}

Use Optimizely CMS roles for Authorization

Install EPiServer.CMS.UI.AspNetIdentity

Inside Startup.cs file, add following configuration:

// Remove AddCmsAspNetIdentity<ApplicationUser>() if there is any
services
  .AddCms()
  .AddCmsUserStore<ApplicationUser>();