Edit online

Single Sign-On in Content Fusion Enterprise

Oxygen Content Fusion Enterprise Server supports Single Sign-On by configuring a provider that supports the OpenID Connect protocol such as Microsoft Entra ID or Okta.

Note:
Content Fusion uses the email address provided by the Single Sign-On provider, unless the email_verified field is false for a particular user.
To enable Single Sign-On:
  1. Define a new application in the administration interface of your OpenID Connect provider to represent your Oxygen Content Fusion Enterprise Server deployment:
    1. When you are asked for a redirect URI, use the following value: https://<content-fusion-address>/api/oauthc/oidcId/callback where you replace <content-fusion-address> with the actual address of your server.
    2. After you define the application, you need to note the Client ID (or Application ID in some cases) and Client Secret that will be generated for you.
  2. On the machine where Content Fusion is installed, go to the Administration Page. In the Single Sign-On Authentication section, enable the Use OIDC single sign-on option and configure the fields listed there.
    For Okta:
    • Provider Name - Enter OKTA.
    • Authorization endpoint URL - Enter: https://<okta-subdomain>.okta.com/oauth2/v1/authorize (replace <okta-subdomain> with your particular Okta subdomain).
    • Token endpoint URL - Enter: https://<okta-subdomain>.okta.com/oauth2/v1/token (replace <okta-subdomain> with your particular Okta subdomain).
    • User info endpoint URL - Enter: https://<okta-subdomain>.okta.com/oauth2/v1/userinfo (replace <okta-subdomain> with your particular Okta subdomain).
    • Client ID - Enter the Client ID (or Application ID in some cases) that was generated in step one.
    • Client Secret - Enter the Client Secret that was generated in step one.

    For Entra ID:

    • Provider Name - Enter EntraID.
    • Authorization endpoint URL - Enter: https://login.microsoftonline.com/<app-id>/oauth2/v2.0/authorize (replace <app-id> with the Application ID that was generated in step one).
    • Token endpoint URL - Enter: https://login.microsoftonline.com/<app-id>/oauth2/v2.0/token (replace <app-id> with the Application ID that was generated in step one).
    • User info endpoint URL - Enter: https://graph.microsoft.com/oidc/userinfo.
    • Client ID - Enter the Client ID (or Application ID in some cases) that was generated in step one.
    • Client Secret - Enter the Client Secret that was generated in step one.
  3. Make sure you click Save Configuration when you are finished.
  4. Restart the Content Fusion machine.
    sudo bash /fusion/admin/stop-content-fusion.sh
sudo bash /fusion/admin/start-content-fusion.sh

Result: Users will now have the option to log on to Content Fusion using the OpenID Connect provider.