Third Party Authentication

The Content Store can be set up to use a third party for authentication of users, instead of doing the user authentication itself. Three third party authenticators are supported:

  • Microsoft Active Directory

  • Google Apps

  • Facebook

This means that users in organizations with primarily Windows-based networks and users in organizations that use Google Apps as their standard office suite can log in to CUE and Web Studio using their "ordinary" user names and passwords. It is also possible to allow the use of Facebook IDs for authentication where appropriate. Note, however, that:

  • This is more of a "federated login" mechanism than "single sign on": users will still have to log in when starting CUE or Web Studio, even if they are already logged in to Active Directory/Google Apps/Facebook.

  • Only authentication is carried out by the third party, authorization is still performed by the Content Engine, so you still have to define Content Store users. The Content Store users must have identical user names to the Active Directory/Google Apps/Facebook users.

The general procedure for setting up third party authentication is:

  1. Using Web Studio, create users (see Create New User) for all the existing Active Directory/Google Apps/Facebook users who are to use CUE or Web Studio. The user names you specify must be identical to the user names in Active Directory/Google Apps/Facebook. You must leave the password fields blank.

    You can also migrate existing CUE users to ActiveDirectory/Google Apps/Facebook by changing their user name in Web Studio to match an existing user name in the third party system.

  2. Assign access rights to these user in the usual way (see Editing Users and Persons) .

  3. If you have any existing Content Store users that you want to move over to Active Directory/Google Apps/Facebook, then you can do so by:

    • Adding users with identical user names to Active Directory/Google Apps/Facebook

    • Removing the password from the user record in Web Studio

    You do not have to move all your Content Store users to the third party authentication system. Any users that you do not transfer will continue to work as before. (In the case of Active Directory, whether or not this is the case actually depends on your set up - see Switch to Active Directory.)

  4. Set up the Content Store to use to the third party authenticator. This process is different for each of the supported third-party authenticators, but in both cases it involves reassembling and redeploying the Content Store For details see either Active Directory Authentication, Google OAuth Authentication or ??.

  5. Using Web Studio, you can now tidy up by deleting any old Content Store-authenticated users that are no longer required (see Person and User Archive).