Skip to main content
Optimizely Academy
End-user eLearning
Events
Certification
Partner training
Community
All Topics

Platform Identity

  • By Optimizely Education
  • Published: Mar 12, 2026
  • Rating
    Average rating: 0 No reviews

Outline
At a glance
  • Core shift: CMS 13 moves from a standalone application to a composable platform model.
  • Identity central: Opti ID replaces local user stores with OIDC-based platform authentication and SCIM support.
  • Decoupled delivery: Optimizely Graph offloads content retrieval from the SQL database to a globally distributed GraphQL API.
  • AI Foundation: These pillars provide the security context and semantic indexing required for Opal AI orchestration.

The transition from CMS 12 to CMS 13 marks a critical evolution from a standalone application to a composable platform model. For technical architects and developers, this transformation is anchored by two mandatory infrastructure pillars: Optimizely ID (Opti ID) for centralized identity management and Optimizely Graph for decoupled content delivery.

In CMS 13, these components are fundamental requirements that enable unified security, high-performance data retrieval, and native integration with the broader Optimizely One ecosystem. By abstracting identity and indexing to the platform layer, CMS 13 allows for a more modular architecture where the CMS core manages authoring while dedicated services handle scale and security.

1. Platform Identity: The Strategic Role of Opti ID

In previous versions of Optimizely CMS, authentication was often decentralized. Development teams frequently managed local user stores via ASP.NET Identity or secondary SSO configurations for each environment. This approach created significant administrative overhead and increased the security risk associated with managing sensitive user credentials across multiple distributed databases.

CMS 13 mandates the use of Opti ID, a centralized, platform-wide Identity Provider built on the OpenID Connect (OIDC) protocol. This shift moves the responsibility of user management from the individual application code to the Optimizely platform, providing a robust, enterprise-grade authentication layer.

Technical Advantages of Centralized Identity

The integration of Opti ID provides several technical and operational benefits that streamline development and enhance security:

  • Unified Security Context: Managing identity at the platform level ensures that an authentication session is valid across the entire Optimizely One suite (including CMP and Experimentation). This eliminates the need for repeated login prompts when navigating between different platform tools.
  • Automated Provisioning via SCIM: Opti ID supports the System for Cross-domain Identity Management (SCIM), allowing for the automated synchronization of users and groups from an external Identity Provider (such as Azure AD or Okta).
  • Security offloading and Compliance: By leveraging Opti ID, organizations offload the storage and management of password hashes and Multi-Factor Authentication (MFA) to Optimizely. This separation ensures that sensitive credentials never reside within the CMS database.

Integration Standards

Enabling Opti ID involves the EPiServer.OptimizelyIdentity package and a configuration update in the Startup.cs file. This replaces the traditional local identity setup.

public void ConfigureServices(IServiceCollection services) { // Mandatory Opti ID integration - Configures the OIDC flow at the platform layer services.AddOptimizelyIdentity(useAsDefault: true, options => { // Customizations such as cookie names or custom schemes are supported options.AuthenticationCookieName = ".Optimizely.ID"; }); // NOTE: Legacy calls to services.AddCmsAspNetIdentity must be removed // to prevent authentication conflicts in CMS 13. }

2. Indexed Content: Decoupled Delivery via Optimizely Graph

Content delivery in legacy Optimizely CMS versions relied primarily on direct SQL queries (facilitated by IContentLoader) or Search & Navigation (legacy Find). CMS 13 addresses this by utilizing Optimizely Graph as the primary source for content retrieval. This GraphQL-based service functions as a high-performance content hub, indexing data in real-time and serving it via a globally distributed API.

Technical Rationale: Graph vs. SQL

Moving content retrieval to a platform-level index provides several architectural advantages:

  • Architectural Decoupling: The use of Optimizely Graph separates the delivery tier from the authoring tier. Front-end applications interact with the Graph API rather than a direct database connection.
  • Relational Query Efficiency: Optimizely Graph allows for the retrieval of deeply nested content in a single, optimized network hop, significantly improving Largest Contentful Paint (LCP).
  • Edge-Based Content Delivery: As a cloud-native, edge-cached service, content is served from locations physically closer to the user, resolving latency issues inherent in centralized database models.

Configuration and Synchronization

Synchronization is handled by the EPiServer.ContentGraph package. Once enabled, the CMS automatically pushes content updates to the platform index during the publishing event.

public void ConfigureServices(IServiceCollection services) { // Registers the Graph integration for automated content synchronization and querying services.AddContentGraph(); }

Technical Querying Patterns

The following example illustrates fetching articles while leveraging the Graph's ability to resolve URLs and transform data types at the delivery layer:

query GetArticlesByAuthor($authorName: String!) { ArticlePage( where: { # Graph indexes CMS properties for granular filtering and search AuthorName: { eq: $authorName } }, orderBy: { StartPublish: DESC }, limit: 10 ) { items { Name TeaserText MainBody { html # XHTML properties are automatically transformed into standard HTML strings } _link # Helper property to resolve item URLs without custom routing logic } } }

3. Platform Synergy and AI Readiness

The requirement for both Opti ID and Optimizely Graph is foundational to making CMS 13 an "AI-ready" platform node. This synergy is essential for Opal (Optimizely's AI Orchestration platform) to function effectively:

  • Identity Context: Opti ID provides the authenticated context required for Opal to understand who is performing an action, ensuring AI operations comply with security roles.
  • Semantic Indexing: Optimizely Graph provides the indexed representation of content that the AI queries for semantic searches and contextually relevant relationships.

Conclusion

CMS 13 represents a fundamental shift toward a platform-first architecture. By mandating Opti ID for identity and Optimizely Graph for content delivery, the system achieves superior security, global scalability, and the semantic structure necessary for modern AI integration. These changes reduce technical debt and prepare organizations for a truly composable digital experience.