Skip to main content
Optimizely Academy
End-user eLearning
Events
Certification
Partner training
Community
All Topics

Feature Exposure

  • By Optimizely Education
  • Published: Mar 12, 2026
  • Rating
    Average rating: 0 No reviews

Outline
At a glance
  • Governance Split: Developers architect the technical possibilities while administrators govern how they are accessed.
  • Technical Enablement: Feature exposure is driven by service registration and shell integration within the application bootstrap.
  • Centralized Policy: Opti ID moves identity management to the platform level, ensuring consistent security across the stack.
  • Synergy: Organizations gain security by delegating infrastructure to the platform while keeping business logic in the code.

In the modern architecture of CMS 13, the governance model relies on a clear distinction between technical enablement and policy enforcement. Effective platform awareness requires understanding that developers act as the architects who construct the technical possibilities, while administrators act as the governors who define how those possibilities are accessed and utilized.

This section explores the collaborative yet distinct responsibilities of developers and administrators in exposing platform features based on user roles.

1. Developer Enablement: Technical Exposure

Feature exposure at the developer level is achieved through service registration, content model decoration, and infrastructure configuration. In this domain, the focus is on making the platform's modular capabilities available within the application context.

Service Activation and Registration

The exposure of core platform features—such as personalization, identity, and indexing—is initiated within the application bootstrap. By registering specific services in the container, developers determine which platform "hooks" the application will support.

  • Identity Exposure: Registering the Opti ID middleware to transition from local identity to platform-wide OIDC.
  • Visitor Group Capability: Explicitly enabling the visitor group services to allow administrators to define personalization segments.
  • Indexing Logic: Activating the Content Graph service to enable the projection of content to the platform’s delivery API.

UI and Shell Integration

Developers control how administrative features are exposed within the CMS interface. This involves integrating custom administrative views with the Optimizely Shell to ensure they respect the unified navigation header and security attributes.

  • Navigation Tag Helpers: Utilizing platform-provided tag helpers to inject custom features into the global Optimizely One navigation bar.
  • Security Attributes: Applying role-based authorization attributes to controllers to technically restrict endpoints to system-level roles.

2. Administrative Governance: Policy and Access Control

While developers enable the underlying features, administrators are responsible for the organizational policies that govern access. This governance is primarily conducted through Opti ID and the centralized Admin Center.

Centralized Role Management (Opti ID)

Administrators use the platform-level Admin Center to manage the user lifecycle. This centralized governance ensures that security policies are consistent across every Optimizely product in the organization’s stack.

  • System Roles: Managing immutable roles such as "Super Admin," which provide broad access across the platform.
  • Custom Roles: Defining project or region-specific roles that synchronize automatically with connected CMS instances.
  • Provisioning Logic: Governing the automated flow of user data from corporate directories via SCIM to ensure access is revoked or granted in real-time.

Application-Level Governance

Once global roles are projected from the platform to the application, administrators perform granular governance within the CMS. This creates a bridge between platform identity and application-specific content rights.

  • Content Access Rights: Mapping synchronized platform roles to specific nodes in the CMS content tree.
  • Language Governance: Defining which roles have the authority to publish content in specific market languages.
  • Workflow Oversight: Configuring multi-step approval sequences that enforce governance policies before content reaches the platform’s delivery index.

3. The Synergy of Governance

The technical boundary between enablement and governance is established by delegating infrastructure management to the platform while maintaining business logic in the code.

Developer Enablement Example

The following configuration demonstrates how a developer enables the platform capabilities that administrators will later govern:

public void ConfigureServices(IServiceCollection services) { services.AddCms() .AddOptimizelyIdentity() // Enables platform identity governance .AddVisitorGroups() // Enables administrative personalization tools .AddContentGraph(); // Enables platform-wide content discovery }

By concentrating infrastructure governance in the platform (Opti ID) and functional enablement in the codebase, organizations achieve a highly secure, scalable, and manageable digital environment.

Conclusion

Role-based feature exposure in CMS 13 is a shared responsibility. Developers provide the technical foundation by registering services and extending the UI, while administrators manage the organizational risk by defining roles and content access policies. This separation ensures that the CMS application remains highly focused on business value while inheriting the robust security and governance standards of the Optimizely platform.