1 min read

Azure AD SSO for ContentWorX (Oracle WebCenter Content)

Picture of Terry Wang Terry Wang : Oct 27, 2021 8:52:13 PM

Oracle WebCenter Content Oracle Document Management ContentWorX Identity Management Azure AD Authentication Authorization Microsoft Azure

As we see more ContentWorX (TEAM IM's hosted and managed SaaS version of Oracle WebCenter for Government) clients move into the cloud with their IT infrastructure, it has become a common requirement to support user login with their Office 365 credentials. We have established a pattern to support this by implementing SAML2-based SSO with Azure AD.

aad_sso

As the above diagram shows, a typical authentication flow goes like this:

  1. User client requests to access ContentWorX
  2. If the user is not authenticated, ContentWorX redirects the user client to Azure AD for authentication
  3. User completes authentication against Azure AD. Typically when a user is logged onto a corporate device that is domain joined, the user’s authentication to Azure AD can be seamless.
  4. Azure AD assigns a SAML token to the user client intended to be used by ContentWorX
  5. User client presents the token to ContentWorX, which validates the SAML token
  6. ContentWorX processes the user identity together with attributes. Optionally, the user group memberships can also be asserted on demand by role claims in the SAML token. These group memberships will be mapped to user roles that decide content access privileges in ContentWorX.
    The user attributes and roles are only valid for the current authenticated session. Next time when the user re-authenticates from Azure AD, the attributes and roles will be refreshed with new values from the Azure AD issued SAML token.
  7. ContentWorX establishes an authenticated user session.

 

This architectural pattern has the following clear advantages:

  • User can use a single identity when working in Office 365 and ContentWorX ECM-as-a-Service. This allows easier management for content ownership, access control and records keeping.
  • User access to ContentWorX is managed in the client’s identity infrastructure. The client has full control over user provisioning/deprovisioning and role access permissions.
  • ContentWorX does not keep any client user credentials, eliminating any risk of credentials exposure.

 

ContentWorX User Experience Refresh

Picture of Nick Charles Nick Charles : Oct 7, 2021 9:01:16 AM

TEAM IM is upgrading its ContentWorX platform with a new modern user interface which is now being delivered to our New Zealand government clients....

Oracle WebCenter Content Digital Transformation ContentWorX UX Personalization
Read More

WebCenter Content in the Market Place

Picture of Andrew Bennett Andrew Bennett : May 13, 2024 9:44:22 AM

The introduction of WebCenter Content in the Oracle Cloud Marketplace marks a significant technological shift for organizations previously reliant on...

Oracle WebCenter Oracle WebCenter Content Oracle Documents Cloud Service Oracle OCI Multicloud 14c 12c
Read More

SharePoint to Oracle WebCenter Content  Replication

Picture of Mark Robinson Mark Robinson : Oct 27, 2021 6:21:59 PM

The SharePoint to Oracle WebCenter Content Replication Application is an application developed by TEAM IM that replicates documents from SharePoint...

Microsoft Oracle WebCenter Content Oracle Automation Sharepoint Content Replication Selective Sync
Read More