1 min read

Azure AD SSO for ContentWorX (Oracle WebCenter Content)

Picture of Terry Wang Terry Wang : Oct 27, 2021 8:52:13 PM

Oracle WebCenter Content Oracle Document Management ContentWorX Identity Management Azure AD Authentication Authorization Microsoft Azure

As we see more ContentWorX (TEAM IM's hosted and managed SaaS version of Oracle WebCenter for Government) clients move into the cloud with their IT infrastructure, it has become a common requirement to support user login with their Office 365 credentials. We have established a pattern to support this by implementing SAML2-based SSO with Azure AD.

aad_sso

As the above diagram shows, a typical authentication flow goes like this:

  1. User client requests to access ContentWorX
  2. If the user is not authenticated, ContentWorX redirects the user client to Azure AD for authentication
  3. User completes authentication against Azure AD. Typically when a user is logged onto a corporate device that is domain joined, the user’s authentication to Azure AD can be seamless.
  4. Azure AD assigns a SAML token to the user client intended to be used by ContentWorX
  5. User client presents the token to ContentWorX, which validates the SAML token
  6. ContentWorX processes the user identity together with attributes. Optionally, the user group memberships can also be asserted on demand by role claims in the SAML token. These group memberships will be mapped to user roles that decide content access privileges in ContentWorX.
    The user attributes and roles are only valid for the current authenticated session. Next time when the user re-authenticates from Azure AD, the attributes and roles will be refreshed with new values from the Azure AD issued SAML token.
  7. ContentWorX establishes an authenticated user session.

 

This architectural pattern has the following clear advantages:

  • User can use a single identity when working in Office 365 and ContentWorX ECM-as-a-Service. This allows easier management for content ownership, access control and records keeping.
  • User access to ContentWorX is managed in the client’s identity infrastructure. The client has full control over user provisioning/deprovisioning and role access permissions.
  • ContentWorX does not keep any client user credentials, eliminating any risk of credentials exposure.

 

1 min read

The Evolution of Oracle Content

Picture of Jon Chartrand Jon Chartrand : Dec 8, 2021 2:56:18 PM

For more than fifteen years, TEAM IM has partnered with Oracle to bring cutting-edge technology to businesses, intent on our shared mission to drive...

Documents Cloud Service Oracle Cloud Oracle WebCenter Content Oracle Document Management Oracle CEC Cloud Migration Oracle Content and Experience Cloud
Read More

Oracle WebCenter Content 14c Now Available in the OCI Marketplace

Picture of Randy Sussner Randy Sussner : May 12, 2025 1:26:51 PM

Oracle has officially released WebCenter Content 14c (14.1.2.0.0), delivering a major update to its enterprise content management platform - and now,...

Oracle Cloud Document Management Oracle WebCenter Content 14c
Read More

ContentWorX User Experience Refresh

Picture of Nick Charles Nick Charles : Oct 7, 2021 9:01:16 AM

TEAM IM is upgrading its ContentWorX platform with a new modern user interface which is now being delivered to our New Zealand government clients....

Oracle WebCenter Content Digital Transformation ContentWorX UX Personalization
Read More