Ideal for secure login to the OpenDXP admin via external identity providers – with Single Sign-On (SSO) and automated role assignment.
Admin Auth Bundle
The “Admin Auth Bundle” is the authentication foundation for the OpenDXP admin and securely connects the platform to your central identity provider. Instead of maintaining local user accounts manually, administrators and editors sign in via Single Sign-On (SSO) – with permissions automatically derived from the groups in your directory. Access to the system stays consistent, traceable and centrally controlled at all times.
User management that doesn't scale with your team
Manual maintenance of admin accounts quickly becomes a risk in growing setups: forgotten authorizations, orphaned logins of retired employees and inconsistent roles are security and compliance issues at the same time. If you manage users individually in each system, you lose time and control.
The Admin Auth Bundle solves this problem at the root: it shifts authentication and authorization to where they belong - in your central identity provider. If a person is deactivated there or assigned to a different group, this has an immediate effect on access in OpenDXP Admin. One central source of truth, no double maintenance effort.
Log in to the OpenDXP admin via your existing identity provider – without separate passwords. One click, one login, one consistent security level across all systems.
Directory groups are mapped to OpenDXP roles through freely definable rules. Permissions are created automatically on login – with no manual assignment.
Define precisely which combination of groups receives which role. When several rules apply, they are merged, so a person can hold multiple roles at once where needed.
A dedicated rule can automatically treat people as administrators – for example, when they belong to several defined groups at the same time.
Optionally define default roles for when no matching directory role exists. If no valid role is present, access is consistently denied – deliberately secure behaviour with no open back doors.
As part of the OpenDXP ecosystem, the bundle is open source and built for extensibility. Microsoft Entra ID (Azure AD) is currently supported as a client; the architecture is prepared for additional providers.
Central login in three steps
- Connect identity provider
The bundle is installed via Composer and configured with the access data of your identity provider (e.g. Microsoft Entra ID) - Mapping groups to roles
In the configuration, you define rules ("scopes"): Which directory group - or which combination of groups - leads to which OpenDXP role. Multiple hits are merged - Login via SSO
The user account and roles are created automatically at the first login and kept up to date at each subsequent login. Authorizations follow your directory at all times.
What the Admin Auth Bundle is made for
- Companies with centralized IT governance: One directory controls all access - including OpenDXP-Admin.
- Agencies & multi-team setups: Different teams or mandates are automatically assigned the appropriate roles via groups.
- Onboarding & Offboarding: New employees are immediately productive, those who have left automatically lose their access.
- Compliance-sensitive industries: Traceable, centrally managed authorizations support audit and data protection requirements.
Key technical data
| Feature | Value |
|---|---|
| Current release | 1.x |
| Supported OpenDXP versions | ^1.0 |
| Supported Symfony versions | ^7.3 |
| Supported clients | Microsoft Entra ID (Azure AD) |
| Log | OAuth 2.0 / OpenID Connect |
| License | Open Source (OpenDXP ecosystem) |
| Maintainer | DACHCOM.DIGITAL AG |
Note: Complete installation and configuration details can be found by developers:inside the technical documentation.
Find out in a short demo how the Admin Auth Bundle fits into your identity setup.