Security, Identity and Access Management

ID providers represent a pluggable abstraction layer for user authentication. To authenticate - or even create users in XP - you will need an ID provider.

XP ships with a built-in System ID provider to get you started quickly. Choose from a range of standard ID providers on Enonic Market, or build your own for a fully customized approach.

Principals are the actors of XP’s security model. XP provides three basic principals: users, groups and roles. Combined with ID providers, these form the essence of Enonic IAM.

Service accounts enable secure, token-based authentication for machine-to-machine communication - for example when accessing the Management API from remote clients or CI/CD pipelines.

In addition to role-based access control, the CMS (and underlying NoSQL storage) supports fine-grained access control - down to a single item.

XP automatically registers completed actions affecting repositories, content, applications, principals and ID providers in a dedicated repository. Visit Audit logs for details on the available events and how to enable or disable logging.

Principals, ID providers and service accounts can be managed through the Users admin tool, or programmatically via APIs.