Entra + Magnolia CMS
How to use Magnolia and Entra together
What Azure Entra offers
Microsoft Entra represents a unified family of identity and access solutions designed to help organizations securely manage the full spectrum of identities—from employees and partners to AI agents and cloud workloads—across environments such as on-premises, multicloud, SaaS, and hybrid setups. It embodies a Zero Trust philosophy, emphasizing continuous validation of identities, enforcement of least-privilege access, encryption of connections, and active monitoring to guard against security threats.
At the core of this suite is Microsoft Entra ID (previously known as Azure Active Directory), which delivers cloud-based identity and access management for users to securely access applications, services, and devices. It supports single sign-on, multifactor authentication, conditional access policies, and seamless integration with Microsoft’s platforms such as Microsoft 365 and Azure, as well as third-party SaaS tools.
Beyond foundational identity management, Microsoft Entra extends into domain management with Entra Domain Services, offering managed cloud-based support for legacy authentication protocols and group policy services—ideal for migrating legacy applications without deploying Active Directory domain controllers in the cloud.
For secure connectivity beyond traditional VPNs, the suite includes Entra Private Access, which enables per-app, adaptive access to private corporate resources, and Entra Internet Access, which functions as a cloud-delivered Secure Web Gateway to secure access to internet-based and SaaS applications, while enforcing identity-centric policies.
Governance and protection capabilities are essential parts of the Entra experience: Entra ID Governance automates access lifecycle tasks—like requests, reviews, and role assignments—while Entra ID Protection offers real-time threat detection and automated response controls, such as risk-based conditional access.
Another innovative offering within the Entra family is Entra Verified ID, a service built around decentralized identities. It enables organizations to issue verifiable credentials—secured digital attestations—that users store and present to verifiers, offering more privacy-preserving, trustworthy interactions without traditional identity exchange.
Building beyond human-centric identities, Microsoft Entra Workload ID manages identity for non-person entities such as AI agents, applications, services, and containers. This ensures secure authentication and authorization practices for automated and service-to-service interactions in cloud-native development workflows.
To help organizations manage permissions consistently across cloud environments, Entra Permissions Management (formerly CloudKnox) offers visibility into cloud permissions, just-in-time access controls, and policy automation to minimize risk stemming from over-provisioned entitlements.
All of these tools are managed centrally through the Microsoft Entra admin center, offering a unified interface for administering identity, access, and security policies across all Entra services. Developers and automation teams can also interact via the Microsoft Graph API, while the Microsoft identity platform provides libraries and APIs to embed authentication and authorization into applications.
In sum, Microsoft Entra presents a comprehensive, integrated approach to identity and access management. By supporting employees, customers, partners, workloads, and verification use cases with advanced security, governance, and usability, it empowers organizations to adopt Zero Trust principles effectively, simplify cross-environment access, and protect modern digital workloads at scale.
Add the SSO Module
To integrate login integration into Magnolia, the easiest way is to use the magnolia sso module. Enabling users to log into Magnolia using their existing identity infrastructure. Rather than replacing Magnolia’s internal security, it enhances it by relying on a trusted third-party identity source. When users authenticate via the external provider, their roles and group memberships are mapped to corresponding Magnolia roles, ensuring proper access control without managing credentials locally. It supports fallback to traditional Magnolia JCR-based login.