ColdFusion OAuth2 and OIDC Integration: SSO with Azure AD, Okta, and SAML

ColdFusion supports enterprise single sign-on through three standards, and it has native tooling for each. For OAuth2, the built-in tag (since ColdFusion 11) handles Microsoft, Google, and Facebook out of the box and any OAuth2-compliant provider (like Okta) via endpoint configuration — and ColdFusion 2025 enhanced it with a new grantType attribute and a script-based getOauthAccessToken() function. For OIDC (OpenID Connect), there is no separate "OIDC tag"; you use the OAuth2 flow with the openid scope to receive an id_token (a JWT), then verify it with ColdFusion's native VerifySignedJWT() (CF 2023+). For SAML 2.0, ColdFusion has had native Service Provider support since ColdFusion 2021 — you install the SAML package via ColdFusion Package Manager (cfpm install saml), configure your SP in the ColdFusion Administrator, exchange metadata with the identity provider, and use SAML functions like InitSAMLAuthRequest(). This guide covers all three with Azure AD (Entra ID) and Okta as the identity providers.
Read More