Adobe IMS for Author in Cloud Service

Question

Hi ,
I am trying to use Adobe IMS for SSO for our author instance and Admin console ,as we are migrating we already have Directory and domains in AMS , as per adobe we raised the request for domains and got it approved .
In Admin console I can see directories

I need the SSO to be applied for the domains under directory
 
I have gone through the adobe docs and i have arrived till this step , please suggest me the next steps to be followed so i can successfully integrate  SSO for Author and Admin console , and how to validate them

AmitVishwakarma · Accepted Answer

Hi @shankar_k ,Try below steps:1. Ensure Directory & Domain Status  - Your directories are set to Federated ID and Trusted/Active — correct.  - Your domains are Approved and Active — good to go.  - Note: Make sure “Domain Enforcement” is enabled if you want users under that domain to be forced to use SSO.2. Set Up SAML for the Directory (if not done yet)If Adobe Support hasn’t already configured SAML:  - Go to Admin Console > Settings > Identity.  - Select your Federated Directory.  - Click on "Set up SAML".  - Upload your IdP metadata file (from Azure AD, Okta, or any other SAML provider).  - Adobe will verify it and enable the integration. 3. Enable Domain EnforcementThis step ensures SSO is enforced:  - In Admin Console, go to Identity > Directories.  - Select your directory > Edit.  - Toggle Domain Enforcement to On for required domains. 4. Assign Users to DirectoryEnsure users are assigned under the Federated ID directory:  - Go to Admin Console > Users.  - Add users using their email in the federated domain.  - Assign roles or product profiles (e.g., AEM Author access). 5. Configure AEM Cloud Author with Adobe IMSTo enable SSO for AEM Author:  - Go to Admin Console > Products > AEM.  - Assign users/groups to the correct product profile for the Author instance.  - Ensure your AEM project uses Adobe IMS authentication:    - Verify IMS config in AEM’s /libs/granite/security/useradmin or via Cloud Manager deployment.    - Adobe will provide the IMS configuration during project setup. You can request their assistance via a support ticket if not already done. 6. Validate SSO Works  - Try logging into AEM Author at your cloud author URL.  - You should be redirected to your IdP login.  - Once authenticated, you should land in AEM with the assigned access.  - Also verify login via adminconsole.adobe.com using SSO. Note:Use private/incognito mode to avoid cached sessions.Try logging in with a test user under the federated domain.Check Admin Console > Audit Logs for login attempts and failures.Regards,Amit

rks1108 · Answer

Next Steps for SSO Integration (Adobe IMS)

1. Identity Provider (IdP) Setup in Adobe Admin Console

Go to the Admin Console for your organization.
Navigate to Settings > Identity.
Under your Directory, ensure your domains are listed.
Set up your SSO connection (IdP) for each directory. You will need your IdP metadata (e.g., SAML XML) or configure it as per your IdP’s requirements.
- Adobe supports several identity types, including SAML and Azure AD.
- Complete the IdP setup wizard and test the SSO connection right from the Admin Console.

2. Assign Users or User Groups

Under Users in Admin Console, assign users from your directory or sync users/groups from your IdP.
These users should now be able to use SSO to access Adobe solutions (including AEM, Admin Console, etc).

3. Configure Adobe IMS in AEM Author Instance

In AEM, go to Tools > Security > Adobe IMS Configuration.
Create a new IMS Configuration for your IMS Org.
Provide the necessary details:
- IMS Org ID
- Technical account information (Client ID, Secret, etc.—these are obtained from the Admin Console or your associated Adobe Developer Console integration).
Save the configuration. More details: Adobe IMS Authentication and Admin Console Support for AEM
Set up user-to-group mappings if you want to control permissions automatically based on group membership from your IdP.

4. Test SSO Functionality

For Admin Console:

Go to the Admin Console login page and attempt to log in with a user from your directory.
You should be redirected to your IdP for authentication and then back to the Admin Console.

For AEM Author Instance:

Open AEM Author login page.
Use the IMS login button or the appropriate SSO login method.
You’ll be redirected to the IdP, then back to AEM after successful login.
If you are seeing your SSO users in AEM and able to assign the necessary groups and permissions, the integration is successful.

Validation Checklist

User login test: Test with at least one real user.
User/group sync: Check that users and groups are visible in AEM and mapped as expected.
Access check: Verify correct access/roles are applied after login (admin, editor, etc.).
Audit logs: Review login logs in both Admin Console and AEM for successful SSO assertions.
Troubleshoot: If issues occur, check:
- Adobe Admin Console > Insights > Identity for recent SSO errors
- AEM error.log or IMS integration logs for failed handshakes

Official Docs and Deep Dives

These will also guide you step by step for setup and troubleshooting.

Next Steps for SSO Integration (Adobe IMS)

1. Identity Provider (IdP) Setup in Adobe Admin Console

2. Assign Users or User Groups

3. Configure Adobe IMS in AEM Author Instance

4. Test SSO Functionality

Validation Checklist

Official Docs and Deep Dives

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded