OKTA AEM integration in AMS

Question

Hello Team,

Anyone has implemented OKTA integration with AEM running on AMS? I am fine with this configuration steps on Author: https://experienceleague.adobe.com/en/docs/experience-manager-learn/foundation/authentication/okta-saml-integration

But, wanted to know about publish env. Sample scenario:

End user has created account in Okta. Then, the user logs in to my AEM live site(consider AMS has multiple publish env.) How to maintain the server session in sync with all publish env? Note: This user is not an author. Will not get access to author env.

cc @arunpatidar @aanchal-sikka @veenavikraman @sureshdhulipudi @lukasz-m

Thanks in advance.

HrishikeshKagne · Accepted Answer

Hi @mahesh_gunaje ,In AMS with multiple publish nodes, OKTA login works per node, but sessions are not auto-shared.Put a load balancer/dispatcher with sticky sessions so each user stays on the same publish node.Or use a shared session store/SSO token (e.g., OKTA JWT or SAML token validated on every request) instead of relying on AEM’s local session.Avoid creating AEM users for site visitors-handle auth at the edge (dispatcher/CDN) or via OAuth bearer tokens.Use sticky sessions or token-based validation, not AEM user sync, to keep sessions consistent across publish nodes.Refer:https://aem4beginner.blogspot.com/enabling-encapsulation-token-support-in https://experienceleague.adobe.com/en/docs/experience-cloud-kcs/kbarticles/ka-21491https://experienceleague.adobe.com/en/docs/experience-manager-65/content/security/encapsulated-token

arunpatidar · Answer

Hi @mahesh_gunaje You need to enable Encapsulated Token https://experienceleague.adobe.com/en/docs/experience-manager-65/content/security/encapsulated-token

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded