Working with a group of companies, the group level has a directory for SSO, while one of their newly acquired child company has its own/separate directory. It would take a while (or even may not happen) for them to integrate, but we need to onboard the child company to use AA.
So would like to check if it's possible and supported for a single AA entity to integrate with multiple directories for SSO?
I'm checking the below link,
The video inside seems suggest that when you try to link a domain to a directory, there is a drop down to choose from a list of available directories.
Anyone have tried this single AA with multiple directories for SSO config?
This is Kerry Nelson, I am a SME for SSO for the Experience Cloud. It was brought to my attention about your question. How can I help you on this task? What you want to do is possible. There are a few things though that we should discuss and cover about SSO configuration. So yes, you can configure SSO on a single Admin console and share it with other admin consoles as trustees. So that is possible. We can also just convert just the Analytics users to use SSO. But here is the catch, If we add in SSO, newly created users would have a toggle for Adobe ID or Federated Id. Though Adobe is going through and changing our configurations to use our new method called Business IDs. So it sort of works like a wrapper for authentication. So if the domain claim is present on the cloud you are working on for this Analytics setup then it's possible the users might have been added to the Admin console as Business ID but once we add in the Federated Id option, all users moving forward would automatically go to Federated ID. And then, we would just need to convert the remaining users to Federated ID using a script or exporting the list and reimporting the users. Just remember SSO in the Admin console covers all products connected to it. So not just Analytics is the thing. If you would like to discuss feel free to open a ticket through the Admin console - Administrative card - And that will route to my team and me. Happy to help you on this journey! Have an amazing day!
Thanks for your reply.
What we would like to do is to create 2 separate directories in a single Admin Console, each integrate/authenticate with separate Identity Provider (IDP), like below
Under the same Admin Console / Organization, 2 directories will be created
Is the above configuration supported?
Hey John! Sorry for getting back to late here! Yes that is totally supported. That will most definately work. If you find you get stuck PM me directly which should go to my work account and I can get on a call with you.