Expand my Community achievements bar.

Join us for the next Community Q&A Coffee Break on Tuesday April 23, 2024 with Eric Matisoff, Principal Evangelist, Analytics & Data Science, who will join us to discuss all the big news and announcements from Summit 2024!
Register Here

Multiple directories for SSO for AA

Avatar

Level 3
Level 3
8/8/22 6:13:08 AM

Hi,

 

Working with a group of companies, the group level has a directory for SSO, while one of their newly acquired child company has its own/separate directory. It would take a while (or even may not happen) for them to integrate, but we need to onboard the child company to use AA. 

 

So would like to check if it's possible and supported for a single AA entity to integrate with multiple directories for SSO?

 

I'm checking the below link,

 

https://helpx.adobe.com/hk_en/enterprise/using/set-up-identity.html

 

The video inside seems suggest that when you try to link a domain to a directory, there is a drop down to choose from a list of available directories.

 

Anyone have tried this single AA with multiple directories for SSO config?

 

Thanks,

John

 

Views

633

Replies

3
Sign in to like this content

Total Likes

Translate
Translate
3 Replies

Avatar

Employee
Employee
8/18/22 2:18:50 PM

Hey John!

 

This is Kerry Nelson, I am a SME for SSO for the Experience Cloud. It was brought to my attention about your question. How can I help you on this task? What you want to do is possible. There are a few things though that we should discuss and cover about SSO configuration. So yes, you can configure SSO on a single Admin console and share it with other admin consoles as trustees. So that is possible. We can also just convert just the Analytics users to use SSO. But here is the catch, If we add in SSO, newly created users would have a toggle for Adobe ID or Federated Id. Though Adobe is going through and changing our configurations to use our new method called Business IDs. So it sort of works like a wrapper for authentication. So if the domain claim is present on the cloud you are working on for this Analytics setup then it's possible the users might have been added to the Admin console as Business ID but once we add in the Federated Id option, all users moving forward would automatically go to Federated ID. And then, we would just need to convert the remaining users to Federated ID using a script or exporting the list and reimporting the users. Just remember SSO in the Admin console covers all products connected to it. So not just Analytics is the thing. If you would like to discuss feel free to open a ticket through the Admin console - Administrative card - And that will route to my team and me. Happy to help you on this journey!  Have an amazing day!

 

Kerry Nelson

 

Views

576

Replies

2
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 3
Level 3
8/18/22 7:48:24 PM
In response to kenelson

Hi Kerry,

 

Thanks for your reply. 

 

What we would like to do is to create 2 separate directories in a single Admin Console, each integrate/authenticate with separate Identity Provider (IDP), like below

 

Under the same Admin Console / Organization, 2 directories will be created

 

  1. “Directory 1 for BU1” integrated with the Active Directory in BU1 and linked with bu1.com for @bu1.com users to do SSO to access AA.
  2. “Directory 2 for BU2” integrated with the Active Directory in BU2 and linked with bu2.com for @bu2.com users to do SSO to access AA

Is the above configuration supported?

 

Thanks,

John

 

Views

570

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Employee
Employee
8/24/22 9:33:24 AM
In response to Hey_John

Hey John! Sorry for getting back to late here! Yes that is totally supported. That will most definately work. If you find you get stuck PM me directly which should go to my work account and I can get on a call with you.

 

Best,

Kerry Nelson

Views

561

Replies

0
Sign in to like this content

Total Likes

Translate
Translate