Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

Multiple directories for SSO for AA

Avatar

Level 2

Hi,

 

Working with a group of companies, the group level has a directory for SSO, while one of their newly acquired child company has its own/separate directory. It would take a while (or even may not happen) for them to integrate, but we need to onboard the child company to use AA. 

 

So would like to check if it's possible and supported for a single AA entity to integrate with multiple directories for SSO?

 

I'm checking the below link,

 

https://helpx.adobe.com/hk_en/enterprise/using/set-up-identity.html

 

The video inside seems suggest that when you try to link a domain to a directory, there is a drop down to choose from a list of available directories.

 

Anyone have tried this single AA with multiple directories for SSO config?

 

Thanks,

John

 

0 Replies

Avatar

Employee

Hey John!

 

This is Kerry Nelson, I am a SME for SSO for the Experience Cloud. It was brought to my attention about your question. How can I help you on this task? What you want to do is possible. There are a few things though that we should discuss and cover about SSO configuration. So yes, you can configure SSO on a single Admin console and share it with other admin consoles as trustees. So that is possible. We can also just convert just the Analytics users to use SSO. But here is the catch, If we add in SSO, newly created users would have a toggle for Adobe ID or Federated Id. Though Adobe is going through and changing our configurations to use our new method called Business IDs. So it sort of works like a wrapper for authentication. So if the domain claim is present on the cloud you are working on for this Analytics setup then it's possible the users might have been added to the Admin console as Business ID but once we add in the Federated Id option, all users moving forward would automatically go to Federated ID. And then, we would just need to convert the remaining users to Federated ID using a script or exporting the list and reimporting the users. Just remember SSO in the Admin console covers all products connected to it. So not just Analytics is the thing. If you would like to discuss feel free to open a ticket through the Admin console - Administrative card - And that will route to my team and me. Happy to help you on this journey!  Have an amazing day!

 

Kerry Nelson

 

Avatar

Level 2

Hi Kerry,

 

Thanks for your reply. 

 

What we would like to do is to create 2 separate directories in a single Admin Console, each integrate/authenticate with separate Identity Provider (IDP), like below

 

Under the same Admin Console / Organization, 2 directories will be created

 

  1. “Directory 1 for BU1” integrated with the Active Directory in BU1 and linked with bu1.com for @bu1.com users to do SSO to access AA.
  2. “Directory 2 for BU2” integrated with the Active Directory in BU2 and linked with bu2.com for @bu2.com users to do SSO to access AA

Is the above configuration supported?

 

Thanks,

John

 

Avatar

Employee

Hey John! Sorry for getting back to late here! Yes that is totally supported. That will most definately work. If you find you get stuck PM me directly which should go to my work account and I can get on a call with you.

 

Best,

Kerry Nelson