Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.

Changing Identity types, How do you do it?

Avatar

Employee

We understand the need to want to improve your current setups in the Admin Console. Sometimes that is because of new mandates that require you to get off of using Adobe IDs and move to Federated Ids or Enterprise Ids. In the forums I have covered the how do I create an Single Sign On setup. But how do you convert the users that are already in the Cloud?

If you have users that are in the Cloud already and you need them moved for now the answer is to reach out to Client Care support teams. We can convert the users for you. Main things we need to know is the list of users that you have and when this needs to be done by.

Things we don't recommend you do while doing this process with us:

1. Please do not ask us to update the email addresses for every user. If users are indeed changing from one identity type to another its easier to convert the Identity type to Federated and then there are other ways to change it. Otherwise this would be a brand new user which would have to be created if the domain name is not the same and that involves a lot of extra steps.

Should a user need to change their email address prior to doing this process please have them go to account.adobe.com adjust their email address and then you as the Sys admin will need to remove this user and re-add the user back to the Admin console. Otherwise failure to doing this will result in errors and a whole lot of unfun experiences trying to understand what happened. I have unfortunately seen a number of these over the few months and thought it would be better if I give you some recommendations to what you can do.

So if you are changing a users email address do this prior and readd the user back to the cloud. By removing the user from the Cloud this unlocks the account in Analytics while its "delinked" you can go into Analytics and then change the email address to their new email address before re-adding the user. Then once you re-add said user this will find their account automatically and give back all their reports and dashboards making this a very smooth process. If for some reason you do not update the user's email address in Analytics while it is unlinked the Admin console will not try to find the previous account, it will think its a brand new user and the result will be a brand new account in Analytics with you scratching your head asking what happened to all your reports for this user. So best thing to do while its delinked then make the changes to Analytics so the email is also up to date.

Main pieces of information that we need from you when you want us to convert the users from Adobe ID or from another other time to another type we need the following information: Column A) Identity Type (Adobe ID, Federated ID, Enterprise ID) we want to know what you are currently on this user at the moment. Column B) Username only really applies if Column A is Federated ID otherwise all other instances its just going to be their Email address and for Federated ID it will only apply if in the Settings > Identity section of the Admin console if it says "email" on that page in the settings then its going to be Email if it says Username we expect something different. Column C) domain whatever the domain is we are going to be using. Column D) New Username this will be Email if its still Email for the setting in the Admin console as I mentioned previously for column B) if its changing for Federated then we need this. Column E) New Email address. We need to know what it should be when we change the user. And finally Column F) What is the Country Code (two letters) If you don't know then its UD *undetermined* Otherwise please give us the code. The reason for this is the Cloud uses this as a back up for the users to determine the language that should be displayed. And if you wouldn't mind any of your users who have Target permissions can do support a huge favor and gather the client's Target permissions they have. When users get converted every user is automatically sent back to Observer. So these have to be done manually which can take some time. So by including the Target permissions or a column that has what the user has access to so we can quickly filter for Target and in a separate column check for Approver, Editor, Observer this will help teams greatly!

Then once you have all this great information file a ticket to Client Care and tell us when we can convert the users. If you are going to be converting over 80 users or more understand that roughly 100 users is about an hour or so. So if you are doing 400 users plan for at least 4 hours to allow the users to convert.

If you have questions feel free to reach out.

Thanks!

Kerry Nelson

0 Replies