Expand my Community achievements bar.

Submissions are now open for the 2026 Adobe Experience Maker Awards.
Apply Now
SOLVED

Adobe IMS for Author in Cloud Service

Avatar

Level 2
Level 2
5/7/25 5:41:21 AM

Hi , 
I am trying to use Adobe IMS for SSO for our author instance and Admin console ,as we are migrating we already have Directory and domains in AMS , as per adobe we raised the request for domains and got it approved .
In Admin console I can see directories

Shankar_K_0-1746621243432.png

 

I need the SSO to be applied for the domains under directory

 

I have gone through the adobe docs and i have arrived till this step , please suggest me the next steps to be followed so i can successfully integrate  SSO for Author and Admin console , and how to validate them

 

 

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

Experience Manager Experience Manager as a Cloud Service

Views

648

Replies

3
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Community Advisor
Community Advisor
5/7/25 5:57:51 AM

Hi @Shankar_K ,

Try below steps:

1. Ensure Directory & Domain Status

  - Your directories are set to Federated ID and Trusted/Active — correct.

  - Your domains are Approved and Active — good to go.

  - Note: Make sure “Domain Enforcement” is enabled if you want users under that domain to be forced to use SSO.


2. Set Up SAML for the Directory (if not done yet)

If Adobe Support hasn’t already configured SAML:

  - Go to Admin Console > Settings > Identity.

  - Select your Federated Directory.

  - Click on "Set up SAML".

  - Upload your IdP metadata file (from Azure AD, Okta, or any other SAML provider).

  - Adobe will verify it and enable the integration.

 

3. Enable Domain Enforcement

This step ensures SSO is enforced:

  - In Admin Console, go to Identity > Directories.

  - Select your directory > Edit.

  - Toggle Domain Enforcement to On for required domains.

 

4. Assign Users to Directory

Ensure users are assigned under the Federated ID directory:

  - Go to Admin Console > Users.

  - Add users using their email in the federated domain.

  - Assign roles or product profiles (e.g., AEM Author access).

 

5. Configure AEM Cloud Author with Adobe IMS

To enable SSO for AEM Author:

  - Go to Admin Console > Products > AEM.

  - Assign users/groups to the correct product profile for the Author instance.

  - Ensure your AEM project uses Adobe IMS authentication:

    - Verify IMS config in AEM’s /libs/granite/security/useradmin or via Cloud Manager deployment.

    - Adobe will provide the IMS configuration during project setup. You can request their assistance via a support ticket if not already done.

 

6. Validate SSO Works

  - Try logging into AEM Author at your cloud author URL.

  - You should be redirected to your IdP login.

  - Once authenticated, you should land in AEM with the assigned access.

  - Also verify login via adminconsole.adobe.com using SSO.

 

Note:

Use private/incognito mode to avoid cached sessions.

Try logging in with a test user under the federated domain.

Check Admin Console > Audit Logs for login attempts and failures.

Regards,
Amit

View solution in original post

Views

640

Replies

1
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
3 Replies

Avatar

Correct answer by
Community Advisor
Community Advisor
5/7/25 5:57:51 AM

Hi @Shankar_K ,

Try below steps:

1. Ensure Directory & Domain Status

  - Your directories are set to Federated ID and Trusted/Active — correct.

  - Your domains are Approved and Active — good to go.

  - Note: Make sure “Domain Enforcement” is enabled if you want users under that domain to be forced to use SSO.


2. Set Up SAML for the Directory (if not done yet)

If Adobe Support hasn’t already configured SAML:

  - Go to Admin Console > Settings > Identity.

  - Select your Federated Directory.

  - Click on "Set up SAML".

  - Upload your IdP metadata file (from Azure AD, Okta, or any other SAML provider).

  - Adobe will verify it and enable the integration.

 

3. Enable Domain Enforcement

This step ensures SSO is enforced:

  - In Admin Console, go to Identity > Directories.

  - Select your directory > Edit.

  - Toggle Domain Enforcement to On for required domains.

 

4. Assign Users to Directory

Ensure users are assigned under the Federated ID directory:

  - Go to Admin Console > Users.

  - Add users using their email in the federated domain.

  - Assign roles or product profiles (e.g., AEM Author access).

 

5. Configure AEM Cloud Author with Adobe IMS

To enable SSO for AEM Author:

  - Go to Admin Console > Products > AEM.

  - Assign users/groups to the correct product profile for the Author instance.

  - Ensure your AEM project uses Adobe IMS authentication:

    - Verify IMS config in AEM’s /libs/granite/security/useradmin or via Cloud Manager deployment.

    - Adobe will provide the IMS configuration during project setup. You can request their assistance via a support ticket if not already done.

 

6. Validate SSO Works

  - Try logging into AEM Author at your cloud author URL.

  - You should be redirected to your IdP login.

  - Once authenticated, you should land in AEM with the assigned access.

  - Also verify login via adminconsole.adobe.com using SSO.

 

Note:

Use private/incognito mode to avoid cached sessions.

Try logging in with a test user under the federated domain.

Check Admin Console > Audit Logs for login attempts and failures.

Regards,
Amit

Views

641

Replies

1
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 2
Level 2
5/14/25 9:55:38 PM
In response to AmitVishwakarma

Hi Everyone the login using custom SAML provider is working, the issue is all users in our directory was created using Adobe IDs for which federated login will not work, so i created a user with federated ID and tried logging in SAML started working , I was able to login as well as i was able to control the permissions using user groups .

Thanks ALL ,

Views

456

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Employee
Employee
5/9/25 4:16:20 AM

Next Steps for SSO Integration (Adobe IMS)

1. Identity Provider (IdP) Setup in Adobe Admin Console

  • Go to the Admin Console for your organization.
  • Navigate to Settings > Identity.
  • Under your Directory, ensure your domains are listed.
  • Set up your SSO connection (IdP) for each directory. You will need your IdP metadata (e.g., SAML XML) or configure it as per your IdP’s requirements.
    • Adobe supports several identity types, including SAML and Azure AD.
    • Complete the IdP setup wizard and test the SSO connection right from the Admin Console.

2. Assign Users or User Groups

  • Under Users in Admin Console, assign users from your directory or sync users/groups from your IdP.
  • These users should now be able to use SSO to access Adobe solutions (including AEM, Admin Console, etc).

3. Configure Adobe IMS in AEM Author Instance

  • In AEM, go to Tools > Security > Adobe IMS Configuration.
  • Create a new IMS Configuration for your IMS Org.
  • Provide the necessary details:
    • IMS Org ID
    • Technical account information (Client ID, Secret, etc.—these are obtained from the Admin Console or your associated Adobe Developer Console integration).
  • Save the configuration. More details: Adobe IMS Authentication and Admin Console Support for AEM
  • Set up user-to-group mappings if you want to control permissions automatically based on group membership from your IdP.

4. Test SSO Functionality

For Admin Console:

  • Go to the Admin Console login page and attempt to log in with a user from your directory.
  • You should be redirected to your IdP for authentication and then back to the Admin Console.

For AEM Author Instance:

  • Open AEM Author login page.
  • Use the IMS login button or the appropriate SSO login method.
  • You’ll be redirected to the IdP, then back to AEM after successful login.
  • If you are seeing your SSO users in AEM and able to assign the necessary groups and permissions, the integration is successful.

Validation Checklist

  1. User login test: Test with at least one real user.
  2. User/group sync: Check that users and groups are visible in AEM and mapped as expected.
  3. Access check: Verify correct access/roles are applied after login (admin, editor, etc.).
  4. Audit logs: Review login logs in both Admin Console and AEM for successful SSO assertions.
  5. Troubleshoot: If issues occur, check:
    • Adobe Admin Console > Insights > Identity for recent SSO errors
    • AEM error.log or IMS integration logs for failed handshakes

Official Docs and Deep Dives

These will also guide you step by step for setup and troubleshooting.

Views

550

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
Facing issue with activating DAM assets in Groovy script Solved

Views

40

Likes

0

Replies

2
How can we show only gated (Secure) Content for End User ?

Views

31

Likes

0

Replies

1
[AEM6.5] Dynamic Media Video Smart Crop || Custom Crop for Video asset

Views

133

Likes

0

Replies

4
Workitem instance path in custom participant step

Views

98

Likes

0

Replies

4
Implement a custom Package Exporter for Sling Distribution

Views

113

Likes

0

Replies

3