Expand my Community achievements bar.

Dive into Adobe Summit 2024! Explore curated list of AEM sessions & labs, register, connect with experts, ask questions, engage, and share insights. Don't miss the excitement.
SOLVED

AEM Okta Integration - Retain Existing Users ACL

Avatar

Level 1

We have 3 AEM instances with different authentication methods. The instance using ActiveDirectory/LDAP will be moved to Okta. It's my understanding that once the profile attributes are mapped between AEM and Okta, AEM will create new profiles once the user authenticates. If this is true, how does one go about retaining the existing user groups and permissions?

 

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Hi @KelvinShah ,

So Okta is a identity provider and in order to implement SSO, I guess you you must be using SAML or  Authentication Handler. In web console Adobe Granite SAML 2.0 Authentication Handler you can manage several configuration related to SAML.
Here you can also configure that after successful authentication whether or not to automatically create non-existing users in the repository. So, I believe existing user will remain as it is, but for safer side you can try to simulate the behavior on any lower environment before moving to higher env.
Hope this help!

View solution in original post

2 Replies

Avatar

Correct answer by
Community Advisor

Hi @KelvinShah ,

So Okta is a identity provider and in order to implement SSO, I guess you you must be using SAML or  Authentication Handler. In web console Adobe Granite SAML 2.0 Authentication Handler you can manage several configuration related to SAML.
Here you can also configure that after successful authentication whether or not to automatically create non-existing users in the repository. So, I believe existing user will remain as it is, but for safer side you can try to simulate the behavior on any lower environment before moving to higher env.
Hope this help!

Avatar

Level 2

@KelvinShah 

It will create the profile first time and will reuse the same profile in subsequent logins.