We have 3 AEM instances with different authentication methods. The instance using ActiveDirectory/LDAP will be moved to Okta. It's my understanding that once the profile attributes are mapped between AEM and Okta, AEM will create new profiles once the user authenticates. If this is true, how does one go about retaining the existing user groups and permissions?
Solved! Go to Solution.
Views
Replies
Total Likes
Hi @KelvinShah ,
So Okta is a identity provider and in order to implement SSO, I guess you you must be using SAML or Authentication Handler. In web console Adobe Granite SAML 2.0 Authentication Handler you can manage several configuration related to SAML.
Here you can also configure that after successful authentication whether or not to automatically create non-existing users in the repository. So, I believe existing user will remain as it is, but for safer side you can try to simulate the behavior on any lower environment before moving to higher env.
Hope this help!
Hi @KelvinShah ,
So Okta is a identity provider and in order to implement SSO, I guess you you must be using SAML or Authentication Handler. In web console Adobe Granite SAML 2.0 Authentication Handler you can manage several configuration related to SAML.
Here you can also configure that after successful authentication whether or not to automatically create non-existing users in the repository. So, I believe existing user will remain as it is, but for safer side you can try to simulate the behavior on any lower environment before moving to higher env.
Hope this help!
It will create the profile first time and will reuse the same profile in subsequent logins.
Views
Likes
Replies
Views
Likes
Replies
Views
Likes
Replies