Expand my Community achievements bar.

Submissions are now open for the 2026 Adobe Experience Maker Awards.
Apply Now

Mark Solution

This conversation has been locked due to inactivity. Please create a new post.

SOLVED

AEM Okta Integration - Retain Existing Users ACL

Avatar

Level 1
Level 1
3/8/23 8:02:45 PM

We have 3 AEM instances with different authentication methods. The instance using ActiveDirectory/LDAP will be moved to Okta. It's my understanding that once the profile attributes are mapped between AEM and Okta, AEM will create new profiles once the user authenticates. If this is true, how does one go about retaining the existing user groups and permissions?

 

Views

720

Replies

2
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Community Advisor
Community Advisor
3/9/23 5:37:22 AM

Hi @KelvinShah ,

So Okta is a identity provider and in order to implement SSO, I guess you you must be using SAML or  Authentication Handler. In web console Adobe Granite SAML 2.0 Authentication Handler you can manage several configuration related to SAML.
Here you can also configure that after successful authentication whether or not to automatically create non-existing users in the repository. So, I believe existing user will remain as it is, but for safer side you can try to simulate the behavior on any lower environment before moving to higher env.
Hope this help!

View solution in original post

Views

704

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
2 Replies

Avatar

Correct answer by
Community Advisor
Community Advisor
3/9/23 5:37:22 AM

Hi @KelvinShah ,

So Okta is a identity provider and in order to implement SSO, I guess you you must be using SAML or  Authentication Handler. In web console Adobe Granite SAML 2.0 Authentication Handler you can manage several configuration related to SAML.
Here you can also configure that after successful authentication whether or not to automatically create non-existing users in the repository. So, I believe existing user will remain as it is, but for safer side you can try to simulate the behavior on any lower environment before moving to higher env.
Hope this help!

Views

705

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 2
Level 2
3/11/23 5:44:14 AM

@KelvinShah 

It will create the profile first time and will reuse the same profile in subsequent logins.

Views

685

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
Facing org.apache.pdfbox.pdmodel.encryption.InvalidPasswordException while converting PDF to JSON using Tika in AEM Solved

Views

776

Likes

0

Replies

4
AEM Cloud Service: Runtime Exclusion of External Links from Link Checker Solved

Views

799

Likes

0

Replies

3
Local AEM Error - HTTP ERROR 500 Server Error Solved

Views

1.2K

Likes

0

Replies

5
Career Roadways after getting AEM Sites Developer Professional

Views

60

Likes

0

Replies

2
OKTA AEM integration in AMS

Views

255

Likes

0

Replies

2