We are planning to implement SSO for one of our application with Azure AD B2C is the Identity Provider. We are trying to automate the entire process i.e. user creation, group creation and assigning permissions to the user after successful authentication should be automated(say programmatic) based on the attributes received in SAML response. For example if a user whose user id is 123, user role is admin, user type is corporate is able to login successfully then based on the above SAML attributes, AEM user group needs to be created if it does not exist and also assign permissions in CRX based on other SAML attributes for example entitlement. Could you please validate the approach and let us know if any OOTB APIs exist for user group creation and assigning permissions.
AEM ships with a SAMLauthentication handler by default. You can specify in Add to Groups property of Adobe Granite SAML 2.0 Authentication Handler config whether or not a user should be automatically added to CRX groups after successful authentication.