Adobe Experience Manager Sites & More

View profile · 04-08-2020

Hi All,

We are planning to implement SSO for one of our application with Azure AD B2C is the Identity Provider. We are trying to automate the entire process i.e. user creation, group creation and assigning permissions to the user after successful authentication should be automated(say programmatic) based on the attributes received in SAML response. For example if a user whose user id is 123, user role is admin, user type is corporate is able to login successfully then based on the above SAML attributes, AEM user group needs to be created if it does not exist and also assign permissions in CRX based on other SAML attributes for example entitlement. Could you please validate the approach and let us know if any OOTB APIs exist for user group creation and assigning permissions.

Please let me know if you need more information.

Thanks

Srikanth

srikanthp689160 · ‎04-08-2020

Hi @srikanthp689160,

AEM ships with a SAML authentication handler by default. You can specify in Add to Groups property of Adobe Granite SAML 2.0 Authentication Handler config whether or not a user should be automatically added to CRX groups after successful authentication.

In Default Groups, you can add a list of default CRX groups users which are added to after successful authentication. See for more details: https://docs.adobe.com/content/help/en/experience-manager-65/administering/security/saml-2-0-authent...

Thanks!!