Automate User and Group creation after successful authentication

Avatar

Avatar
Validate 10
Level 3
srikanthp689160
Level 3

Likes

20 likes

Total Posts

95 posts

Correct reply

0 solutions
Top badges earned
Validate 10
Validate 1
Ignite 5
Ignite 3
Ignite 1
View profile

Avatar
Validate 10
Level 3
srikanthp689160
Level 3

Likes

20 likes

Total Posts

95 posts

Correct reply

0 solutions
Top badges earned
Validate 10
Validate 1
Ignite 5
Ignite 3
Ignite 1
View profile
srikanthp689160
Level 3

04-08-2020

Hi All,

We are planning to implement SSO for one of our application with Azure AD B2C is the Identity Provider. We are trying to automate the entire process i.e. user creation, group creation and assigning permissions to the user after successful authentication should be automated(say programmatic) based on the attributes received in SAML response. For example if a user whose user id is 123, user role is admin, user type is corporate is able to login successfully then based on the above SAML attributes, AEM user group needs to be created if it does not exist and also assign permissions in CRX based on other SAML attributes for example entitlement. Could you please validate the approach and let us know if any OOTB APIs exist for user group creation and assigning permissions.

Please let me know if you need more information.

 

Thanks

Srikanth

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar
Give Back 5
Employee
vanegi
Employee

Likes

392 likes

Total Posts

378 posts

Correct reply

148 solutions
Top badges earned
Give Back 5
Give Back 3
Give Back 10
Give Back
Boost 50
View profile

Avatar
Give Back 5
Employee
vanegi
Employee

Likes

392 likes

Total Posts

378 posts

Correct reply

148 solutions
Top badges earned
Give Back 5
Give Back 3
Give Back 10
Give Back
Boost 50
View profile
vanegi
Employee

04-08-2020

Hi @srikanthp689160,

AEM ships with a SAML authentication handler by default. You can specify in Add to Groups property of Adobe Granite SAML 2.0 Authentication Handler config whether or not a user should be automatically added to CRX groups after successful authentication.

 

In Default Groups, you can add a list of default CRX groups users which are added to after successful authentication. See for more details: https://docs.adobe.com/content/help/en/experience-manager-65/administering/security/saml-2-0-authent...

 

Thanks!!

Answers (1)

Answers (1)

Avatar

Avatar
Coach
MVP
Arun_Patidar
MVP

Likes

1,442 likes

Total Posts

3,318 posts

Correct reply

941 solutions
Top badges earned
Coach
Contributor 2
Ignite 10
Give Back 700
Boost 1000
View profile

Avatar
Coach
MVP
Arun_Patidar
MVP

Likes

1,442 likes

Total Posts

3,318 posts

Correct reply

941 solutions
Top badges earned
Coach
Contributor 2
Ignite 10
Give Back 700
Boost 1000
View profile
Arun_Patidar
MVP

04-08-2020

You need to create a custom SAML handler like https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/custom-saml-authentication...

 

or Create Event Listener/Launcher on user nodes and update user groups.