Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

Automate User and Group creation after successful authentication

srikanthp689160
Level 4
Level 4

Hi All,

We are planning to implement SSO for one of our application with Azure AD B2C is the Identity Provider. We are trying to automate the entire process i.e. user creation, group creation and assigning permissions to the user after successful authentication should be automated(say programmatic) based on the attributes received in SAML response. For example if a user whose user id is 123, user role is admin, user type is corporate is able to login successfully then based on the above SAML attributes, AEM user group needs to be created if it does not exist and also assign permissions in CRX based on other SAML attributes for example entitlement. Could you please validate the approach and let us know if any OOTB APIs exist for user group creation and assigning permissions.

Please let me know if you need more information.

 

Thanks

Srikanth

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

1 Accepted Solution
vanegi
Correct answer by
Employee
Employee

Hi @srikanthp689160,

AEM ships with a SAML authentication handler by default. You can specify in Add to Groups property of Adobe Granite SAML 2.0 Authentication Handler config whether or not a user should be automatically added to CRX groups after successful authentication.

 

In Default Groups, you can add a list of default CRX groups users which are added to after successful authentication. See for more details: https://docs.adobe.com/content/help/en/experience-manager-65/administering/security/saml-2-0-authent...

 

Thanks!!

View solution in original post

5 Replies
vanegi
Correct answer by
Employee
Employee

Hi @srikanthp689160,

AEM ships with a SAML authentication handler by default. You can specify in Add to Groups property of Adobe Granite SAML 2.0 Authentication Handler config whether or not a user should be automatically added to CRX groups after successful authentication.

 

In Default Groups, you can add a list of default CRX groups users which are added to after successful authentication. See for more details: https://docs.adobe.com/content/help/en/experience-manager-65/administering/security/saml-2-0-authent...

 

Thanks!!

View solution in original post

srikanthp689160
Level 4
Level 4

@vanegi, yes aware of the approach you've mentioned where user group creation is a manual step in AEM, right? We are looking at an automated way of group creation in AEM along with assigning appropriate permissions. Would like to know if this is the recommended and possible approach or not. If possible, can you please point me to resources for more information on this.

 

Thanks

Srikanth

Arun_Patidar
Community Advisor
Community Advisor

You need to create a custom SAML handler like https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/custom-saml-authentication...

 

or Create Event Listener/Launcher on user nodes and update user groups. 

srikanthp689160
Level 4
Level 4
Hi @Arun_Patidar, does this require custom SAML Handler or SAML Post processor?