Automate User and Group creation after successful authentication

Question

Hi All,We are planning to implement SSO for one of our application with Azure AD B2C is the Identity Provider. We are trying to automate the entire process i.e. user creation, group creation and assigning permissions to the user after successful authentication should be automated(say programmatic) based on the attributes received in SAML response. For example if a user whose user id is 123, user role is admin, user type is corporate is able to login successfully then based on the above SAML attributes, AEM user group needs to be created if it does not exist and also assign permissions in CRX based on other SAML attributes for example entitlement. Could you please validate the approach and let us know if any OOTB APIs exist for user group creation and assigning permissions.Please let me know if you need more information. ThanksSrikanth

vanegi · Accepted Answer

Hi @srikanthp689160,AEM ships with a SAML authentication handler by default. You can specify in Add to Groups property of Adobe Granite SAML 2.0 Authentication Handler config whether or not a user should be automatically added to CRX groups after successful authentication. In Default Groups, you can add a list of default CRX groups users which are added to after successful authentication. See for more details: https://docs.adobe.com/content/help/en/experience-manager-65/administering/security/saml-2-0-authenticationhandler.html Thanks!!

arunpatidar · Answer

You need to create a custom SAML handler like https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/custom-saml-authentication-handler-service-in-aem-6-3-is-in/td-p/256236

or Create Event Listener/Launcher on user nodes and update user groups.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded