Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

content authorization when AEM users and groups are are stored outside of AEM


Level 2

We've AEM site hosted for public and authenticated users. Few sections of sites are only visible to authenticated users and we are controlling this through users and groups stored within AEM itself.

One of the requirement is to store users and groups in company shared user system. Due to security reason we cannot store any users in AEM.

If we externalize all our users/groups to an external system like LDAP or custom DB solution.

In this case how can I leverage AEM OOTB content authorization? what is the standard approach for public, authenticated users content authorization when users are stored outside from AEM?

0 Replies


Level 10

If we externalize all our users/groups to an external system like LDAP

Many AEM developers use LDAP. However - when you configure AEM to use LDAP -- you have to import the LDAP users into AEM, and grant them appropriate permissions in AEM.

See this article for more details:


Level 2

Thanks for the reply,

We've ~4.5millions user currently stored in external system and which is going grow. We might not want to overload the repository with users instead keep all our user in current centralized source system. 

1. In this case, is there any best practice to store users outside AEM without syncing the users back with AEM? 

2. How to support the content authorization, should we store groups inside AEM OR content authorization can be achieved without having users/groups in AEM.