Different IDP Authentication for Internal vs External? | Community
Skip to main content
J
johneuk84
March 5, 2018
Question

Different IDP Authentication for Internal vs External?

  • March 5, 2018
  • 5 replies
  • 5793 views

Hi all,

We have requirements for AEM that:

1) any internal network users get routed to our ADFS for SSO

2) any external network users get routed to a Cloud IDP for explicit username/password authentication (i.e. Okta)

Can this be configured or does this require customization?

I am presuming that some code is required to detect the users ip and compare against whitelists to determine if a user is accessing from the frim's internal network to then decide if the user should be routed to ADFS or Okta?

Thanks

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

5 replies

kglad
kglad
March 5, 2018

[moved from Adobe Creative Cloud to Deployment for Creative Cloud for Team, Enterprise, & CS]

navinkaushal
navinkaushal
March 5, 2018

Hi John,

You can:

1. Any internal user will access AEM using internal Instance URLs and will get default login screen. You can connect that with ADFs to get them logged in.

2. You can keep 2 different Login screen for internal/external users

3. You can create 1 custom auth handler where in you can check if user is exists as internal/external. Based on that you can redirect him to inetrnal/external IDPs

Hope this helps.

Regards,

Navin

MC_Stuff
MC_Stuff
March 6, 2018

Hi John,

You can configure AEM to both ADFS + OKta. The logic to decide which one among them based on domain needs to be taken care in component that renders the login link. 

Thanks,

J
johneuk84Author
March 6, 2018

Navin: Your 3. is not an option, when an internal person accesses the URL you won't even have a username for them so you can't check if they are internal/external. My requirement is to automatically authenticate internal users when they access the site.

I believe having 2 login pages may be the best approach

J
johneuk84Author
March 6, 2018

Is it possible to have separate login pages, each configured with their own authentication mechanism (ADFS/Okta?)

After the login I assume they both access the SAME AEM site content?, Does this have any implication on the "Logout" process?

Terms & ConditionsAccessibility statement

Loading footer...