we need your help, I've an request how to filtering user access by login from adfs (use SAML Service) into AEM Website, some user can access and the other can't. there is any best practice how to do that because we need filtering automatically without add user manually. Bbecause when user login through adfs the adobe will create new user automatically. we use AEM 6.3.
I'm not sure if I'm able to understand your requirement correctly.
In general, you can create specific AD groups per AEM app or some other logic based on your business use case(s) and add the users to each AD group who would get created in AEM and assigned to that same group. You would just need to restrict the groups via '/useradmin' based on same business use case. You could make it as specific as you want.
Otherwise you may create local AEM groups (non-AD sync groups) and handle your business use cases accordingly.