Expand my Community achievements bar.

SOLVED

Manage Permission for SAML Group/User

Avatar

Level 6
Level 6
10/15/22 11:28:45 PM

Hi Team,

 

We have recently implemented SAML SSO using Azure IDP in AEM 6.5.

 

Few best practices we would like to understand:

 

1) How to manage permissions in AEM for Groups/user created in IDP ?

2) Shall we create a new local AEM group A and make IDP group B part of it, assign appropriate permission to A.?

3) Other Suggestions if any.

4) After SAML Implementation, are we supposed to work with our admin user which is in local, not part of IDP OR we only should work with IDP groups/users. In second case, Shall we create a new Admin group in IDP?

 

Regards,

KTNR

 

 

Views

444

Replies

1
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Employee Advisor
Employee Advisor
10/16/22 2:15:45 AM

Adobe Experience Manager has inbuilt support to use SAML based authentication mechanism. It has the option of creating users in it, if required, and assigning them to a group for permissions related stuff after receiving the details from the “App Federation Metadata URL”.

 

Please refer: https://blog.developer.adobe.com/saml-authentication-in-aem-using-microsoft-azure-active-directory-3...

 

 

I just created only users at IDP. I had relevant AEM user group in which the created/logged in users were added after successful authentication.

 

 If we take a look into the Adobe Granite SAML 2.0 Authentication Handler configuration as shown below [http://localhost:7070/system/console/configMgr] - 

DEBAL_DAS_2-1665910448563.png

This OSGi configuration has two properties as mentioned below -

  1. Add to Groups — Checking it will add the created/logged in users to the group name mentioned in the next property.
  2. Default Groups — The group name in which the created/logged in users will be added (after successful authentication). You can have a relevant AEM user group with appropriate permission and you need to add that user group name at Default Groups property.

 

After SAML implementation I didn't consider or create a new Admin group in IDP level

 

View solution in original post

Views

432

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
1 Reply

Avatar

Correct answer by
Employee Advisor
Employee Advisor
10/16/22 2:15:45 AM

Adobe Experience Manager has inbuilt support to use SAML based authentication mechanism. It has the option of creating users in it, if required, and assigning them to a group for permissions related stuff after receiving the details from the “App Federation Metadata URL”.

 

Please refer: https://blog.developer.adobe.com/saml-authentication-in-aem-using-microsoft-azure-active-directory-3...

 

 

I just created only users at IDP. I had relevant AEM user group in which the created/logged in users were added after successful authentication.

 

 If we take a look into the Adobe Granite SAML 2.0 Authentication Handler configuration as shown below [http://localhost:7070/system/console/configMgr] - 

DEBAL_DAS_2-1665910448563.png

This OSGi configuration has two properties as mentioned below -

  1. Add to Groups — Checking it will add the created/logged in users to the group name mentioned in the next property.
  2. Default Groups — The group name in which the created/logged in users will be added (after successful authentication). You can have a relevant AEM user group with appropriate permission and you need to add that user group name at Default Groups property.

 

After SAML implementation I didn't consider or create a new Admin group in IDP level

 

Views

433

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
Related Conversations
How to Render the different version of Header for Specific Pages Using Experience Fragments in AEM?

Views

123

Likes

0

Replies

3
Way to remove the timestamp from the metadata field for expiry date

Views

129

Likes

0

Replies

4
Regarding User Roles and Permissions API of Adobe commerce

Views

87

Likes

0

Replies

2
Permissions for usersgroups for pages

Views

80

Likes

0

Replies

1
How to managing Cross-Domain Redirects in AEM Cloud

Views

227

Likes

0

Replies

7