Expand my Community achievements bar.

Submissions are now open for the 2026 Adobe Experience Maker Awards.
Apply Now
SOLVED

OKTA AEM integration in AMS

Avatar

Level 9
Level 9
9/17/25 9:35:16 AM

Hello Team,

 

Anyone has implemented OKTA integration with AEM running on AMS? I am fine with this configuration steps on Author: https://experienceleague.adobe.com/en/docs/experience-manager-learn/foundation/authentication/okta-s...

But, wanted to know about publish env. Sample scenario:

End user has created account in Okta. Then, the user logs in to my AEM live site(consider AMS has multiple publish env.) How to maintain the server session in sync with all publish env?  Note: This user is not an author. Will not get access to author env.

 

cc @arunpatidar  @aanchal-sikka  @VeenaVikraman  @SureshDhulipudi  @lukasz-m 

Thanks in advance.

Views

786

Replies

5
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Community Advisor
Community Advisor
9/18/25 6:13:10 AM

Hi @Mahesh_Gunaje ,

In AMS with multiple publish nodes, OKTA login works per node, but sessions are not auto-shared.
Put a load balancer/dispatcher with sticky sessions so each user stays on the same publish node.

Or use a shared session store/SSO token (e.g., OKTA JWT or SAML token validated on every request) instead of relying on AEM’s local session.

Avoid creating AEM users for site visitors-handle auth at the edge (dispatcher/CDN) or via OAuth bearer tokens.

Use sticky sessions or token-based validation, not AEM user sync, to keep sessions consistent across publish nodes.
Refer:

https://aem4beginner.blogspot.com/enabling-encapsulation-token-support-in

 

https://experienceleague.adobe.com/en/docs/experience-cloud-kcs/kbarticles/ka-21491


https://experienceleague.adobe.com/en/docs/experience-manager-65/content/security/encapsulated-token

 

Hrishikesh Kagane

View solution in original post

Views

534

Replies

1
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
5 Replies

Avatar

Community Advisor
Community Advisor
9/18/25 1:36:51 AM

Hi @Mahesh_Gunaje 

You need to enable Encapsulated Token

 https://experienceleague.adobe.com/en/docs/experience-manager-65/content/security/encapsulated-token 

Arun Patidar

AEM LinksLinkedIn

Views

564

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Correct answer by
Community Advisor
Community Advisor
9/18/25 6:13:10 AM

Hi @Mahesh_Gunaje ,

In AMS with multiple publish nodes, OKTA login works per node, but sessions are not auto-shared.
Put a load balancer/dispatcher with sticky sessions so each user stays on the same publish node.

Or use a shared session store/SSO token (e.g., OKTA JWT or SAML token validated on every request) instead of relying on AEM’s local session.

Avoid creating AEM users for site visitors-handle auth at the edge (dispatcher/CDN) or via OAuth bearer tokens.

Use sticky sessions or token-based validation, not AEM user sync, to keep sessions consistent across publish nodes.
Refer:

https://aem4beginner.blogspot.com/enabling-encapsulation-token-support-in

 

https://experienceleague.adobe.com/en/docs/experience-cloud-kcs/kbarticles/ka-21491


https://experienceleague.adobe.com/en/docs/experience-manager-65/content/security/encapsulated-token

 

Hrishikesh Kagane

Views

535

Replies

1
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 9
Level 9
9/25/25 10:28:19 AM
In response to HrishikeshKagne

Hi @HrishikeshKagne  @Saravanan_Dharmaraj  @SreenivasBr  @arunpatidar 

Sorry for late reply. I have referred this article: https://www.linkedin.com/pulse/how-configure-saml-local-aem-author-using-okta-aliaksei-baranouski/

Able to achieve the SSO configuration in AEM author side. As of now, I am not looking for publish env side.

Thanks all for your replies.

Views

94

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Community Advisor
Community Advisor
9/18/25 9:32:57 AM

@Mahesh_Gunaje  Check this one on encapsulated token like other suggested. 

https://experienceleague.adobe.com/en/docs/experience-manager-65/content/security/encapsulated-token 

Views

498

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 5
Level 5
9/19/25 1:16:47 AM

Check this one if it helps - https://medium.com/@lars.auffarth/building-an-aem-custom-authentication-handler-for-okta-openid-conn...

Views

322

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
AEM local bulk asset upload Solved

Views

22

Likes

0

Replies

2
How to verify successful asset publication to Dynamic Media on AEM Publisher? Solved

Views

45

Likes

0

Replies

2
AEM SPA OOTB model.json not fetching the locked components in the response Solved

Views

124

Likes

0

Replies

2
AEM Graphql Last-Modified response header doesn't update when content is updated and published

Views

38

Likes

0

Replies

1
Stacktraces in the logs related to Sling Distribution

Views

30

Likes

0

Replies

1