Permission on Preview tier on AEM cloud | Community
Skip to main content
S
SwetaB
Level 4
February 7, 2024
Solved

Permission on Preview tier on AEM cloud

  • February 7, 2024
  • 4 replies
  • 1672 views

Hi All,

 

We are migrating from AEM 6.5 to AEM Cloud and wanted to utilize the preview tier on AEM cloud to preview the content before publishing.

Currently the website is using SAML authentication.

There are 2 requirements related to the preview tier

  • A particular user group with permission can access particular path in the preview.
  • Whitelist a domain so that a user with that domain will have access.

 

@arunpatidar @estebanbustamante

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by arunpatidar

Hi @swetab 
I think you can setup SAML for preview similar to PROD if the behaviour suppose to be same.

In case of some deviation, you can always extend SAML handler to add custom access checks.

 

https://docs.mktossl.com/docs/experience-manager-learn/cloud-service/authentication/saml-2-0.html?lang=en 

4 replies

SureshDhulipudi
Community Advisor
SureshDhulipudiCommunity Advisor
Community Advisor
February 7, 2024

https://experienceleague.adobe.com/docs/experience-manager-cloud-service/content/sites/authoring/fundamentals/previewing-content.html?lang=en

 

NOTE

As the content is published to the preview environment it is accessible by URL (so does not need access to AEM).

 

https://experienceleague.adobe.com/docs/experience-manager-cloud-service/content/sites/authoring/fundamentals/editing-content.html?lang=en

    S
    SwetaBAuthor
    Level 4
    February 8, 2024

    Hi Suresh,

     

    I know that the url is accessible like and doesn't require any access, that is why we need to add user permission to the preview environment. 

    I was thinking to have the same SAML setup enabled as we do for the publish environments but then how that can be configured.

      Raja_Reddy
      Community Advisor
      Raja_ReddyCommunity Advisor
      Community Advisor
      February 8, 2024

      Hi @swetab 

      To enable preview functionality in AEM Cloud and meet the two requirements related to SAML authentication, you can follow these steps:

      1. Configure SAML authentication in AEM Cloud: You will need to configure SAML authentication in AEM Cloud to enable users to authenticate using their SAML credentials. This can be done using the Adobe I/O Console. 
        https://experienceleague.adobe.com/docs/experience-manager-65/content/security/saml-2-0-authenticationhandler.html?lang=en 
        https://docs.mktossl.com/docs/experience-manager-learn/cloud-service/authentication/authentication.html?lang=en 

      2. Configure preview access: To enable preview access for a particular user group with permission to access a particular path, you can create a custom access control policy in AEM Cloud. This can be done using the AEM Cloud console.
        https://docs.mktossl.com/docs/experience-manager-65/content/forms/administrator-help/work-with-document-security/creating-policies.html 
        https://experienceleague.adobe.com/docs/experience-manager-cloud-service/content/implementing/using-cloud-manager/custom-permissions.html?lang=en 

      3. Whitelist a domain: To whitelist a domain so that users with that domain will have access to the preview, you can create a custom authentication handler in AEM Cloud. This can be done using the AEM Cloud console.
        https://docs.mktossl.com/docs/experience-manager-65/content/security/closed-user-groups.html?lang=en 
        https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/authentication-handler-in-aem-custom-approach-aem-community-blog/td-p/381915 

      4. Test preview functionality: Once you have configured SAML authentication, preview access, and whitelisted the domain, you can test the preview functionality in AEM Cloud. You can log in using your SAML credentials and verify that users in the specified user group have access to the preview and users with the whitelisted domain can access the preview.
        https://docs.mktossl.com/docs/experience-manager-65/content/implementing/developing/testing/tools.html 

        S
        SwetaBAuthor
        Level 4
        February 8, 2024

        Hi Raja,

         

        Can you elaborate or give more examples for point 2 and 3?

        If I enable SAML setup on preview environment aswell how to do that.

        How do we set up user access policy on preview env?

        Are you suggesting customize the saml authentication to accomodate the whitelisting of domain, any example?

        Note: this whitelisting of domain is required in publish aswell.

          arunpatidar
          Community Advisor
          arunpatidarCommunity AdvisorAccepted solution
          Community Advisor
          February 8, 2024

          Hi @swetab 
          I think you can setup SAML for preview similar to PROD if the behaviour suppose to be same.

          In case of some deviation, you can always extend SAML handler to add custom access checks.

           

          https://docs.mktossl.com/docs/experience-manager-learn/cloud-service/authentication/saml-2-0.html?lang=en 

          Arun Patidar
            kautuk_sahni
            Community Manager
            kautuk_sahniCommunity Manager
            Community Manager
            February 8, 2024

            @swetab Did you find the suggestions from users helpful? Please let us know if more information is required. Otherwise, please mark the answer as correct for posterity. If you have found out solution yourself, please share it with the community.

            Kautuk Sahni
            Terms & ConditionsAccessibility statement

            Loading footer...