Expand my Community achievements bar.

SOLVED

Question on setting up SAML for Author Server

Avatar

Level 3
Level 3
3/25/25 6:54:58 PM

Hi all,

We are trying to setup SAML integration with our Author environment. As i understand, anyone who tries to login, their User account is created and added to the groups mentioned in the SAML configuration post successful authentication with IDP. Now, in case someone outside of our author group has this link and tries to access this, how can i prevent him from being added to the groups i created ?

Thanks,

Abhishek

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

Experience Manager Sites

Views

85

Replies

2
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Community Advisor
Community Advisor
3/25/25 8:48:45 PM

@kolluax Normally how it works is the users who wants to login to AEM Author has to apply for access  roles(Author, Approver, Admin) within the organization and get the approval for the roles and that group information will be stored in either LDAP/Active Directory. When the IDP (like Salesforce or Okta or other IDPs) authenticates the user it will look for the roles assigned for the user from the backend and return that group to AEM through SAML post back. Just because an user have access to link to IDP to login doesn't mean that user can access the author. The user has to have the actual roles assigned in the backend to make the whole thing work. Hope this helps!

View solution in original post

Views

76

Replies

1
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
2 Replies

Avatar

Correct answer by
Community Advisor
Community Advisor
3/25/25 8:48:45 PM

@kolluax Normally how it works is the users who wants to login to AEM Author has to apply for access  roles(Author, Approver, Admin) within the organization and get the approval for the roles and that group information will be stored in either LDAP/Active Directory. When the IDP (like Salesforce or Okta or other IDPs) authenticates the user it will look for the roles assigned for the user from the backend and return that group to AEM through SAML post back. Just because an user have access to link to IDP to login doesn't mean that user can access the author. The user has to have the actual roles assigned in the backend to make the whole thing work. Hope this helps!

Views

77

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 3
Level 3
3/26/25 6:41:06 AM
In response to Saravanan_Dharmaraj

Thanks Saravanan. I tried few things overnight and what worked for me where

1. In the SAML configs, i marked the group to be added as "everyone"

2. create a group with set ACLs and bunch of users

3. Only the users who had permissions set where able to view the pages, rest were just added to everyone group with no access to any interfaces

 

I believe this would suffice for our use-case for now. We were looking for a way to prevent them from getting to those pages/assets. Thanks for the prompt response.

 

Regards,

Abhishek

Views

24

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
AEM Cloud SAML 2.0 | how to pass multiple groups in groupMembershipAttribute property Solved

Views

121

Likes

0

Replies

4
Labels in LiveCycle designer dont allow for multiple lines with italics

Views

8

Likes

0

Replies

0
How to Hide the "Publish" Button for folders in CARD VIEW ?

Views

103

Likes

0

Replies

5
Show hide JS on dropdown for multiple values

Views

107

Likes

0

Replies

3
Session signed out pop up in Author is not showing up in AEM Sites

Views

82

Likes

0

Replies

1