Expand my Community achievements bar.

SAML authentication for end users


Level 1

Hi there,

I'm writing this post to ask for some clarifications about cloud saml authentication for end users.

In the past, looking for a solution to authenticate end users on some of our portals, saml authentication was highly discouraged, especially for portals with a big userbase (millions of users). Many said saml authentication was used only for authoring or administration purposes.

Now, i bumped into this guide: https://experienceleague.adobe.com/docs/experience-manager-learn/cloud-service/authentication/saml-2....

Has anything changed during these years? Can we use saml2 authentication on publish to authenticate a very large userbase? Is there any limitation to take into consideration?

I'm asking this because we are taking into consideration the option of using this method of authentication for our end users.


Thanks in advance for your support.

4 Replies


Level 6

SAML 2.0 is generally considered to be secure and scalable. However, there are some limitations to consider.

  • SAML can be complex to set up and maintain, especially for large organizations.
  • SAML relies on XML, which can be verbose and slow to process.
  • SAML does not support strong authentication by itself.

If you are considering using SAML 2.0 for a large user base, it is important to weigh the benefits and drawbacks carefully. You may also want to consider other SSO protocols, such as OAuth 2.0 or OpenID Connect.


Community Advisor

SAML we generally use for Single Sign On (SSO) solution.

In AEM - SAML can be used for both Author and Publish instances (Login and access)


SAML for end user - not recommended. For end user - you can use Registration Process (registered users) - create login id and password to register users and provide authentication.

SAML authentication involves several redirects and XML parsing, which can add latency to the authentication process. For a large number of users, this could potentially impact performance

The guide above is the process to set up SAML For AEM instances.


Level 1

But, in your experience, is it worth to authenticate the end user on AEM or is it better to use a separate mechanism (for example authenticate directly from frontend to an external service, without going through AEM)?



@usr24 Did you find the suggestions from users helpful? Please let us know if more information is required. Otherwise, please mark the answer as correct for posterity. If you have found out solution yourself, please share it with the community.

Kautuk Sahni