Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

SSO Implementation

medhik
Level 2
Level 2

We are looking at implementing SSO for AEM instance (IdP will use LDAP AD).

A couple of questions that I have,

1. Do we first have to manually create the user(s) in AEM (with same userid as in AD)?

2. Do we also have to first create the groups and add member appropriately to ensure permissible access to the repository?

Otherwise is there an alternate way to have the users and groups created automatically by pulling in data from AD?

1 Accepted Solution
varunmitra
Correct answer by
Level 3
Level 3

Please find the answers to your questions inline:

1. Do we first have to manually create the user(s) in AEM (with same userid as in AD)? Yes, users need to be present in AEM for SSO to work

2. Do we also have to first create the groups and add member appropriately to ensure permissible access to the repository? Yes, user need to have all the ACL's defined

Otherwise is there an alternate way to have the users and groups created automatically by pulling in data from AD? Yes, you can import users from LDAP. You can sync a userlist using CURL[1]

Also I have attached a document that I created a while back. The steps were done using Apache.

 

[1] https://helpx.adobe.com/experience-manager/kb/how-to-synchronize-user-with-ldap.html

View solution in original post

3 Replies
varunmitra
Correct answer by
Level 3
Level 3

Please find the answers to your questions inline:

1. Do we first have to manually create the user(s) in AEM (with same userid as in AD)? Yes, users need to be present in AEM for SSO to work

2. Do we also have to first create the groups and add member appropriately to ensure permissible access to the repository? Yes, user need to have all the ACL's defined

Otherwise is there an alternate way to have the users and groups created automatically by pulling in data from AD? Yes, you can import users from LDAP. You can sync a userlist using CURL[1]

Also I have attached a document that I created a while back. The steps were done using Apache.

 

[1] https://helpx.adobe.com/experience-manager/kb/how-to-synchronize-user-with-ldap.html

View solution in original post