Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn more

View all

Sign in to view all badges

SOLVED

The user profile conundrum with AEM, Okta and AEM ACLs

uraees
Level 2
Level 2

We have hundreds of thousands of users that is going to use okta to login through okta CIAM widget. What Okta will give us is an OAuth token. 

We do not want to create these user profiles in AEM as that will be very heavy for AEM.  These users are in 4 categories ; Can I create generic user profile in for these user categories and use that in place for managing AEM ACLs 

 

Our Okta authentication will happen from browser itself, we will have an OAuth token back from them that we can pass to AEM , we can indicate the user group in the OAuth token itself or as a header parameter to AEM page request.  

 

 

Tagging @Arun_Patidar , @kunal23 

ACL AEM oauth Okta user group User groups
1 Accepted Solution
Arun_Patidar
Correct answer by
Community Advisor
Community Advisor

Hi,

Are you planning to use cug to protect pages from the backend?

If not and If you need to create a login functionality for the portal you can rely on okta token and no need to send token to aem or creating aem session.

 

To check access you can utilize filters and permission sensitive caching to protect cached pages.

 

The cug will be helpful if you have pages that are protected by cug groups and for that you need groups in AEM e.g. https://medium.com/tech-learnings/social-login-with-google-oauth2-adobe-experience-manager-aem-ff33b.... The dummy user concept you can try and just update/assign the groups to temporary user in session but not to commit.

 

View solution in original post

4 Replies
Arun_Patidar
Correct answer by
Community Advisor
Community Advisor

Hi,

Are you planning to use cug to protect pages from the backend?

If not and If you need to create a login functionality for the portal you can rely on okta token and no need to send token to aem or creating aem session.

 

To check access you can utilize filters and permission sensitive caching to protect cached pages.

 

The cug will be helpful if you have pages that are protected by cug groups and for that you need groups in AEM e.g. https://medium.com/tech-learnings/social-login-with-google-oauth2-adobe-experience-manager-aem-ff33b.... The dummy user concept you can try and just update/assign the groups to temporary user in session but not to commit.

 

View solution in original post

uraees
Level 2
Level 2
@Arun_Patidar, we have 300,000 users ; is there a way i can make one CUG and create like one dummy user and assign this dummy user after the okta login and associate in establishing a cookie session ?
uraees
Level 2
Level 2
@Arun_Patidar, we have 300,000 users ; is there a way i can make one CUG and create like one dummy user and assign this dummy user after the okta login and associate in establishing a cookie session ?
Arun_Patidar
Community Advisor
Community Advisor
The cug will be helpful if you have pages which are protected by cug groups and for that you need groups in AEM e.g. https://medium.com/tech-learnings/social-login-with-google-oauth2-adobe-experience-manager-aem-ff33b.... The dummy user concept you can try and just update/assign the groups to temporary user in session but not to commit.