Expand my Community achievements bar.

SOLVED

User group sync issue with IMS and SAML IDP (non Azure or Google)

Avatar

Community Advisor
Community Advisor
5/9/23 11:24:24 AM

We've created a directory in Admin Console as per the steps mentioned in https://helpx.adobe.com/enterprise/using/create-directory.html. We are using a SAML provider other than Azure AD or Google.

Normally when a user logs in it also pulls in group association and if the group doesn't exist it gets created. But in our case we are observing the group is not syncing. 

Any inputs on how this (group sync) can be achieved will be helpful. Thanks!

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

Administration Integrations User and Groups

Views

670

Replies

4
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Community Advisor
Community Advisor
5/10/23 1:06:28 AM

Update: We are on AEM as a Cloud Service

The issue got fixed by associating the user group with the correct product profile.

View solution in original post

Views

601

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
4 Replies

Avatar

Community Advisor
Community Advisor
5/9/23 11:14:13 PM

hi @shubhanshu_singh ,

 

These are some steps to troubleshoot and fix the issue:

  1. Check the SAML provider configuration in AEM and make sure that the group information is being passed correctly from the provider to AEM. You can check the SAML response for the group information.

  2. Check if the group sync is enabled in your AEM instance. You can do this by going to the User Management Console, clicking on the "Sync" tab, and checking if the "Sync Groups" option is enabled.

  3. Check the logs in AEM to see if there are any errors related to group sync. You can check the error logs in the error.log file in the crx-quickstart/logs directory.

  4. Make sure that the group path in AEM matches the group name in the SAML provider. If they don't match, the group sync will not work.

  5. Try manually creating the group in AEM and see if it syncs with the SAML provider. If it does, then there might be an issue with the automatic group creation in AEM.

Views

623

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Correct answer by
Community Advisor
Community Advisor
5/10/23 1:06:28 AM

Update: We are on AEM as a Cloud Service

The issue got fixed by associating the user group with the correct product profile.

Views

602

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Community Advisor
Community Advisor
6/13/23 6:17:13 AM

@shubhanshu_singh - This is not related to your query but you mentioned in the question that if the group doesn't exist it gets created.

As far as I can recall, the group sync requires to have the group created in AEM so that the user when logging in is auto assigned to the group.

Can you please confirm on this?

Views

531

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Community Advisor
Community Advisor
6/13/23 10:31:11 AM
In response to Rohan_Garg

Hi @Rohan_Garg , Group Membership info flows from IMS to AEM Instance.. In our case since this group was not correctly associated with Product Profile (for DEV env in AEMaaCS) we were unable to see any new group assigned to user on Customer's IDP to AEM Author instance. Also, there was a mis configuration in UST (User Sync Tool) which periodically pushes the info from IDP to IMS.


Views

525

Replies

0
Sign in to like this content

Total Likes

Translate
Translate