Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn more

View all

Sign in to view all badges

SOLVED

User Management - Authorization - OKTA and AEM

samr99530769
Level 3
Level 3

Hi All,

We are using OKTA as IDP in our application.As per our current architecture we are not allowed to create user in AEM.I am facing some problem with authorization part.

I need some clarification as below.Please provide your valuable comments.

1)Is there a way to authorize the page or DAM assets without maintaining the user with in AEM.
2)What is the pros and cons of creating user with in AEM using SAML Handler.Will user sycing between the publisher will be a problem.
3)Is there a way to sync the user in OKTA to all AEM server at some regular time.Is there any OOTB tools are avilable.

Thanks,
Samba

1 Accepted Solution
MC_Stuff
Correct answer by
Level 9
Level 9

Hi Samba, 

  1. AEM needs an user which is prerequsite for authentication to serve protected resources. .
  2. SAML means SSO and user will get created automatically if does not required. But it does not sync automatically between publishers. You need custom configuration using sling distribution to sync.  But it is not required unless you have requirement user home path should match. 
  3. Sync happens at user login time. In case you want periodic sync need custom implementation.

Thanks,

View solution in original post

2 Replies
MC_Stuff
Correct answer by
Level 9
Level 9

Hi Samba, 

  1. AEM needs an user which is prerequsite for authentication to serve protected resources. .
  2. SAML means SSO and user will get created automatically if does not required. But it does not sync automatically between publishers. You need custom configuration using sling distribution to sync.  But it is not required unless you have requirement user home path should match. 
  3. Sync happens at user login time. In case you want periodic sync need custom implementation.

Thanks,

View solution in original post