We are using OKTA as IDP in our application.As per our current architecture we are not allowed to create user in AEM.I am facing some problem with authorization part.
I need some clarification as below.Please provide your valuable comments.
1)Is there a way to authorize the page or DAM assets without maintaining the user with in AEM. 2)What is the pros and cons of creating user with in AEM using SAML Handler.Will user sycing between the publisher will be a problem. 3)Is there a way to sync the user in OKTA to all AEM server at some regular time.Is there any OOTB tools are avilable.
AEM needs an user which is prerequsite for authentication to serve protected resources. .
SAML means SSO and user will get created automatically if does not required. But it does not sync automatically between publishers. You need custom configuration using sling distribution to sync. But it is not required unless you have requirement user home path should match.
Sync happens at user login time. In case you want periodic sync need custom implementation.