Adobe Experience Manager Sites & More

nishisharma · 5/1/24

We are working on project where we are migrating from AEM On-Premise to AEM cloud. On on-premises we are using SAML authentication handler for user authentication with Azure AD as IDP on both author and publishers(for all environments-DEV/Stage/Prod).

Similarly, after migration to cloud, we have a requirement to setup authentication for both author and publisher. For publisher we have referred below link

https://experienceleague.adobe.com/en/docs/experience-manager-learn/cloud-service/authentication/sam...

But for author , as mentioned in the above doc integrate the IDP with Adobe IMS., we followed the steps.

Now The question is "is it possible to use a different Directory for each environment(Dev/Stage/Prod-author)". As admin console is the centralized location for all environments...we can create one directory and map to single Azure AD endpoint. How we can configure for each author instances of all environments or single directory will work for all author instances.

How actually SSO works on author instances for each env(dev/stage/prod) ??

Quick response is highly appreciated. Thanks!!

Jörg_Hoh · 5/6/24

IMS cares about authentication and authorization; and for that you don't need to have multiple identities on AEM Stage and PROD environments. That's the reason your identity is tied to your email address and that you can connect only a single external directory (e.g Azure Directory) per domain to IMS.

So to answer your question: Yes, a single directory is used to handle all your environments in AEM CS.

View solution in original post

Albin_Issac · 5/1/24

The Active Directory is mapped to the Adobe organization. If one organization claims the Azure Directory, other organizations cannot claim it. However, it can be shared, subject to approval from the organization currently holding the claim.

Please refer to https://medium.com/tech-learnings/adobe-experience-manager-cloud-simplifying-sso-implementation-2cdc... for more details.

Regards

Albin

https://myprofile.albinsblog.com

Jörg_Hoh · 5/3/24

So you want to map your Stage environment to use directory 1, while PROD is using directory 2?

Can you explain why this you require this?

nishisharma · 5/6/24

I want to understand how actually it works? If we have dev/stage/prod author instances on cloud...creating one directory in admin console mapped with one Azure Active directory will serve for all instances?

Jörg_Hoh · 5/6/24

IMS cares about authentication and authorization; and for that you don't need to have multiple identities on AEM Stage and PROD environments. That's the reason your identity is tied to your email address and that you can connect only a single external directory (e.g Azure Directory) per domain to IMS.

So to answer your question: Yes, a single directory is used to handle all your environments in AEM CS.

Adobe Experience Manager Sites & More

Users Authentication on AEMasCS - Author instances using SSO via Azure AD

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe