Users Authentication on AEMasCS - Author instances using SSO via Azure AD | Community
Skip to main content
N
nishisharma
Level 2
May 1, 2024
Solved

Users Authentication on AEMasCS - Author instances using SSO via Azure AD

  • May 1, 2024
  • 2 replies
  • 1044 views

We are working on project where we are migrating from AEM On-Premise to AEM cloud. On on-premises we are using SAML authentication handler for user authentication with Azure AD as IDP on both author and publishers(for all environments-DEV/Stage/Prod).

 

Similarly, after migration to cloud, we have a requirement to setup authentication for both author and publisher. For publisher we have referred below link 

https://experienceleague.adobe.com/en/docs/experience-manager-learn/cloud-service/authentication/sam...

 

But for author , as mentioned in the above doc integrate the IDP with Adobe IMS., we followed the steps.

Now The question is "is it possible to use a different Directory for each environment(Dev/Stage/Prod-author)". As admin console is the centralized location for all environments...we can create one directory and map to single Azure AD endpoint. How we can configure for each author instances of all environments or single directory will work for all author instances. 

 

How actually SSO works on author instances for each env(dev/stage/prod) ??

 

Quick response is highly appreciated. Thanks!!

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by joerghoh

IMS cares about authentication and authorization; and for that you don't need to have multiple identities on AEM Stage and PROD environments. That's the reason your identity is tied to your email address and that you can connect only a single external directory (e.g Azure Directory) per domain to IMS.

 

So to answer your question: Yes, a single directory is used to handle all your environments in AEM CS.

 

2 replies

A
Community Advisor
AlbinIs1Community Advisor
Community Advisor
May 1, 2024

The Active Directory is mapped to the Adobe organization. If one organization claims the Azure Directory, other organizations cannot claim it. However, it can be shared, subject to approval from the organization currently holding the claim.

Please refer to https://medium.com/tech-learnings/adobe-experience-manager-cloud-simplifying-sso-implementation-2cdc3298f166?sk=0baf5e78eb1c9b31cc03e21caa2261d0 for more details.

Regards

Albin

https://myprofile.albinsblog.com

 

    joerghoh
    Adobe Employee
    joerghohAdobe Employee
    Adobe Employee
    May 3, 2024

    So you want to map your Stage environment to use directory 1, while PROD is using directory 2?

     

    Can you explain why this you require this?

     

     

      N
      nishisharmaAuthor
      Level 2
      May 6, 2024

      I want to understand how actually it works? If we have dev/stage/prod author instances on cloud...creating one directory in admin console mapped with one Azure Active directory will serve for all instances?

        joerghoh
        Adobe Employee
        joerghohAdobe EmployeeAccepted solution
        Adobe Employee
        May 6, 2024

        IMS cares about authentication and authorization; and for that you don't need to have multiple identities on AEM Stage and PROD environments. That's the reason your identity is tied to your email address and that you can connect only a single external directory (e.g Azure Directory) per domain to IMS.

         

        So to answer your question: Yes, a single directory is used to handle all your environments in AEM CS.

         

          Terms & ConditionsAccessibility statement

          Loading footer...