Expand my Community achievements bar.

SOLVED

Users Authentication on AEMasCS - Author instances using SSO via Azure AD

Avatar

Level 2

We are working on project where we are migrating from AEM On-Premise to AEM cloud. On on-premises we are using SAML authentication handler for user authentication with Azure AD as IDP on both author and publishers(for all environments-DEV/Stage/Prod).

 

Similarly, after migration to cloud, we have a requirement to setup authentication for both author and publisher. For publisher we have referred below link 

https://experienceleague.adobe.com/en/docs/experience-manager-learn/cloud-service/authentication/sam...

 

But for author , as mentioned in the above doc integrate the IDP with Adobe IMS., we followed the steps.

Now The question is "is it possible to use a different Directory for each environment(Dev/Stage/Prod-author)". As admin console is the centralized location for all environments...we can create one directory and map to single Azure AD endpoint. How we can configure for each author instances of all environments or single directory will work for all author instances. 

 

How actually SSO works on author instances for each env(dev/stage/prod) ??

 

Quick response is highly appreciated. Thanks!!

1 Accepted Solution

Avatar

Correct answer by
Employee Advisor

IMS cares about authentication and authorization; and for that you don't need to have multiple identities on AEM Stage and PROD environments. That's the reason your identity is tied to your email address and that you can connect only a single external directory (e.g Azure Directory) per domain to IMS.

 

So to answer your question: Yes, a single directory is used to handle all your environments in AEM CS.

 

View solution in original post

4 Replies

Avatar

Community Advisor

The Active Directory is mapped to the Adobe organization. If one organization claims the Azure Directory, other organizations cannot claim it. However, it can be shared, subject to approval from the organization currently holding the claim.

Please refer to https://medium.com/tech-learnings/adobe-experience-manager-cloud-simplifying-sso-implementation-2cdc... for more details.

Regards

Albin

https://myprofile.albinsblog.com

 

Avatar

Employee Advisor

So you want to map your Stage environment to use directory 1, while PROD is using directory 2?

 

Can you explain why this you require this?

 

 

Avatar

Level 2

I want to understand how actually it works? If we have dev/stage/prod author instances on cloud...creating one directory in admin console mapped with one Azure Active directory will serve for all instances?

Avatar

Correct answer by
Employee Advisor

IMS cares about authentication and authorization; and for that you don't need to have multiple identities on AEM Stage and PROD environments. That's the reason your identity is tied to your email address and that you can connect only a single external directory (e.g Azure Directory) per domain to IMS.

 

So to answer your question: Yes, a single directory is used to handle all your environments in AEM CS.