- AEMaaCS Home
- Overview
- Release Notes
- Release Information
- AEMaaCS Feature Release Notes
- AEMaaCS Maintenance Release Notes
- Release Notes for Cloud Manager
- Current Release Notes
- 2023
- 2022
- Release Notes for 2022.12.0
- Release Notes for 2022.11.0
- Release Notes for 2022.10.0
- Release Notes for 2022.9.0
- Release Notes for 2022.8.0
- Release Notes for 2022.7.0
- Release Notes for 2022.6.0
- Release Notes for 2022.5.0
- Release Notes for 2022.4.0
- Release Notes for 2022.3.0
- Release Notes for 2022.2.0
- Release Notes for 2022.1.0
- 2021
- Release Notes for 2021.12.0
- Release Notes for 2021.11.0
- Release Notes for 2021.10.0
- Release Notes for 2021.9.0
- Release Notes for 2021.8.0
- Release Notes for 2021.7.0
- Release Notes for 2021.6.0
- Release Notes for 2021.5.0
- Release Notes for 2021.4.0
- Release Notes for 2021.3.0
- Release Notes for 2021.2.0
- Release Notes for 2021.1.0
- 2020
- Release Notes for Migration Tools
- Release Notes for Workfront for Experience Manager enhanced connector
- What is New?
- Notable Changes in AEM Cloud Service
- Deprecated and Removed Features
- Deprecated APIs
- Prerelease Channel
- Security
- Onboarding
- AEM as a Cloud Service Migration Journey
- Getting Started with moving AEM as a Cloud Service
- Readiness Phase
- Implementation Phase
- Go Live
- Post Go Live
- Migration Guide to Experience Manager as a Cloud Service for Partners
- Cloud Acceleration Manager
- Cloud Transition Tools
- Best Practices Analyzer
- Content Transfer Tool
- Overview
- Prerequisites for Content Transfer Tool
- Guidelines and Best Practices for Using Content Transfer Tool
- Getting Started with Content Transfer Tool
- Validating Content Transfers
- Handling Large Content Repositories
- User Mapping and Principal Migration
- Extracting Content from Source
- Ingesting Content into Target
- Viewing Logs for a Migration Set
- Deleting a Migration Set
- Running the Content Transfer Tool on a Publish Instance
- Troubleshooting Content Transfer Tool
- Code Refactoring Tools
- Sites
- AEM Sites as a Cloud Service
- Notable Changes to AEM Sites in AEM Cloud Service
- Authoring
- Getting Started
- Headless Content Author Journey
- Authoring Fundamentals
- Environment and Tools
- Adding Page Annotations
- Creating a New Site
- Creating and Organizing Pages
- Editing Page Content
- The Rich Text Editor
- Page Properties
- Previewing Content
- Publishing Pages
- Content Fragments
- Experience Fragments
- Export to CSV
- Components
- Authoring for Mobile Devices
- Creating Accessible Content (WCAG 2.1 Conformance)
- Troubleshooting
- Keyboard Shortcuts
- Authoring Features
- Projects
- Launches
- Workflows
- Personalization
- Personalization Overview
- Previewing Pages Using ContextHub Data
- Authoring Targeted Content Using Targeting Mode
- Working with Targeted Content in Multisites
- How Multisite Management for Targeted Content is Structured
- Managing Activities
- Managing Audiences
- Creating and Managing Offers (Offers Console)
- Understanding Segmentation
- Configuring Segmentation with ContextHub
- Registration, Login, and User Profile
- Administering
- Content Fragments
- Working with Content Fragments
- Headless Delivery with Content Fragments and GraphQL
- Enable Content Fragment Functionality for your Instance
- Content Fragment Models
- Content Fragments Console
- Managing Content Fragments
- Variations - Authoring Fragment Content
- Content Fragment Associated Content
- Metadata - Fragment Properties
- Content Fragments - Delete Considerations
- Markdown
- Structure Tree
- Preview - JSON Representation
- Content Fragments Console - Keyboard Shortcuts
- Site Creation
- Administering Workflows
- Reusing Content
- MSM and Translation
- Multi Site Manager
- Translation
- Sites Translation Journey
- Headless Translation Journey
- Translating Content for Multilingual Sites
- Preparing Content for Translation
- Managing Translation Projects
- Language Copy Wizard
- Identifying Content to Translate
- Configuring the Translation Integration Framework
- Connecting to Microsoft Translator
- Translation Best Practices
- Content Fragments
- Integrating with AEM as a Cloud Service
- Integrating with Adobe Analytics
- Integrating with Adobe Analytics Automated Setup
- IMS Configuration for use when Integrating with Adobe Analytics
- Integrating with Adobe Learning Manager
- Integrating with Adobe Target
- IMS Configuration for use when Integrating with Adobe Target
- Exporting Content Fragments to Adobe Target
- Exporting Experience Fragments to Adobe Target
- Integrating with Adobe Campaign
- Assets
- Assets as a Cloud Service
- Overview and what’s new
- Notable Changes to Assets as a Cloud Service
- Assets architecture
- Supported file formats
- Overview of asset microservices
- Accessibility in Assets
- Manage digital assets
- Micro-Frontend Asset Selector
- Share assets
- Monitor activities and DAM tasks
- Get started using asset microservices
- Add and upload assets
- Search assets
- Common asset management tasks
- Manage publication
- Preview 3D assets
- Smart tags for images
- Smart tag your video assets
- How to organize assets
- Use Adobe Stock assets
- Manage collections
- Metadata overview
- Integrate with Adobe Creative Cloud
- How to add or edit metadata
- Review folder assets and collections
- Use and configure Assets Insights
- Metadata profiles
- Metadata schema
- Manage video assets
- Reuse assets using MSM
- Download assets
- Check-in and check-out assets to edit
- Create and share private folders
- Digital Rights Management for assets
- Watermark assets
- Process assets using Creative Cloud APIs
- Color tags for images
- Manage PDF documents
- Configure, administer, and extend Assets
- Developer docs and APIs references
- Folder metadata schema
- Work with image and video profiles
- Configure transcription for audio and video assets
- Translate assets
- Search facets
- Assets HTTP API
- Content Fragments support in Assets HTTP API
- Connected Assets
- Generate For Placement Only renditions
- Asset reports
- Cascading metadata
- XMP metadata
- MediaLibrary capabilities
- Import and export asset metadata
- Configure asset upload restrictions
- Share and distribute assets
- Content Fragments
- Working with Content Fragments
- Headless Delivery with Content Fragments and GraphQL
- Enable Content Fragment Functionality for your Instance
- Content Fragment Models
- Managing Content Fragments
- Variations - Authoring Fragment Content
- Content Fragment Associated Content
- Metadata - Fragment Properties
- Content Fragments - Delete Considerations
- Markdown
- Structure Tree
- Preview - JSON Representation
- Dynamic Media
- Dynamic Media Journey: The Basics
- Dynamic Media newsletter archive by Experience League
- Set up Dynamic Media
- Work with Dynamic Media
- Configure Dynamic Media
- Optional - Configure Dynamic Media, General Settings
- Optional - Configure Dynamic Media, Publish Setup
- Troubleshoot Dynamic Media
- Configure a Dynamic Media Alias Account
- Accessibility in Dynamic Media
- Manage Dynamic Media assets
- Best practices for optimizing the quality of your images
- Image Profiles
- Video Profiles
- Manage Dynamic Media Image Presets
- Apply Dynamic Media Image Presets
- Manage Dynamic Media Viewer Presets
- Apply Dynamic Media Viewer Presets
- Batch Set Presets
- Invalidate the CDN cache by way of Dynamic Media
- Invalidate the CDN cache by way of Dynamic Media Classic
- Smart Imaging
- Smart Imaging with client-side Device Pixel Ratio
- Deliver Dynamic Media assets
- Activate hotlink protection in Dynamic Media
- 3D Support
- Dynamic Media limitations
- Image Sets
- Panoramic Images
- Mixed Media Sets
- Spin Sets
- Video in Dynamic Media
- Carousel Banners
- Interactive Images
- Interactive Videos
- 360 VR Video
- Integrate Dynamic Media Viewers with Adobe Analytics and Adobe Experience Platform Tags
- Create custom pop-ups using Quickview
- Deliver optimized images for a responsive site
- Preview Dynamic Media assets
- Add Dynamic Media assets to pages
- Embed the Dynamic Video or Image viewer on a web page
- Link URLs to your web application
- Use Rulesets to transform URLs
- Publish Dynamic Media assets
- Work with Selective Publish in Dynamic Media
- Work with Selectors
- HTTP2 Delivery of Content FAQ
- Flash Viewers End-of-Life
- DHTML Viewers End-of-Life
- Integration with Adobe Workfront
- Forms
- Overview
- Setup and migrate
- Integrate
- Adaptive Forms
- Authoring Adaptive Forms - Core Components
- Authoring Adaptive Forms - Foundation Components
- Convert your PDF forms to Adaptive Forms
- Create an Adaptive Form
- Add components to an Adaptive Form
- Configure layout and apply style to an Adaptive Form
- Add rules and use expressions in an Adaptive Form
- Use Adobe Sign
- Configure Submit Actions and metadata submission
- Prefill Adaptive Form fields
- Generate Document of Record
- Add support for new locales to an adaptive form
- Add or improve metadata
- Improve accessibility of an Adaptive Form
- Configure Forms Portal
- Create and manage reviews
- Forms Centric Workflows
- Communications APIs
- Developer API Reference
- Troubleshooting
- Screens
- AEM Screens as a Cloud Service
- Overview to Screens as a Cloud Service
- Onboarding to Screens as a Cloud Service
- Configuring Screens as a Cloud Service Project
- Creating Content
- Managing Player and Registration
- Using Core Product Features
- Developing in Screens as a Cloud Service
- Screens as a Cloud Service FAQs
- Content and Commerce
- Headless
- What is a Headless CMS?
- Introduction to AEM Headless
- Developer Portal (Additional Resources)
- Setup
- Content Fragments
- GraphQL API
- Content Fragments REST API
- Security
- Deployment
- Headless Journeys
- Headless Developer Journey
- Understand Headless in AEM
- Learn about CMS Headless Development
- Getting Started with AEM Headless as a Cloud Service
- Path to your first experience using AEM Headless
- How to model your content as AEM Content Models
- How to access your content via AEM delivery APIs
- How to update your content via AEM Assets APIs
- How to put it all together
- How to go live with your headless application
- Optional - How to create single page applications with AEM
- Developer Portal (Additional Resources)
- Headless Content Architect Journey
- Headless Translation Journey
- Headless Content Author Journey
- Headless Developer Journey
- Implementing
- Implementing Applications for AEM as a Cloud Service
- Using Cloud Manager
- Programs
- Creating an AEM Application Project
- Managing Environments
- Managing your Code
- Environment Variables
- Cloud Manager CI-CD Pipelines
- Deploying Your Code
- Understanding your Test Results
- Accessing and Managing Logs
- SLA Reporting
- New Relic One
- Notifications
- SSL Certificates
- Custom Domain Names
- IP Allow Lists
- License Dashboard
- Cloud Manager FAQs
- Developing for AEM as a Cloud Service
- AEM Project Structure
- AEM Project Repository Structure Package
- AEM as a Cloud Service SDK
- AEM Rapid Development Environments
- AEM as a Cloud Service Development Guidelines
- Logging
- Configurations and the Configuration Browser
- AEM Technical Foundations
- API Reference Materials
- Generating Access Tokens for Server Side APIs
- Quick Site Creation and Front-End Customization
- Developing Sites with the Front-End Pipeline
- Customizing Site Templates and Themes
- Headful and Headless in AEM
- Full Stack AEM Development
- Getting Started Developing AEM Sites - WKND Tutorial
- Structure of the AEM UI
- Sling Cheatsheet
- Using Sling Adapters
- Using the Sling Resource Merger in AEM as a Cloud Service
- Overlays in AEM as a Cloud Service
- Using Client-Side Libraries
- Page Diff
- Editor Limitations
- Naming Conventions
- Components and Templates
- AEM Tagging Framework
- Building Tagging into AEM Applications
- Search
- Custom Error Pages
- AEM Node Types
- Headless Experience Management
- Hybrid and SPA Development
- Hybrid and SPA with AEM
- Enabling JSON Export for a Component
- SPA Introduction and Walkthrough
- SPA WKND Tutorial
- Getting Started using React
- Getting Started using Angular
- SPA Deep Dives
- Developing SPAs for AEM
- SPA Editor Overview
- SPA Blueprint
- SPA Page Component
- Dynamic Model to Component Mapping
- Model Routing
- The RemotePage Component
- Editing an External SPA within AEM
- Composite Components in SPAs
- Server Side Rendering
- Enabling JSON Export for a Component
- Launch Integration
- SPA Reference Documents
- Developer Tools
- Personalization
- Configuring and Extending AEM as a Cloud Service
- Extending AEM with App Builder
- Extending Experience Fragments
- Customizing and Extending Content Fragments
- Content Fragments Configuring Components for Rendering
- Customizing the Content Fragment Console
- Manage Search Forms
- Configure Rich Text Editor
- Configure the RTE plug-ins
- Configure RTE to create accessible sites
- Deploying to AEM as a Cloud Service
- Author Tier
- Preview Tier
- Content Delivery Overview
- Connectors
- Operations
- Compliance
- Universal Editor
IMS Support for Adobe Experience Manager as a Cloud Service
Introduction
- AEM as a Cloud Service includes Admin Console support for AEM instances and Adobe Identity Management System (IMS for short) based authentication.
- The Admin Console allows administrators to centrally manage all Experience Cloud users.
- Users and Groups can be assigned to product profiles associated with AEM as a Cloud Service instances, allowing them to log in to that instance.
See our Experience League course Configure Access to AEM for Administrators for an introduction to how users authenticate using Adobe IMS to AEM as a Cloud Service and how Adobe IMS Users, User Groups, and Product Profiles are used to control access to AEM and its features and functionalities. Adobe ID required.
AEM currently does not support assigning groups to profiles. Users should be added individually instead.
Key Highlights
AEM as a Cloud Service offers IMS authentication support only for Author, Admin and Dev users. It does not offer support for external end users of customer sites like site visitors.
- The Admin Console will represent customers as IMS Organizations, Author and Publish Instances in an environment as Product Context Instances. This will allow System and Product administrators to manage access to instances.
- Product Profiles in the Admin Console will determine which Instances a user can access.
- Customers will be able to use their own SAML 2 compliant Identity Providers (IDP for short) for Single Sign On.
- Only Enterprise or Federated IDs for customer Single Sign On will be supported, no personal Adobe IDs.
Architecture
IMS Authentication works using OAuth protocol between AEM and the Adobe IMS endpoint. Once a user has been added to IMS and has an Adobe Identity, they can log in to AEM author service using IMS credentials.
The user login flow is shown below, the user will be redirected to IMS and optionally to the customer IDP for SSO and then redirected back to AEM.
How to Set Up
Onboarding Organizations to Adobe Admin Console
The customer onboarding to Adobe Admin Console is a prerequisite to using Adobe IMS for AEM authentication.
As the first step, customers need to have an Organization provisioned in Adobe IMS. Adobe Enterprise customers are represented as IMS Organizations in the Adobe Admin Console This is the portal used by Adobe customers to manage their product entitlements for their users and groups.
AEM customers should already have an Organization provisioned, and as part of the IMS provisioning, the customer instances will be made available in Admin Console for managing user entitlements and access.
Once a customer exists as an IMS Organization, they will have to configure their system as summarized below:
- The designated System Administrator receives an invite to log in to Cloud Manager. After logging into Cloud manager, the System Administrators can choose to provision AEM programs and environments or navigate to Admin Console for Administrative tasks.
- The System Administrator claims a domain to confirm the ownership of the respective domain (for example acme.com)
- The System Administrator sets up User Directories
- The System Administrator does IDP configuration in Admin Console in order to set up Single Sign On.
- The AEM Administrator manages the local groups and permissions and privileges as usual.
The Adobe Identity Management basics including IDP configuration are covered here.
Enterprise Administration and Admin Console usage is covered here.
Onboarding Users in Admin Console
There are three ways to onboard users depending on the size of the customer and their preference: manually create users in Admin Console, upload a .csv file or sync users from the customer’s enterprise Active Directory.
Manual Addition through Admin Console UI
Users and Groups can be manually created in the Admin Console UI. This method can be used if you do not have a large number of users to manage. For example, less than 50 AEM users or if the you are already using this method for administering other Adobe products like Analytics, Target or Creative Cloud applications.
File Upload in Admin Console UI
For easy handling of user creation, a .csv file can be uploaded for adding users in bulk.
User Sync Tool
User Sync Tool (UST in short) enables our enterprise customers to create and manage Adobe users utilizing Active Directory. This also works for other tested OpenLDAP directory services. The target users are IT Identity Administrators (Enterprise Directory or System Admins) who will be able to install and configure the tool. The open source tool is customizable so that customers you modify it to suit your own particular requirements.
When User Sync runs, it fetches a list of users from the organization’s Active Directory and compares it with the list of users within the Admin Console. It then calls the Adobe User Management API so that the Admin Console is synchronized with the organization’s directory. The change flow is entirely one way. Any edits made in the Admin Console do not get pushed out to the directory.
The tool allows the system admin to map user groups in the customer’s directory with product configuration and user groups in the Admin Console.
To set up User Sync, the organization needs to create a set of credentials in the same way they would use the User Management API.
User Sync Tool is distributed through the Adobe Github repository at this location.
A prerelease version 2.4RC1 is available with dynamic group creation support and can be found here.
The major features for this release are the ability to dynamically map new LDAP groups for user membership in the Admin Console, as well as dynamic user group creation.
More information about the new group features can be found at this location.
User Sync Documentation
Refer to the UST documentation for more details.
The User Sync Tool needs to register as an Adobe I/O client UMAPI using the procedure here.
Adobe I/O Console Documentation can be found here.
The User Management API that is used by the User Sync Tool is covered here.
Adobe Experience as a Cloud Service Configuration
The AEM IMS configuration required will be automatically configured when the AEM environments and instances are provisioned. However, the administrator may modify it as per their requirements using the method described here.
The AEM IMS configuration required will be auto-configured when the AEM environments and instances are provisioned. Customer administrators may modify part of the configuration as per their requirements
The overall approach is to configure Adobe IMS as an OAuth provider. The Apache Jackrabbit Oak Default Sync Handler can be modified just like for LDAP synchronization.
Below are the key OSGI configurations that need to be modified in order to change properties like User Auto Membership or Groups Mappings.
How to Use
Managing Products and User Access in Admin Console
When the Product Administrator logs in to Admin Console, they will see multiple instances of the AEM as a Cloud Service Product Context, as shown below. For example, select any of the the products from the Overview page:
You will see a list of existing instances:
Under each Product Context instance, there will be instances spanning Author or Publish services across Production, Stage, or Development environments. Each instance will be associated to Product Profiles or Cloud Manager roles. These product profiles are used for assigning access to Users and Groups with the required privileges.
The AEM Administrators_xxx profile will be used to grant Administrator privileges in the associated AEM instance while the AEM Users_xxx profile is used to add regular users.
Any users and groups added under this product profile will be able to login to that particular instance as shown in the example below:
The AEM Administrators product profile name must not be changed. Changing the name of the AEM Administrators product profile will remove administrator rights from all users assigned to that profile.
Logging into Adobe Experience Manager as a Cloud Service
Local Administrator Login
AEM can continue to support local logins for Admin users. The login screen has an option to log in locally:
IMS Based Login
For other users, the IMS based login can be used once IMS is configured on the instance. The user will first click on the Sign in with Adobe button as shown below:
Any user created in IMS can be created using Adobe ID or Federated ID. If a user is setup using Federated ID, they are authenticated using their Company’s Identity Provider to login.
They will then be redirected to the IMS login screen and will need to enter their credentials:
If a federated IDP is configured during initial Admin Console setup, then the user will be redirected to the customer IDP for SSO:
After authentication is complete, the user will be redirected back to AEM and logged in:
Managing Permissions and ACLs in Adobe Experience Manager as a Cloud Service
The ACLs and permissions will continue to be managed in AEM. The User Groups that are synced from IMS can be assigned to local groups where ACLs and privileges are defined.
In the example below, we are adding synced groups to the local Dam_Users group as an example.
The user is part of the following Groups in IMS:
When the user logs in, their Group Memberships are synced, as shown below:
In AEM, the User Groups synced from IMS can be added as members to existing local groups, like DAM Users.
As shown below, the group AEM-GRP_008 inherits the permissions and privileges of DAM Users, this is an effective way of managing Permissions for synced groups and is commonly used in the LDAP based Authentication method as well.
Accessing Cloud Manager
To be able to access Cloud Manager or to AEM as a Cloud Service environments, you must be assigned to Profiles of the Cloud Manager Product.
Refer to Role Definitions to learn more about roles for users which govern the availability of specific features in Cloud Manager.
Cloud Manager has pre-configured roles with appropriate permissions. To learn about each of the roles with specific permissions, pre-configured tasks, or permissions, associated with each role, refer to Role Based Permissions.
Steps for Adding a User
-
Add a user to a particular profile either from an existing user’s screen or from a new user screen.
-
Alternatively, you can also add a user from the Overview screen, as shown in the figure below.
NOTEYou can assign more than one profile to a user as shown in the figure below.
-
Once you have been added to the appropriate profile, you should be able to access the respective tenants in Cloud Manager via Adobe Experience Cloud using the top right corner from the user interface.
Accessing an Instance in AEM as a Cloud Service
The steps mentioned in the preceding section must have already been completed before you are granted access to an instance in AEM as a Cloud Service.
In order to have access to an AEM instance within the Admin Console, you should see the Cloud Manager Program and the environments within the program in the product list on the Admin Console.
For example, in the screenshot below, you will see two available environments namely dev author and a publish.
To get access to AEM instances the user will need to be added to a group of the appropriate Cloud Service Product.
Every author instance will have an AEM Administrators and AEM Users Profile and every publish instance will have an AEM Users Profile. You can add other profiles as needed.
To get admin level access to the AEM instance, add the user to the AEM Administrators Profile for that particular Product.
Business.Adobe.com resources
Resources
Adobe Account
