- Overview
- Administration
- Authentication
- Adobe Cloud Manager
- Development
- Projects
- Security
- Workflow
- Troubleshooting
- How to enable asset download report
- How to force recompilation in AEM6.4
- How to investigate indexing related issues in AEM
- How to investigate SAML related issues in AEM
- How to investigate search related issues in AEM
- How to set the Oak login token session expiration
- How to troubleshoot issues related to Jetty configuration
- How to troubleshoot performance related issues
- Steps to resolve memory related issues in AEM
- Steps to resolve replication issues in AEM
Understanding Adobe IMS authentication with AEM on Adobe Managed Services
Adobe Experience Manager introduces Admin Console support for AEM instances and Adobe Identity Management System (IMS) based authentication for AEM on Managed Services. This integration allows AEM Managed Services customers to manage all Experience Cloud users in a single unified Web console. Users and groups can be assigned to product profiles associated with AEM instances, granting centrally managed access to the specific AEM instances.
- Adobe Experience Manager IMS authentication support is only for “internal” users (authors, reviewers, administrators, developers, and so on), and not external end-users such as web site visitors.
- Admin Console represents AEM Managed Services customers as IMS Orgs and the AEM instances as Product Contexts. Admin Console System and Product Admins can define and manage.
- AEM Managed Services sync your topology with Admin Console, creating a 1-to-1 mapping between a Product Context and AEM instance.
- Product Profile in Admin Console determines which AEM instances that a user can access.
- Authentication support includes customer SAML2 compliant IDPs for SSO.
- Only Enterprise or Federated IDs (for customer SSO) is supported (Personal Adobe IDs are not supported).
* This feature is supported for AEM 6.4 SP3 and later for Adobe Managed Services customers.
Best practices
Applying permissions in Admin Console
Applying permissions and access at the user level should be avoided in both Admin Console and in Adobe Experience Manager.
In, Admin Console users should be granted access via User Groups at the Product Context level. User groups are typically best expressed by logical role within the organization to promote the groups’ reusability across Adobe Experience Cloud products.
If using AEM as a Cloud Service, assign Admin Console users directly to Product Profiles. Transitive permissions between Admin Console users to Product Profiles via Admin Console user groups is not supported for AEM as a Cloud Service.
Applying permissions in Adobe Experience Manager
In Adobe Experience Manager, user groups synced from Adobe IMS should be in term added to AEM-provided user groups, which come preconfigured with the appropriate permissions to execute specific sets of tasks in AEM. Users synced from Adobe IMS should not be directly added to AEM-provided user groups.
Business.Adobe.com resources
Resources
Adobe Account
