Adobe Experience Manager introduces Admin Console support for AEM instances and Adobe IMS (Identity Management System) based authentication for AEM on Managed Services. This integration allows AEM Managed Services customers to manage all Experience Cloud users in a single unified Web console. Users and groups can be assigned to product profiles associated with AEM instances, granting centrally managed access to the specific AEM instances.
* This feature is supported for AEM 6.4 SP3 and later for Adobe Managed Services customers.
Applying permissions and access at the user level should be avoided in both Admin Console and in Adobe Experience Manager.
In Admin Console users should be granted access via User Groups at the Product Context level. User groups are typically best expressed by logical role within the organization to promote the groups’ re-usability across Adobe Experience Cloud products.
If using AEM as a Cloud Service, assign Admin Console users directly to Product Profiles. Transitive permissions between Admin Console users to Product Profiles via Admin Console user groups is not supported for AEM as a Cloud Service.
In Adobe Experience Manager, user groups synced from Adobe IMS should be in term added to AEM-provided user groups, which come preconfigured with the appropriate permissions to execute specific sets of tasks in AEM. Users synced from Adobe IMS should not be directly added to AEM-provided user groups.