Identity Management
- Topics:
- Administering
CREATED FOR:
- Admin
Individual visitors to your website can only be identified when you provide the ability for them to log in. There are various reasons why you may want to provide a login capability:
-
AEM CommunitiesSite visitors are required to sign in to post content to the community.
-
You may need to limit access to your website (or sections of it) to specific visitors.
-
Personalization Allowing visitors to configure certain aspects of how they access your website.
Log in (and out) functionality is provided by an account with a Profile, which holds additional information about the registered visitor (user). The actual processes for registration and authorization may differ:
-
Self-registration from the website
A Community Site may be configured to allow visitors to self-register or sign-in with their Facebook or Twitter accounts.
-
Request for registration from the website
For a closed user group you might allow visitors to request registration, but enforce authorization by means of a workflow.
-
Register each account from the author environment
If you have a small number of profiles, which will need authorization anyway, you may decide to register each directly.
To allow visitors to register, a series of components and forms can be used to collect the required identification information, then the additional (often optional) profile information. After they have registered, they should also be able to check and update, the details that they have submitted.
Additional functionality can be configured or developed:
- Configure any reverse replication that is required.
- Allow a user to remove their profile, by developing a form together with a workflow.
Registration Forms
A form can be used to collect the registration information, then generate the new account and profile.
For example, users can request a new profile, using the Geometrixx pagehttp://localhost:4502/content/geometrixx-outdoors/en/user/register.html
Upon submitting the request, the profile page opens where the user can provide personal details.
The new account is also visible in the Users console.
Login
The login component can be used to collect the login information, then activate the login process.
This provides the visitor with the standard fields of Username and Password, with a Login button to activate the login process when the credentials are entered.
For example, users can either log in, or create a new account, using the Sign In option on the Geometrixx toolbar, which uses the page:
http://localhost:4502/content/geometrixx-outdoors/en/user/sign-in.html
Logging Out
As there is a login mechanism, a logout mechanism is also required. This is available as the Sign Out option in Geometrixx.
Viewing and Updating a Profile
Depending on your registration form the visitor may have registered information in their profile. They should be able to view and/or update this at a later stage. This can be done with a similar form; for example, in Geometrixx:
http://localhost:4502/content/geometrixx-outdoors/en/user/profile.html
To see the details of your profile click on My Profile in the top right corner of any page; for example with the admin
account:http://localhost:4502/home/users/a/admin/profile.form.html/content/geometrixx-outdoors/en/user/profile.html.
You can view another profile using the client context (on the author environment and with sufficient privileges):
-
Open a page; for example the Geometrixx page:
http://localhost:4502/cf#/content/geometrixx/en.html
-
Click My Profile in the top right corner. You will see the profile of your current account; for example the administrator.
-
Press control-alt-C to open the client context.
-
In top left corner of the client context, click the Load a Profile button.
-
Select another profile from the drop down list in the dialog window; for example, Alison Parker.
-
Click OK.
-
Click again on My Profile. The form will be updated with Alison’s details.
-
You can now use Edit Profile or Change Password to update the details.
Adding Fields to the Profile Definition
You can add fields to the profile definition. For example to add a “Favorite Color” field to the Geometrixx profile:
-
From the Websites console navigate to Geometrixx Outdoors Site > English > User >My Profile.
-
Double-click on the My Profile page to open it for editing.
-
In the Components tab of sidekick expand the Form section.
-
Drag a Dropdown List from sidekick to the form, just below the About me field.
-
Double-click the Dropdown List component to open the dialog for configuration and enter:
- Element Name -
favoriteColor
- Title -
Favorite Color
- Items - Add several colors as items
Click OK to save.
- Element Name -
-
Close the page and return to the Websites console and activate the My Profile page.
Next time you view a profile you can select a favorite color:
The field will be saved under the profile section of the relevant user account:
Profile States
There are a number of use cases that require knowing whether a user (or rather their profile) is in a specific state or not.
This involves defining an appropriate property in the user profile in a way that:
- is visible and accessible to the user
- defines two states for each property
- allows toggling between the two states defined
This is done with:
-
To manage the two states of a specific property and the transitions between the two.
-
To manage actions related to the states.
Multiple states can be defined; for example in Geometrixx these include:
- subscribing (or unsubscribing) to notifications on newsletters or comment threads
- adding and removing a connection to a friend
State Providers
A state provider manages the current state of the property in question, together with the transitions between the two possible states.
State providers are implemented as components, so can be customized for your project. In Geometrixx these include:
- Un-/Subscribe Forum Topic
- Add/Remove Friend
Workflows
State providers manage a profile property and its states.
A workflow is needed to implement the actions related to the states. For example, when subscribing for notifications, the workflow will handle the actual subscription action; when unsubscribing from notifications, the workflow will handle removing the user from the subscription list.
Profiles and User Accounts
Profiles are stored in the Content Repository as part of the user account.
The profile can be found under /home/users/geometrixx
:
On a standard installation (author or publish) everyone has read access to the entire profile information of all users. everyone is a “Built-in group automatically containing all existing users and groups. The list of members cannot be edited”.
These access rights are defined by the following wildcard ACL:
/home everyone allow jcr:read rep:glob = */profile*
That allows:
- forum, comments or blog posts to display information (such as icon or full name) from the appropriate profile
- links to geometrixx profile pages
If such access is not appropriate for your installation you can change these default settings.
This can be done using the Access Control tab:
Profile Components
A range of profile components are also available for defining the profile requirements for your site.
Checked Password Field
This component gives you two fields for:
- the input of a password
- a check to confirm that the password has been input correctly.
With default settings the component will appear as follows:
Profile Avatar Photo
This component provides the user with a mechanism for selecting and uploading an Avatar Photo file.
Profile Detailed Name
This component allows the user to input a detailed name.
Profile Gender
This component allows the user to input their gender.
Experience Manager
- Administering User Guide overview
- Sites Features
- Website Administration
- Reusing Content: Multi Site Manager and Live Copy
- Live Copy Overview Console
- Configuring Live Copy Synchronization
- Creating and Synchronizing Live Copies
- MSM Rollout Conflicts
- MSM Best Practices
- Translating Content for Multilingual Sites
- Managing Translation Projects
- Identifying Content to Translate
- Preparing Content for Translation
- Creating a Language Root Using the Classic UI
- Connecting to Microsoft Translator
- Configuring the Translation Integration Framework
- Language Copy Wizard
- Translation Enhancements
- Translation Best Practices
- Configurations and the Configuration Browser
- AEM FAQs
- Operations
- Dashboards
- Operations Dashboard
- Backup and Restore
- Data Store Garbage Collection
- Monitoring Server Resources Using the JMX Console
- Working with Logs
- Configure the Rich Text Editor
- Configure the Video component
- The Bulk Editor
- Configuring Email Notification
- Configuring RTE for Producing Accessible Sites
- The Link Checker
- Troubleshooting AEM
- Audit Log Maintenance in AEM 6
- Editor
- Managing Access to Workflows
- Using cURL with AEM
- Configuring Undo for Page Editing
- Proxy Server Tool (proxy.jar)
- Configuring for AEM Apps
- Administering Workflows
- Configuring Search Forms
- Tools Consoles
- Reporting
- Administering Workflow Instances
- Configuring Layout Container and Layout Mode
- Enabling Access to Classic UI
- Starting Workflows
- Configure the Rich Text Editor plug-ins
- Admin Consoles
- Security
- User Administration and Security
- User, Group and Access Rights Administration
- Security Checklist
- OWASP Top 10
- Running AEM in Production Ready Mode
- Identity Management
- Adobe IMS Authentication and Admin Console Support for AEM Managed Services
- Creating a Closed User Group
- Mitigating serialization issues in AEM
- User Synchronization
- Encapsulated Token Support
- Single Sign On
- How to Audit User Management Operations in AEM
- SSL By Default
- SAML 2.0 Authentication Handler
- Closed User Groups in AEM
- Granite Operations - User and Group Administration
- Enabling CRXDE Lite in AEM
- Configuring LDAP with AEM 6
- Configure the Admin Password on Installation
- Service Users in AEM
- Encryption Support for Configuration Properties
- Handling GDPR Requests for the AEM Foundation
- Content Disposition Filter
- Personalization
- eCommerce
- Integration
- Integrating with Third-Party Services
- Integrating with Salesforce
- Integrating with Adobe Target
- Integrating with Adobe Analytics
- Connecting to Adobe Analytics and Creating Frameworks
- Configuring Link Tracking for Adobe Analytics
- Mapping Component Data with Adobe Analytics Properties
- Configuring Video Tracking for Adobe Analytics
- HTTP2 Delivery of Content FAQ
- Troubleshooting your Adobe Campaign Integration
- SharePoint Connector Licenses, Copyright Notices, and Disclaimers
- SharePoint Connector
- DHTML Viewer End-of-Life FAQs
- Integrating with Adobe Campaign Classic
- Related Community Articles
- Integrating with Adobe Campaign Standard
- Flash Viewers End-of-Life Notice
- Integrating with Adobe Creative Cloud
- Integrating with Adobe Dynamic Tag Management
- Opting Into Adobe Analytics and Adobe Target
- AEM Portals and Portlets
- Integrating with Dynamic Media Classic
- Troubleshooting Integration Issues
- Integrating with BrightEdge Content Optimizer
- Best Practices for Email Templates
- Catalog Producer
- Integrating with Silverpop Engage
- Integrating with Adobe Campaign
- Integrating with ExactTarget
- Analytics with External Providers
- Integrating with the Adobe Marketing Cloud
- Manually Configuring the Integration with Adobe Target
- Prerequisites for Integrating with Adobe Target
- Adobe Classifications
- Solutions Integration
- Target Integration with Experience Fragments
- Best Practices
- Content Management