I wrote this article because the Adobe documentation can sometimes be unclear, and our team faced synchronization issues between Adobe IMS groups and AEM. Below, you'll find the detailed steps to resolve the issue.
Steps in Adobe IMS:
Login to https://adminconsole.adobe.com/
Go to tab ‘Users’, then from left rail select ‘User groups’, click on ‘New User Group’
Enter the details – User group name & Description and save it.
Once group is created, add a user to the group from tab ‘Users’ and clicking on ‘Add Users’ and enter the user details.
Once the user is added to the group, it will be displayed with user ‘Name’, ‘Email’ & ‘ID Type’ of the user as shown in above screenshot.
Add the user to product profile of a specific environment
Let's say we need to sync the IMS group with the AEM Cloud Developer environment first.
From the cloud manager ‘Overview’ tab go to ‘Environments’ > ‘Manage Access’ as seen below for our AEM Dev cloud instance,
This will take you to product profile of AEM dev instance.
Here, add the users who are also part of the newly created IMS user group.
Once the user is added to the group and logs in, the IMS user group will be synchronized with the corresponding AEM instance. (In this case ‘dev’).
Steps in AEM Cloud Environment
Now login to AEM cloud dev environment
Go to ‘Security’ > ‘Groups’ and create a new user group
Now go to permissions and add relevant permissions to the group created above.
An example of a permission could be granting access only to marketing content within the Sites section.
Now go back to newly created AEM group > tab ‘Members’, search the newly synced IMS user group and add it.
This process ensures that the IMS user group is synchronized with the AEM user group, inheriting the associated permissions.
Make sure to create new groups in AEM and add the IMS group as a member. Since IMS user groups are linked to product profiles, never assign permissions directly to synced IMS groups in AEM. – This is the Adobe recommended way to sync permissions between AEM user groups and IMS user groups.
Once the
approach has been tested, you can use Repo-init scripts to synchronize and tag
other IMS groups across all AEM environments.
User & Group Sync delays between AEM and Adobe IMS
Note: There may be a slight delay in synchronization from IMS to AEM. Please wait about 10 minutes for the sync to complete and ensure that the user added to the IMS user group has logged into their product profile before conducting an end-to-end test. User login enables the quick sync process.
No comments:
Post a Comment