• Categories

  • AEM Security User Onboarding Decisions

    By Frank Preston

    AEM Security is used in a wide variety of scenarios. You may be distributing coupons where you want to restrict the ability to print the coupon and given the distribution, you may want to use Anonymous Policies. You could be a manufacturing company and want to protect you intellectual property where only internal authorized staff can access the material. Or you’re organization is a bank and you have a need to control internal access but you also want to allow your clients to access their own documents in a secure manner.

     

     

    As you can see there are many ways a business may want to distribute documents and control access. This article explores variety of ways we can set up your authentication requirements that provide the level of granularity you may need for your environment.

     

    Why LDAP

     

    So, why use LDAP (Lightweight Directory Access Protocol) doesn’t AEM have it’s own user environment? Yes, AEM does have it’s own user environment but if you have a medium to large company odds are you are using some form of LDAP environment to control access to your entire organization. By using an LDAP model this allows you to control access to sensitive material from a single source. As a result less maintenance, if User A has quit or is terminated it is only necessary to disable the account in the LDAP environment to effectively shutdown access to your network and any secured documents. 

     

     

     

    Configuration Options

     

    In order to setup and configure your LDAP in AEM it is important to understand the base structure that AEM uses. When setting up LDAP there are two key elements, the Authentication Model and the Directory Structure.

     

    First, AEM supports a range of LDAP authentication models, LDAP, Kerberos, SAML and custom. For our purposes we will just focus on the LDAP model and we will discuss the Custom options of the configuration as well.

     

    Second, in AEM we configure the directory for a domain. The directory effectively represents the connection to the LDAP server and in this case Active Directory. It is in the directory setup where we configure the Users that we want available and the Groups to retrieve. In a lot of cases companies simply select all users and groups.

     

    In our next article we will look at how to configure the Authentication and Directory Models now that we have determined how our users will interact with the protected documents.

     

    Need a hand?
    Contact Us