• Categories

  • AEM Security User Onboarding Decisions (Part II)

    By Frank Preston

    Configuring The Authentication and Directory Models


    As we had shown in our previous blog entry, making the decisions on who we want to share protected documents with is critical in understanding how we need to configure the Authentication and Directory Models.


    AEM allows us to setup multiple or single Domains. In the context of AEM a Domain is any environment that we connect with to gather user information and perform authentication.



    AEM supports connectivity with the following list of LDAP (Lightweight Directory Access Protocol) servers.

    ·       Active Directory 2012

    ·       Active Directory 2008

    ·       Active Directory 2003

    ·       Active Directory LDS

    ·       ADAM

    ·       Sun One

    ·       eDirectory

    ·       Lotus Domino

    ·       Tivoli


    The Custom option is used when you have your own database user environment at which point we would configure a Custom Component, known as the Directory Manager, to connect to the database and import the user data appropriately. When you have a custom database scenario you would also implement a Custom Authenticator to work in the environment. It’s purpose is to either perform a lookup in the database and verify the users password and if the account was active; or to simply call an authentication tool that the client already has available.


    With the synchronisation complete, you are able to select groups or individuals to have access to your documents once they have been protected with a given policy.


    Let’s assume that you want to configure your AEM Security server to provide access to documents for staff only. It is generally straight forward setting this up because you already have an internal LDAP environment.


    If however you want to extend document access to external users how could this be handled? 



    It is unlikely that you would want to onboard your external users into your LDAP environment. There is likely a database with your external users. It is possible within AEM to configure multiple domains of differing types. You can set up one domain for internal users and one domain for external users. The Internal users would be a straightforward LDAP configuration and the external users would be a custom configured database connection and authentication.


    There is also an option to use the AEM’s invited users option where the users are added to the AEM database. This option can be very useful for smaller organizations but in general is not used in larger scaled enterprises.


    To conclude it is clearly important to understand up front whom you wish to distribute documents to and how are they to be managed. This seems like a simple question but it can take a bit of effort to clearly break it down.


    In our next article we will be looking at the planning and decisions related to how you want to structure your Policy’s for internal and external distribution.




    Need a hand?
    Contact Us