In addition to the technical setup of a single sign-on (SSO) integration, Acquia DAM admins need to consider a few questions about user management:
Will all roles in the DAM authenticate via the SSO?
Should users be assigned into specific roles in the DAM?
As a DAM admin, do you want to manually assign a role to each new user or do you want role assignment to be automated?
To help you decide, we’ll walk you through the three options for user management and authentication that you can use for simple one-way and SAML. You’ll work with an SSO admin in your IT department to set up the method of your choosing.
With this option, new users generate a default SSO registration code the first time they log in using SSO and automatically get assigned a role in DAM. Typically, it’s a basic one like General User. The DAM admin can decide whether they want new users automatically approved or whether they want to manually approve and assign each one to the appropriate role.
Pros
This is the easiest user management method to implement.
The DAM admin can edit user accounts without involving the SSO admin.
Cons
This could require the DAM admin to edit user accounts each time a new user logs in via SSO.
Users might have to wait for an admin to approve their account.
For this, the DAM admin creates a registration code for each DAM role and the SSO admin creates a code attribute in the identity provider (IdP) to send values that match registration code names. So, new users automatically get assigned a specific role in DAM when they log in. If needed, the DAM admin can edit a user account and update their role.
Pros
The DAM admin doesn’t need to approve and update each new user account, but can do so without involving the SSO admin.
Cons
If a new role and registration code is created or an existing code is edited, the SSO admin needs to make the necessary updates in the IdP.
With this option, the SSO admin creates a roles attribute in the IdP. Each time a new user logs in using SSO, they automatically get assigned a DAM role that matches a role in the IdP. If a user needs their role changed, the DAM admin contacts the SSO admin to make the change in the IdP.
Pros
The DAM admin doesn’t need to approve and update each new user account.
Cons
The DAM admin cannot edit a user’s role without involving the SSO admin.
If a role is created or edited, the SSO admin needs to make the necessary updates in the IdP.
Did not find what you were looking for?
If this content did not answer your questions, try searching or contacting our support team for further assistance.