Optimizing Group Management with Dynamic Membership during authentication

Dynamic Group Membership is a powerful capability in Apache Oak that significantly improves the scalability and performance of group synchronization and membership evaluation. Unlike traditional group membership, dynamic groups allow the representation of large external groups without incurring the typical performance overhead.

In this session, we’ll explore how to enable Dynamic Group Membership across various Authentication Handlers — including custom implementations as well as built-in ones like SAML, OAuth, and OIDC. We’ll dive into the distinctions between local and external identities, and between static and dynamic external groups. We’ll examine real-world challenges in migrating from default to dynamic membership synchronization and provide a deep dive into the SAML migration hook implemented in AEM to streamline this transition.

Attendees will gain actionable insights into implementing, configuring, and tuning this feature for optimal performance, along with lessons learned from production deployments.