Just in time user provisioning via SSO authentication

Overview

"Just in time" (JIT) user provisioning refers to a configuration in the Adobe Admin Console that automatically creates a new user profile in the configured organization as the result of some configured trigger.

The below documentation describes the configuration process for creating a new user profile in the Acrobat Sign product profile by accessing a URL that points to the admin's organization. When a user triggers the URL, the organization's configured federated solution authenticates the user and creates a profile in the Adobe Admin console.

Prerequisites

Steps to configure the Admin Console:

  1. Claim the domains to be used in your Admin Console organization.

    The domain of the user's email address is the validation check to affirm that the Admin Console organization may create the user.

  2. Optionally define your unique Hostname in your Acrobat Sign account.

    The Hostname is inserted into the URL for the login page, providing a unique portal URL your users can authenticate through using your SSO solution.

    Hostname in the URL

  3. Configure your Admin Console organization to use a federated SSO solution.

    The SSO solution provides the identity validation that approves the creation of the user. 

  4. Enable automatic account creation in the Admin Console organization.

    • This core account creation method adds the user to the Admin Console organization as a known user.   
  5. Configure the Admin Console to add the requesting user to the Acrobat Sign product profile.

    This additional configuration adds the user to the selected product profile, entitling the user to access a service (in this case, Acrobat Sign):

    • Select the Acrobat Sign Solutions product.
    • Select the product profile defined for the Acrobat Sign product:
       
    Select the Acrobat sign profile and associated product profile

  6. Copy and share the URL in the Product access URL field with your internal users.

    When used, this URL creates a new user in your Admin Console and entitles the user to the Acrobat Sign product profile.

    Product access URL

The user experience

Once the Admin Console is configured, users in the claimed domain can trigger automatic user creation by attempting to log in to Acrobat Sign by accessing the customer-specific URL for Acrobat Sign (as identified in Step 2 above) or using the Product access URL (created in Step 5 above).

Both options prompt the user to enter an email address, which triggers the authentication process.

The authentication system:

  1. Parses the domain out of the email address.
  2. Identifies the Admin Console organization the user should be in (based on the claimed domain).
  3. Retrieves the SSO configuration information.
  4. Redirects the user to authenticate against the configured SSO solution.

Upon successful validation from the SSO, the user is:

  1. Created in the account (if the user does not already exist).
  2. Added to the product profile (if not already a member).
  3. Logged in to the Acrobat Sign system.

 Adobe

Get help faster and easier

New user?