The domain of the user's email address is the validation check to affirm that the Admin Console organization may create the user.
Just in time user provisioning via SSO authentication
"Just in time" (JIT) user provisioning refers to a configuration in the Adobe Admin Console that automatically creates a new user profile in the configured organization as the result of some configured trigger.
The below documentation describes the configuration process for creating a new user profile in the Acrobat Sign product profile by accessing a URL that points to the admin's organization. When a user triggers the URL, the organization's configured federated solution authenticates the user and creates a profile in the Adobe Admin console.
- The Acrobat Sign account must be entitled through the Adobe Admin Console.
Steps to configure the Admin Console:
The Hostname is inserted into the URL for the login page, providing a unique portal URL your users can authenticate through using your SSO solution.
This additional configuration adds the user to the selected product profile, entitling the user to access a service (in this case, Acrobat Sign):
- Select the Acrobat Sign Solutions product.
- Select the product profile defined for the Acrobat Sign product:
Copy and share the URL in the Product access URL field with your internal users.
When used, this URL creates a new user in your Admin Console and entitles the user to the Acrobat Sign product profile.
The user experience
Once the Admin Console is configured, users in the claimed domain can trigger automatic user creation by attempting to log in to Acrobat Sign by accessing the customer-specific URL for Acrobat Sign (as identified in Step 2 above) or using the Product access URL (created in Step 5 above).
Both options prompt the user to enter an email address, which triggers the authentication process.
The authentication system:
- Parses the domain out of the email address.
- Identifies the Admin Console organization the user should be in (based on the claimed domain).
- Retrieves the SSO configuration information.
- Redirects the user to authenticate against the configured SSO solution.
Upon successful validation from the SSO, the user is:
- Created in the account (if the user does not already exist).
- Added to the product profile (if not already a member).
- Logged in to the Acrobat Sign system.