Overview

The Adobe Admin Console allows a system administrator to configure domains which are used for login via Federated ID for Single Sign-On (SSO). Once the ownership of a domain is demonstrated, the domain can be configured to allow users to log in to the Adobe Creative Cloud. Users can log in using email addresses within that domain via an Identity Provider (IdP). The process is provisioned either as a software service which runs within the company network and is accessible from the Internet, or a cloud service hosted by a third party which allows for the verification of user login details via secure communication using the SAML protocol.

One such IdP is Google, a cloud-based service which facilitates secure identity management.

Prerequisites

Before configuring a domain for single sign-on using Google as the IdP, the following requirements must be met.

  • Administrative access to both the Adobe Admin Console and the Google Admin Console.
  • An approved domain for your Adobe organization account. The status of the domain in the Adobe Admin Console must be Configuration Required.

Set up Google Admin Console

To set up SSO with Google, follow the below steps:

  1. In the Google Admin Console, navigate to Apps > SAML Apps, and click .

    The Enable SSO for SAML Application screen displays.

    Enable SSO for SAML Application
  2. Click Setup My Own Custom App.

    The Google IdP Information screen displays.

    screenshot_2
  3. Copy the SSO URL and Entity ID. To download the certificate, click Download under Option 1.

    And, change the .pem extension of the certificate file to .cer by renaming the file.

  4. Click Next. The Basic Information for Your Custom App screen displays.

  5. Click Next. The Service Provider Details screen displays.

Configure Adobe Admin Console

To Configure Single Sign-On for your domain, perform the below steps:

  1. To enter the required information for your IdP, use the Set Up Domain wizard in the Adobe Admin Console.

    • Upload the certificate
    • For IdP Issuer, enter the Entity ID that you copied from Google Admin Console.
    • For IdP Login URL, enter the SSO URL that you copied from Google Admin Console.
    • Set IdP Binding to HTTP - Post.
    • For User Login Setting, choose Email.
    Set Up Domain
  2. Click Complete Configuration.

  3. To download the SAML XML Metadata file, click Download Metadata.

  4. In the Metadata file, locate the strings entityId and Location.

    Metadata file

Configure the Google Admin Console

  1. Return to G-Suite, to the Service Provider Details screen.

    • For ACS URL, enter the Location that you copied from Adobe Admin Console.
    • For Entity ID, enter the Entity ID that you copied from Adobe Admin Console.
    Service Provider Details
  2. Click Next, and on the Attribute Mapping screen that displays, click Add New Mapping.

    Attribute Mapping
  3. Click Finish.

    Add new mapping
  4. On the Setting up SSO for Adobe dialog box, click OK.

    screenshot_9
  5. Change the Settings for Adobe Creative Cloud to On for Everyone.

    Settings for Adobe Creative Cloud
  6. Return to the Adobe Admin Console, and click Activate Domain.

    Your domain is now active. You can start adding users, clicking Add Users.

Test Adding a User

  1. On the Add a User screen:

    • Enter the email address of the user.
    • Select Add as Federated ID User.
    • Enter the SSO Username for the user.
    • Select the Country of the user.
    • Enter the First and Last name of the user.

    Caution:

    It is mandatory to enter the First and Last name.

  2. Navigate to Assign Products. The list of products that displays, is based on the purchase plan of your organization.

  3. Select a product and select a profile for the product. To add another product, select the product and add a product profile.

    Click Save.

The user can now start using the account.

If you need assistance with the Google single sign-on configuration, navigate to Support in the Adobe Admin console, and open a ticket.

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License  Twitter™ and Facebook posts are not covered under the terms of Creative Commons.

Legal Notices   |   Online Privacy Policy