Note:
If you have a functioning SAML-based SSO configured with Google Identity, we recommend that you keep your current setup. An upcoming feature will allow you to automatically migrate users and SSO configuration.
Configure Single Sign-On (SSO) with Google Admin Console to manage users and entitlements for your Adobe apps and services. In this scenario, the Adobe Admin Console uses Google as the Identity Provider (IdP).
Google federation combines the processes of directory creation, domain claim, SSO-setup, SAML-app creation, and user provisioning into a simple workflow involving steps in the Google Admin Console and Adobe Admin Console. Google users linked with the Adobe Admin Console are unique and can be assigned to one or more product profiles.
Once the Connector setup is complete, an initial sync imports all users from the Google Admin Console. Thereafter, syncing is performed periodically to keep users in the Adobe Admin Console up-to-date. System Administrators of the Adobe Admin Console receive a notification email including a summary of added or removed users in case of a change.
By using the Google ID federation and sync tool, you save time and effort in the following ways:
- No replication of steps such as domain claim, as the two Admin Consoles connect directly
- Quick set up and initiation of the Initial sync through a seamless workflow
- The Google Admin Console becomes the one place to manage all users
- Easy to onboard and offboard users directly from the associated groups in G-Suite
- No additional service or API setup needed to sync to the Adobe Admin Console
To integrate Adobe Admin Console user management with that of Google, your organization needs the following:
- You are an administrator in the Google Admin Console
- You have verified domains in the Google Admin Console
- You are familiar with Google's SAML Apps catalog in G Suite
If you meet the prerequisites, it's time to set up the integration and provision Adobe applications and services to your end users.
Note:
The set up process consists of required steps in both the Adobe and Google Admin Consoles in a parallel workflow. It is recommended to have both Consoles readily available in separate windows during the set up process.
- Choose your primary domain and verify it in G Suite.
- Add your organization's user data to G Suite. You can also migrate your organization's data to G Suite.
Once the Google Admin Console is set up and ready, follow the following steps in their respective windows (Google Admin Console or Adobe Admin Console):
-
Sign in to Adobe Admin Console and click Settings. On the Identity page, click Create Directory.
-
To sync users to the Adobe Admin Console, you are required to create a SAML Adobe app and set up user provisioning in the Google Admin Console. Follow the steps here and return to the Configure Google screen in the Adobe Admin Console. Then, click Confirm to complete the setup.
-
Sign in to the Google Admin Console using your admin credentials. On the Home screen, go to Apps. Then open SAML apps.
-
Download the IDP metadata under Option 2 on the Google IdP Information screen and click Next. Go to the Configure Google screen in the Adobe Admin Console and upload this file under the Step 3: Upload Google Metadata.
-
Confirm the Basic Information for Adobe on the next screen and move to the Service Provider Details window. Enter the ACS URL and Entry ID provided on the Configure Google screen. Check the Signed Response box and click Finish.
-
Copy the Authorization Token and the SCIM Endpoint from Step 4 of the Configure Google screen in the Adobe Admin Console and enter these in the Step 1 and 2 of Google User Provisioning setup respectively..
-
The provisioning status changes to ON and a summary of the sync status is displayed. Now, go to the Configure Google screen to complete setup and start the user sync.
Domains and directories start to sync from the Google Admin Console. Details like users synced are displayed in the Details section under Settings tab.
Once the sync is complete, you can assign products to the end users.
Once the sync is completed, all users are imported to the Adobe Admin Console. You can now create appropriate product profiles and associate them to users to fine-tune their product assignments. For more information, see Manage products and profiles.
Your organization can decide how to deploy applications to end users, in either an IT-managed packages or self-serve download and install Creative Cloud Desktop App. See more information on packaging and deployment options.
Twitter™ and Facebook posts are not covered under the terms of Creative Commons.