Adobe’s identity management system helps admins create and manage user's access to applications and services. Adobe offers three identities types or accounts to authenticate and authorize users.

Identity overview

Identity types allow the organization different levels of control over user's account and data. Your choice of identity model has a considerable impact on the way your organization stores and shares assets. The Federated ID and Enterprise ID models are ideal choice for organizations that needs to control how the users use apps and products, while Adobe ID is better suited for individuals, teams, or freelancers.

In addition to containing all features of Adobe ID, Enterprise IDs and Federated IDs also support the best data practices and ensure effective software deployment and data management. The following table guides you to decide which identity model is the most suitable for your organization based on various factors.

Account-type

Company or school account

Personal account

 


Federated ID

Enterprise ID


Adobe ID

 Key offerings

Created, owned, and managed by the organization. The organization manages user-credentials and uses Single Sign-On (SSO) via a SAML2 Identity Provider (IdP).

Created, owned, and managed by the organization. Adobe performs authentication and the organization retains exclusive rights to create user accounts on verified domains.

Created, owned, and managed by the end user. Adobe performs the authentication, and the end user manages the identity.

Account & Data Ownership

Organization owned and controlled

User-controlled

 

Security & Monitoring

  • Federated ID Event Logs
  • Content Logs
  • Sharing restrictions
  • Organization’s authentication settings
  • Content logs
  • Sharing restrictions
  • Password policy1

Creative Cloud for enterprise

Supported

Partially supported2

Creative Cloud for teams

Not Supported

Supported

Experience Cloud

Supported

Supported

Recommended for

  • Organizations already using SSO or SAML
  • Existing Directory services, such as Google and Azure Active Directory
  • Organizations that require seamless integration with non-Adobe services
  • Create user accounts on verified domains
  • Create user accounts on verified domains
  • Don’t require SSO
  • Creative Cloud for teams
  • Higher Education institutes
  • Want control in user's hand
  • Access apps like Digital Publishing Suite3
  • Users own assets after separation from organization

Get Started

Set up identity

Claim domains

Add User

Бележка:

1 Password policy for Creative Cloud for teams is the same as that for Creative Cloud for individuals.

2 Adobe ID users can be added but not given product entitlements. Migrate your Adobe ID users to another identity type.

3 There are some products and services such as Adobe Licensing Website and Adobe Digital Publishing Suite that only support Adobe ID.

Change identity type

If you are already using an identity type and feel the need to switch your identity model, you can change your end user's identity type as a System Administrator. Edit the following identity types using the Adobe Admin Console:

  • Adobe ID to Enterprise ID,
  • Adobe ID to Federated ID,
  • Enterprise ID to Federated ID, or
  • Federated ID to Enterprise ID.

You need a new or an existing directory to change the identity type of a user from Enterprise ID to Federated ID or vice versa. For more details, see move domains across directories.

Impact on Creative Cloud end users

If you edit the identity type of users from Adobe ID to Federated/Enterprise ID, these users continue to have access to their personally owned Adobe ID. However, they access the organization’s Adobe apps, services, and solutions through the new Federated ID or Enterprise ID assigned to them.

If your users already have Adobe IDs with assets linked to it, they can migrate assets from their Adobe ID accounts to their new enterprise account.

If existing Creative Cloud users were using services that are not included with Creative Cloud for enterprise, their memberships revert to free versions.

Edit Identity Type by CSV

The following procedure enables you to edit the identity type for users in bulk. You can also edit user details such as email addresses and names for users using the Admin Console, User Sync tool, or the User Management API.

  1. Sign in to the Admin Console and navigate to Users.

  2. Click , and select Edit Identity Type by CSV from the drop-down list.

    The Edit Identity Type by CSV dialog box displays.

    Edit Identity Type by CSV
  3. To include users to edit Identity type, download the Current User List or the CSV Standard Template, clicking Download CSV Template.

    The .csv file downloaded, contains the following data.

    Field Name Description
    Identity Type The identity type currently assigned to the user.
    Username User name as it corresponds to the respective user ID.
    Domain Domain as it corresponds to the Enterprise or Federated ID.
    New Identity Type

    Enter the identity type that you want to change to.

    This value controls the ID type assigned to the user. Not case sensitive. The ID type must be valid for the domain.

    Valid values:

    • Federated ID
    • Enterprise ID
    • Adobe ID
    New Email

    Valid email address.

    60 character maximum.

    A name and domain. If the identity type is Enterprise ID or Federated ID, the domain must be claimed and activated by the organization. The user name determines the account name. 

    For other account types, it is the email address used for the user and account name. 

    See RFC 2822 sec 3.4.1

    New Username

    Restricted to ASCII.

    User name as it corresponds to the respective user ID.

    For Adobe ID type users, the user name that is defined for the Adobe ID of the user.

    Only used in Enterprise administered domains. Account name to be used for this user. Restrictions to an email address and the same email address can be imposed by the domain owner. 

    Maximum length is 255 characters.

    New Country Code

    A two-letter country code (for example, United States = "US").

    For Adobe ID type users, enter the country code that is defined for the Adobe ID of the user.

    If present, check to ensure that the user is from a country where Adobe does the business. It is present for Enterprise administered accounts.

    To determine the Country Code, see https://www.iso.org/obp/ui/#home.

    For more information, see ISO 3166-1 alpha-2 Country Codes

  4. Open the .csv file in an application capable of editing CSVs and edit the identity types, as required.

    Бележка:

    When you are editing the identity type from Adobe ID to Federated/Enterprise ID, the email address for Adobe ID must match the one for enterprise account.

    Adobe ID email Federated ID or Enterprise ID email Edit identity type
    janedoe@xyz.com janedoe@xyz.com Success
    johndoe@adobe.com johndoe.@xyz.com Fail
  5. Open the Edit Identity Type by CSV dialog box, and upload the updated .csv file. Ensure that this file is saved with UTF-8 encoding.

    Once the process is complete, you receive a notification email.

This process migrates the permissions and provisioned products for all migrated users. The users whose identity has changed, receive a notification to use their new Enterprise/Federated ID account when working with the Adobe products they have been provisioned.

In addition, if your users were previously using Adobe IDs and have assets linked to it, these users will be requested to consent to the Asset Migration process. The Asset Migration process automatically moves the users' assets from their Adobe ID account to their Enterprise account.

Asset migration

When you edit the identity type of the users from Adobe ID to Federated ID/Enterprise ID, users can migrate the supported content from their existing company assigned Adobe ID account to their new enterprise account. The migration can be done in two ways:

For users to automatically migrate their content, they must be assigned access to storage/services for both, Creative Cloud and Document Cloud. For users to have access to storage for Creative Cloud and Document Cloud, do one of the following:

  • Assign a Product Profile which offers the Creative Cloud All Apps plan with storage, and has the PDF Services turned On.
  • Assign a Creative Cloud Product Profile with storage, and a Document Cloud Product Profile with storage (excludes desktop only offers) and PDF Services turned On.

Бележка:

All product licenses that the user is assigned to, must have storage included. Otherwise, Asset Migration fails. For example, an Adobe ID user allocated to a single app license for Photoshop with no storage and another single app license for XD with 100-GB storage cannot migrate the assets automatically.

After the Edit Identity Type process is complete, the end-user receives an email notification with the details to migrate their assets.

As the IT Admin, you can download the Asset Migration completion status report for all the users that were part of the Edit Identity process. To download the report, do the following:

  1. Navigate to Admin Console > Users.

  2. Click  and select Export migration report to CSV from the drop-down list.

    The report is downloaded.

This report tells you who has granted consent, who has denied consent, and who hasn’t taken any action yet. To know about the type of content that the migration process supports, see Asset Migration FAQ.

Бележка:

Sometimes, the automatic Asset Migration process cannot be triggered for a few users. These users receive a notification to transfer their content manually, and are excluded from the migration report.

Join the conversation

ask-the-community

If you have any questions or observations around the topics, concepts, or procedures described in this article, join the discussion.

Join Now


Този материал е лицензиран под лиценз Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported  Публикациите в Twitter™ и Facebook не попадат под клаузите на Creative Commons.

Правни бележки   |   Правила за онлайн поверителност