Introduction

As an administrator of an Adobe product, you may have traditionally managed your users and controlled their access to various product capabilities through the product's administrative interface. Now you can achieve the same through Adobe's Admin Console. This document explains the benefits of doing so, and also guides you through the process.

The document provides an overview of the steps that are required to transition user management from your current in-product interface to the Adobe Admin Console. It links to other documents that cover the specific how-tos in full detail.

Who should read this document

This document is targeted at the following administrative roles.

Бележка:

The specific names for these roles can differ in the product you manage. 

System administrators

Administrators of the current product who are responsible for user management. This role involves tasks such as:

  • Adding and inviting users to the product 
  • Editing user properties
  • Removing users

Product administrators

Administrators of the current product who are responsible for assigning product permissions to users for access to various product capabilities. This role involves tasks such as:

  • Enabling and revoking permissions to a specific product functionality
  • Assigning a product-specific role to a user

Бележка:

This document is not for the end users. Usually, the migration process is seamless to the end user and does not require their involvement. As a system administrator, you can inform your end users about what to expect from this migration process.

Benefits of migrating to the Admin Console

Why move to the Admin Console

The Adobe Admin Console provides a centralized location to manage the administrators, users, user groups, product permissions, and product roles across all the Adobe products that your organization has purchased.

You can delegate system administrative tasks by creating other system administrators. You can also designate product-specific administrators to manage Adobe products that your organization has purchased. For details, see Administrative roles.

As Adobe introduces new products and services, you can quickly provide your users access to these products from within the Admin Console. You can also manage product-specific permissions and roles by using product profiles.

You can also create user groups to collectively manage product permissions and product roles. Simply create groups of users based on your needs and then assign these user groups to the product profiles that you define.

For more details, see the Admin Console.

Who does migration benefit

System administrators

If you are a system administrator, the Admin Console provides you with a single interface to manage all the users in your organization, irrespective of which Adobe products they use. You can add new users to the Admin Console using their Adobe ID or their enterprise credentials.

For the steps to add users, see Invite Users. You can also add multiple users using a .csv file. The console also provides various bulk operations for managing users.

Product administrators

If you are a product administrator, the Admin Console provides you with a single interface to manage the product-specific permissions and roles for the users in your organization. When Adobe adds new capabilities to the products that your organization uses, you can manage any new permissions for your existing users from within the same interface. When your organization purchases new products from Adobe, you can use the same Admin Console to provide your users access to and manage their permissions and roles for these new products.

For details on how to manage product permissions and roles, see Manage products and profiles.

End users

Your end users have one set of user credentials that they use across all existing and new Adobe products available to your organization.

Pre-migration

You will receive an in-product notification to get you started with the migration.

Email invitation from Adobe to primary system administrator

If your organization is not already using the Admin Console, you will be designated the primary system administrator and will receive an email invitation from Adobe to the Admin Console. To log in, use your Adobe ID credentials.

Migration workflow

Following is an overview of the steps to migrate your user management to the Admin Console.

Step 1: Plan the identity type for your users

The first step is to decide the identity type for your users. Adobe’s identity management system helps admins create and manage user access to applications and services. Adobe offers three varying types of identities or accounts to authenticate and authorize users. They use an email address as the user name. You can choose between any of the following identity types supported by the Admin Console.

  • Federated ID: Created, owned, and managed by an organization and linked to the enterprise directory via federation. The organization manages credentials and processes Single Sign-On via a SAML2 Identity Provider (IdP).
  • Enterprise ID: Created, owned, and managed by an organization. Adobe hosts the Enterprise ID and performs authentication, but the organization maintains the Enterprise ID.
  • Adobe ID: Created, owned, and managed by the end user. Adobe performs the authentication, and the end user manages the identity.

Based on your organizational needs, you can select the most appropriate identity model to implement and use.

Бележка:

Adobe strongly recommends enterprises to make a conscious shift toward adding users only with Federated and Enterprise IDs in their organization. The use of these identity types offers more control over your users and assets from your company domains.

Important: You can either choose to use Federated IDs or  Enterprise IDs (and not both). However, you can choose only one of these identity types with the Adobe IDs. Like, if some of your users are logging into your product with your enterprise credentials (such as johndoe@example.com) and some users are using emails that are from outside your enterprise (such as janedoe@gmail.com).

For details, see the supported identity types.

Step 2: Create Adobe IDs

Бележка:

If you have chosen to use only Enterprise or Federated ID types, you can skip this step in the workflow.

Adobe ID is only recommended if your users are currently logging into your product with an email address that does not belong to your organization's domain. If some of your users are using Adobe ID identity types, request each of them to create an Adobe ID at http://www.adobe.com.

Step 3: Set up a Directory

To use Enterprise IDs or Federated IDs, start by setting up a directory to which you can link one or more domains.

To set up a directory:

  1. Create a directory in the Admin Console.
  2. (Federated ID only) Adobe will provision the directory. This usually takes up to 48 hours.
  3. If you set up your organization for Enterprise ID identity, you can start linking your email domains to the directory.
  4. (Federated ID only) After Adobe has provisioned your directory, configure the SAML settings for the directory.

For details, see Set up identity.

Step 4: Claim your domain (If you have chosen Enterprise or Federated IDs types in Step 1)

Your end users are authenticated against domains that you set up in the Admin Console. If your email address is john@example.com, your domain is example.com. A claimed domain can be used either with Enterprise IDs or Federated IDs, but not both. You can however claim multiple domains.

Your organization must demonstrate its control over a domain to claim it. And, a domain can be claimed only once.

If the domain has already been claimed, like, by another department of the same company, one can request access to it by the domain claim process. The first department to claim the domain (owner) is responsible for approving any requests for access by other departments (trustees). For details, see Directory trusting.

If you’ve set up Federated IDs, Single Sign-On can be configured. When organizations configure and enable Single Sign-On (SSO), users in that organization are able to use their corporate credentials to access Adobe software.

Step 5: Migrate user management

Бележка:

Before you start the migration, one (or both) of the following must be completed:

  • If you have chosen to use Adobe IDs (either entirely or with Enterprise or Federated IDs), your users must have created their Adobe IDs at http://www.adobe.com.
  • If you have chosen to use Enterprise or Federated IDs, you must have claimed the domain for your enterprise.

After your users have created their Adobe IDs and / or you have claimed the domain for your enterprise, you can now initiate the migration process from within your Adobe product.

Step 6: Users receive invitation email

All users that are set up to be managed via the Admin Console receive an email that explains what they have been given access to.

System and product administrators will be able to access to the Admin Console.

End users will be able to log into the product using their credentials.

Post migration

After the migration is complete, the following changes take effect:

System administrators

You no longer manage users in the product.

Use the Admin Console to manage users. For an introduction on how to use the Admin Console, see this article.

If you are the primary (or first) System administrator for your organization on the Admin Console, you can assign administrative roles to other users. These roles can include:

  • Other System administrators
  • Product administrators

Product administrators

You no longer manage users, their permissions, or their roles in the product.

You are assigned administrative privileges to one or more products in your organization. You can create product profiles and assign administrators to the profiles that you create. You can also assign users and user groups to these product profiles. Optionally, you can then assign roles to these users and user groups. 

For details on how to manage product profiles in the Admin Console, see Manage products and profiles.

End users

Your end users will log into the existing product using their credentials. All user information is specific to the Adobe ID or as specified in your enterprise (if you choose Federated or Enterprise IDs).

Този материал е лицензиран под лиценз Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported  Публикациите в Twitter™ и Facebook не попадат под клаузите на Creative Commons.

Правни бележки   |   Правила за онлайн поверителност