The Google federation connects the Google Admin Console to the Adobe Admin Console and simplifies the SSO setup and user provisioning processes. The connector automates the process of importing Google users to the Adobe Admin Console.

Бележка:

If you have a functioning SAML-based SSO configured with Google Identity, we recommend that you keep your current setup. An upcoming feature will allow you to automatically migrate users and SSO configuration.

Overview

Configure Single Sign-On (SSO) with Google Admin Console to manage users and entitlements for your Adobe apps and services. In this scenario, the Adobe Admin Console uses Google as the Identity Provider (IdP). 

Google federation combines the processes of directory creation, domain claim, SSO-setup, SAML-app creation, and user provisioning into a simple workflow involving steps in the Google Admin Console and Adobe Admin Console. Google users linked with the Adobe Admin Console are unique and can be assigned to one or more product profiles.

Once the Connector setup is complete, an initial sync imports all users from the Google Admin Console. Thereafter, syncing is performed periodically to keep users in the Adobe Admin Console up-to-date. System Administrators of the Adobe Admin Console receive a notification email including a summary of added or removed users in case of a change.

Benefits

By using the Google ID federation and sync tool, you save time and effort in the following ways:

  • No replication of steps such as domain claim, as the two Admin Consoles connect directly
  • Quick set up and initiation of the Initial sync through a seamless workflow
  • The Google Admin Console becomes the one place to manage all users
  • Easy to onboard and offboard users directly from the associated groups in G-Suite
  • No additional service or API setup needed to sync to the Adobe Admin Console

Prerequisites

To integrate Adobe Admin Console user management with that of Google, your organization needs the following:

  • You are an administrator in the Google Admin Console
  • You have verified domains in the Google Admin Console
  • You are familiar with Google's SAML Apps catalog in G Suite

Set up Google Admin Console Federation

If you meet the prerequisites, it's time to set up the integration and provision Adobe applications and services to your end users.

Бележка:

The set up process consists of required steps in both the Adobe and Google Admin Consoles in a parallel workflow. It is recommended to have both Consoles readily available in separate windows during the set up process.

Set up your users using the Google Admin Console.

Once the Google Admin Console is set up and ready, follow the following steps in their respective windows (Google Admin Console or Adobe Admin Console):

  1. Sign in to Adobe Admin Console and click Settings. On the Identity page, click Create Directory

  2. On the Create a Directory screen, do the following and click Start.

    • Enter a name for the directory
    • Select the Federated ID card
    Federated Id
  3. Select Google and then click Next, then click Log in to Google on the next instruction screen. You can go through the steps mentioned in the instructional screen to sync SAML settings and users from Google.

    Microsoft Azure
  4. You are redirected to the Google sign-in page. Enter admin email and password, then click Next. Review the consent prompts and grant permissions. Then, click Allow to give Adobe.com access to your Google account.

    Azure sign-in permission
  5. Return to Adobe Admin Console, review your G Suite information and click Confirm.

    Confirm directory details
  6. Select the domains to sync with Adobe Admin Console, click Sync, and then click Next.

    Claim domains

    Бележка:

    Only the domains with the status Ownership validated can be selected and synced. Other domains need to be ownership-verified in the Google Admin Console before syncing.

  7. To sync users to the Adobe Admin Console, you are required to create a SAML Adobe app and set up user provisioning in the Google Admin Console. Follow the steps here and return to the Configure Google screen in the Adobe Admin Console. Then, click Confirm to complete the setup.

    Sync users confirmation

To sync users from the Google Admin Console, you need to follow the steps below:

  1. Sign in to the Google Admin Console using your admin credentials. On the Home screen, go to Apps. Then open SAML apps.

  2. Click the + sign to add a new SAML app and scroll down to select Adobe from the list. Make sure you select Adobe and not Adobe Sign from the list.

    New SAML App select
  3. Download the IDP metadata under Option 2 on the Google IdP Information screen and click Next. Go to the Configure Google screen in the Adobe Admin Console and upload this file under the Step 3: Upload Google Metadata.

    Google ID information
  4. Confirm the Basic Information for Adobe on the next screen and move to the Service Provider Details window. Enter the ACS URL and  Entry ID provided on the Configure Google screen. Check the Signed Response box and click Finish.

    Service provider details
  5. On the Setting up SSO for Adobe dialog, click Setup now, then click Set up user provisioning button in the User Provisioning section.

  6. Copy the Authorization Token and the SCIM Endpoint from Step 4 of the Configure Google screen in the Adobe Admin Console and enter these in the Step 1 and 2 of Google User Provisioning setup respectively..

  7. On the Map Attributes step, leave the attributes unchanged and click Next. If you want to sync only some of your user groups, enter the names in the Set provisioning scope dialog, otherwise, leave this empty and sync the whole directory. Then, click Finish.

    Map attributes
  8. The User Provisioning section is displayed with the Provisioning Status as OFF. Click Edit Service and select ON for everyone in the Service Status and click Save.

    Service status
  9.  Review the User provisioning dialog and click Activate to complete set up.

  10. The provisioning status changes to ON and a summary of the sync status is displayed. Now, go to the Configure Google screen to complete setup and start the user sync.

    User provisioning

Domains and directories start to sync from the Google Admin Console. Details like users synced are displayed in the Details section under Settings tab.

Sync screen

Once the sync is complete, you can assign products to the end users.

Next steps

Once the sync is completed, all users are imported to the Adobe Admin Console. You can now create appropriate product profiles and associate them to users to fine-tune their product assignments. For more information, see Manage products and profiles.

Your organization can decide how to deploy applications to end users, in either an IT-managed packages or self-serve download and install Creative Cloud Desktop App. See more information on packaging and deployment options.

Този материал е лицензиран под лиценз Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported  Публикациите в Twitter™ и Facebook не попадат под клаузите на Creative Commons.

Правни бележки   |   Правила за онлайн поверителност