The Adobe Admin Console allows a system administrator to configure domains which are used for login via Federated ID for Single Sign-On (SSO). Once ownership of a domain has been demonstrated by use of a DNS token, the domain can be configured to allow users to log-in to Creative Cloud using e-mail addresses within that domain via an Identity Provider (IdP), either as a software service which runs within the company network and is accessible from the internet or a cloud service hosted by a third party which allows for the verification of user login details via secure communication using the SAML protocol.
One such IdP is OneLogin, a cloud-based service which allows users and apps to be configured for access via a web-portal. This document aims to provide the necessary details to configure OneLogin for use with Adobe SSO.
Before configuring a domain for single sign-on using OneLogin as the IdP, the following requirements must be met:
- An approved domain within an existing directory on your Adobe admin console. The status of the directory in the Adobe Admin Console must be Configuration Required, or it can be an existing directory which has previously been configured.
- An App created on the OneLogin web portal.
To Configure Single Sign-On for your domain, perform the below steps:
To enter the required information for your IdP, use the Set Up Domain wizard in the Adobe Admin Console.
- Upload the certificate that you retreived from the OneLogin portal.
- For IdP Issuer, enter the Issuer URL that you copied from the OneLogin portal.
- For IdP Login URL, enter the SAML Endpoint that you copied from the OneLogin portal.
- Set IdP Binding to HTTP - Post.
- For User Login Setting, choose Email.