Adobe-supported domain identity types

When you are setting up your Adobe Admin Console, you need to decide which type of users you plan to create.

Adobe supports three identity or account types; they use an email address as the user name.

Adobe ID

is created, owned, and managed by the end user. Adobe performs the authentication and the end user manages the identity. Users retain complete control over files and data associated with their ID. Users can purchase additional products and services from Adobe. Admins invite users to join the organization, and can remove them. However, users cannot be locked out from their Adobe ID accounts. And the accounts can't be deleted or taken over by the admin.

Enterprise ID

is created, owned, and managed by an organization. Adobe hosts the Enterprise ID and performs authentication, but the organization maintains the Enterprise ID. End-users cannot sign up and create an Enterprise ID, nor can they sign up for additional products and services from Adobe using an Enterprise ID.

Federated ID

is created and owned by an organization, and linked to the enterprise directory via federation. The organization manages credentials and processes Single Sign-On via a SAML2 identity provider.

For details on identity types, see Manage identity types.

To use Enterprise ID or Federated ID, set up your own authorization source by claiming a domain. For example, if your email address is john@example.com, example.com is your domain. A claimed domain permits the creation of Enterprise IDs or Federated IDs with email addresses on the claimed domain.

For more details, see Claim a domain.

Request access to a claimed domain

A domain can only be claimed by a single organization. So consider the following scenario:

A company, Geometrixx, has multiple departments, each of which has their own unique Admin Console.. Also, each department wants to use either Enterprise or Federated user IDs, all utilizing the geometrixx.com domain.  In this case, the system administrator for each of these departments would want to claim this domain for identity use. The Admin Console prevents multiple departments from claiming the same domain. However, once claimed by a single department, other departments can request access to it through the domain claim process.

The first department to claim the domain (owner) will be responsible for approving any requests for access by other departments (trustees).

Manage request access by trustee organization

If you plan to use Enterprise or Federated ID on your Admin Console, you must claim the domain associated with your organization. If this domain is previously claimed by another organization, you will need to request access to the domain as a trustee.

Request access

  1. Sign in to the Admin Console.

  2. Navigate to Identity > Domain Configuration and click Claim or access a Domain.

  3. Enter the domain you wish to claim.

  4. Choose an identity type and click Submit.
    If the domain has already been claimed by another organization, you are prompted with the following message:

    Note:

    If the domain has not been claimed, follow the procedure detailed in Claim a domain.

  5. To request access to the domain, click Yes.
    An email request is sent to the system administrators of the owning organization.

    Note:

    Your name, email, and organization name, will be shared in the request to the system administrators of the owning organization.

Note:

The type of domain (Enterprise or Federated) depends on how it was set up by the owning organization. This implies that if the domain is already claimed, you (trustee) cannot choose or change the type of domain setup.

Note:

Since the domain has already been set up by the owner (see Claim a domain for details), as the trustee, you will not need to take any additional action. As soon as the trust request is accepted by the owner, your organization will have access to the domain as it has been configured.

Check request status

After you have made a request for a claimed domain, you can check the status of the request.

  1. In the Admin Console, navigate to Identity Domain Configuration.
    The list displays the active domains as well as domains for which you are awaiting acceptance.

    List of claimed and requested domains
  2. Click a domain name to view details of the current request.

  3. If the domain request is pending, you can choose to send a reminder to the organization that owns or has previously claimed the domain.
    Or you can choose to withdraw your request for the claimed domain.
    If your request for the domain is accepted by the owning organization, you will receive an email notification. The status of you request on the Domain Configuration tab is also updated.

  4. You can now manage Enterprise or Federated ID users for the requested domain in your organization.
    For more details, see Manage users.

Withdraw trustee status

If trustee organizations no longer has a need to access the trusted domain, they may withdraw their trustee status at any time.

  1. In the Domain Configuration tab, click the owning domain from which you want to withdraw your trustee status.
    The Domain Details tab displays the details of the owning domain.

  2. Click Withdraw trustee status.

  3. In the confirmation dialog, click Yes.

If you withdraw your access to an owning domain, any users that belong to the domain (meaning that they log in using the domain credentials) will be removed from your organization. Also, these users will lose access to any software granted to them by your organization.

Note:

This operation cannot be undone.

Manage request access by owning organization

As a system administrator of an owning organization, you can choose to accept or reject the requests for access to the domains that you own. 

When you get an email request for access to a claimed domain, you can either choose to accept or reject the request from within the email itself. You can also go to the Domain Access Requests tab to manage the claim request.

Accept request

  1. Sign in to the Admin Console.

  2. Navigate to Identity > Domain Access Requests.

    List of claimed and requested domains
  3. Click Accept.
    You are prompted with a confirmation dialog.

    When you give a trustee organization access to a domain that you own, you give the trustee rights to add users to that domain.

    Note:

    A trustee organization can add users to a domain that you own, but that organization cannot remove users from the domain. As the system administrators of the owning domain, you will need to remove users created by trustee organizations. However, if the organization withdraws its trustee status, all the users of that organzation will be removed from the domain.

  4. If you want to monitor this activity, click the checkbox to be notified by email when a trustee organization system administrator adds users to the domain that you own.

  5. Click Yes.
    An email is sent to the system administrators of the trustee organization.
    Also, the status is updated in your Domain Confirmation tab.

    In the above example, there are two trustee organizations for the geometrixx.com domain.

  6. To view details of the domain, click the domain name in the Domain Configuration tab.

  7. In the Domain Details tab, you can also manage the new user email notifications for each trustee organization.

Reject request

You can also choose to reject the request for access to a domain that you own.

  1. In the Admin Console, navigate to Identity > Domain Access Requests.

  2. Click Reject.
    You are prompted with a confirmation dialog.

  3. Enter a reason for the rejecting the request and click Yes.

Note:

The reason that you provide will be shared with the requesting organization. However, your email, name, and organizational information will be withheld.

Revoke access

You can revoke the access of a trustee organization for which you have previously given access.

  1. In the Admin Console, navigate to Identity > Domain Access Requests.

  2. For the trustee organization, click Revoke.

  3. You are prompted with a confirmation dialog.

  4. Enter the reason and click Yes.

If you revoke the access of a trustee organization, any users that belong to the domain (meaning that they log in using the domain credentials) will be removed from your organization. Also, these users will lose access to any software granted to them by your organization.

Note:

This operation cannot be undone.

Manage users of trustee organization

When an owning organization gives access to a trustee organization, the trustee can then add users to the owning organization.

This means that the users added by a trustee organization are managed primarily by that organization. The owning organization user list contains only users that are added by that organization.

However, as the owning organization, you can manage the users of all trustee organizations.

You might need to manage a domain user, if you need to:

  • delete a user that has left the company (user should no longer be able to log in and receive software).
  • troubleshoot user login issues for Federated ID users 
  • change information about the user, such as their first or last name.

To manage users of a trustee organization, do the following:

Let's add something about why you might need to manage the domain user - 1) you need to delete a user that has left the company (they should no longer be able to login and receive software).  2) the user has a problem logging in using their federated ID.  This screen allows troubleshooting.3) you need to change information about the user, such as their last name.
  1. In the Admin Console, navigate to Identity > Domain Configuration.

  2. Click the trustee organization.

  3. In the details page, click the Domain Users tab.
    This list contains all the users of this domain, including users of trustee organizations.

Delete or remove a user to revoke access to apps and services:

  • Select the users by clicking the check box next to the email address, and click .

Note:

If you only want to revoke access to products and services, without deleting any associated data, do not delete the user but remove the user from any product configurations that confer entitlements.

You can also edit the details of a specific user:

  1. In the Admin Console, navigate to Identity > Domain Configuration.

  2. Click the trustee organization.

  3. Click the user name in the Domain Users list.

  4. Edit the user settings in the Account Settings tab.

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License  Twitter™ and Facebook posts are not covered under the terms of Creative Commons.

Legal Notices   |   Online Privacy Policy