The Adobe Admin Console allows a system administrator to configure domains which are used for login via Federated ID for Single Sign-On (SSO). Once ownership of a domain is demonstrated using a DNS token, the domain can be configured to allow users to log in to Creative Cloud. Users can log in using email addresses within that domain via an Identity Provider (IdP). The process is provisioned either as a software service which runs within the company network and is accessible from the Internet or a cloud service hosted by a third party that allows for the verification of user login details via secure communication using the SAML protocol.
One such IdP is Okta, a cloud service which facilitates secure identity management.
Before configuring a domain for single sign-on using Okta as the IdP, the following requirements must be met:
- An approved domain for your Adobe organization account. The status of the domain in the Adobe Admin Console must be Configuration Required.
- Okta dashboard configured and accessible with administrative rights for the domain in question.
To Configure Single Sign-On for your domain, perform the below steps:
To enter the required information for your IdP, use the Set Up Domain wizard in the Adobe Admin Console.
- Upload the certificate that you downloaded from Okta.
- Set IdP Binding to HTTP-Post.
- Set User Login Setting to Email address.
- Set the IdP login URL to https://www.adobe.com
- Set the IdP issuer to Okta.