Overview

The Adobe Admin Console allows a system administrator to configure domains which are used for login via Federated ID for Single Sign-On (SSO). Once ownership of a domain is demonstrated using a DNS token, the domain can be configured to allow users to log in to Creative Cloud. Users can log in using email addresses within that domain via an Identity Provider (IdP). The process is provisioned either as a software service which runs within the company network and is accessible from the Internet or a cloud service hosted by a third party that allows for the verification of user login details via secure communication using the SAML protocol.

One such IdP is Okta, a cloud service which facilitates secure identity management.

Prerequisites

Before configuring a domain for single sign-on using Okta as the IdP, the following requirements must be met:

  • An approved domain for your Adobe organization account. The status of the domain in the Adobe Admin Console must be Configuration Required.
  • Okta dashboard configured and accessible with administrative rights for the domain in question.

Download the security certificate from Okta

To download the security certificate from Okta, perform the below steps:

  1. On the Okta dashboard, navigate to Applications > Add Application, and click Create New App.

    okta1
  2. Fill-out the general settings as below, and click Next.

    • App name: Adobe Creative Cloud
    • App visibility:
      • Select Do not display application icon to users.
      • Select Do not display application icon in the Okta Mobile app.
    okta2
  3. Click Download Okta Certificate.

    okta_revised
  4. Change the filename extension of the certificate downloaded form the Okta Dashboard to ".cer" to allow it to be uploaded to the Adobe Admin Console.

Configure Okta inside Adobe Admin Console

To Configure Single Sign-On for your domain, perform the below steps:

  1. To enter the required information for your IdP, use the Set Up Domain wizard in the Adobe Admin Console.

    • Upload the certificate that you downloaded from Okta.
    • Set IdP Binding to HTTP-Post.
    • Set User Login Setting to Email address.
    • Set the IdP login URL to https://www.adobe.com
    • Set the IdP issuer to Okta.
    Set Up Domain
  2. Click Complete Configuration.

  3. To save the updated SAML XML Metadata file on your computer, click Download Metadata. Use this file to configure your SAML integration with Okta.

    Edit SSO Configuration
  4. Return to the Okta Dashboard and complete the App Setup wizard. Open the metadata saved from the Adobe Admin Console in a web browser (for example, Internet Explorer) and copy the values from the following fields, as per the example screenshot below:

    • AssertionConsumerService
    • EntityID
    metadata
  5. Click Activate Domain.

    Your domain is now active.

Configure Okta

To set up SSO with Okta, follow the below steps:

  1. Click Show Advanced Settings.

    okta4
  2. Modify the Attribute Statements as follows:

    • FirstName = user.firstName
    • LastName = user.lastName
    • Email = user.email
    okta5
  3. Click Finish and access the newly created Adobe Creative Cloud app.

  4. Go to Sign-On > View Setup Instructions.

    okta6
  5. To replace the dummy values previously entered into the Adobe Admin Console, obtain the following information:

    • Identity Provider Single Sign-On URL
    • Identity Provider Issuer
    • X.509 Certificate
    okta7

Finalize Configuration within Adobe Admin Console

To update the latest certificate to the Adobe Admin Console, perform the below steps.

  1. Return to the Adobe Admin Console, and navigate to Settings > Identity.

  2. Click the name of the domain, and click Edit SSO Configuration.

  3. Fill in the information obtained from the Okta Dashboard as below, and click Save.

    • IDP Certificate: X.509 Certificate
    • IDP Issuer: Identity Provider Issuer
    • IDP Login URL: Identity Provider Single Sign-On URL
    Edit SSO configuration
  4. Test the user access for a user who you have defined in your own identity management system and in the Adobe Admin Console, by logging in to the Adobe website or the Creative Cloud Desktop app.

If you need assistance with your Okta single sign-on configuration, navigate to Support in the Adobe Admin console, and open a ticket.

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License  Twitter™ and Facebook posts are not covered under the terms of Creative Commons.

Legal Notices   |   Online Privacy Policy