This document is a step-by-step guide, but there is more detailed information on Adobe Admin Console and on each of the steps at the Enterprise page.
Get access to Spark with Premium Features
As the IT Administrator of your school, if you already have Adobe products, Spark with Premium Features is available on your Adobe Admin Console.
Prepare to deploy
Identify the domain administrator in your school/district.
The school/district owns the named user licenses given to K-12 (Primary/Secondary) students (For Adobe Spark or All Apps). So, these licenses must be deployed using Enterprise or Federated IDs. As part of the setup, you have to prove that you own the domain, by updating the DNS records. If you do not have access, ensure that you let the domain admins know to make that update for you.
Plan the Identity system for your organization. Decide if you want to set up Enterprise ID users or Federated ID type users.
Adobe ID Not Supported. Only Enterprise and Federated IDs are permitted for K-12 (Primary/Secondary). Enterprise ID Your organization owns and manages the Enterprise IDs. End users sign in using the passwords they specify to sign in. Federated ID Federated IDs allow users to sign in using your organization's Single-Sign On (SSO). End users sign in using the same user name and password that they use for signing in to all other apps and services. For example, Google orActive Directory File System (ADFS).
If you want to set up single sign-on (SSO), identify the administrator for the school-provided IDs (login credentials).
Set up SSO if students have Google Suite IDs provided to them, and you want to use these IDs to sign in to Adobe apps. If you do not want to set up single sign-on, use Enterprise IDs.
Start by signing in to the Admin Console with the admin account.
1.a. Create a directory and add a domain
Click Add Domains. Enter your domains and click Next.
Ensure that you claim the domains that your users have for their login ID. For example, if a user signs in with firstname.lastname@example.org, then claim schoolabc.edu.
If users sign in using several domains (For example, if you have separate domains for teachers and students), claim all of them here. You can claim more than one domain at a time by adding comma-separated values. (For Example, schoolabc.edu, abcteachers.edu, abc staff.edu)
Return to the Adobe Admin Console. If your domain has not been automatically validated, click Validate. Then, click Validate Now.
You receive an email notification when your domain is validated.
1.b. Configure Single Sign-On (Optional)
The following procedure walks you through the basic steps for configring SSO. For more detailed instructions and concepts, see Set up identity.
For illustration purposes, this document follows the steps to configure SSO with Google Suite for Education. Instructions for some common Identity Providers (IdPs) can be found here- Microsoft ADFS, Microsoft Azure, Shibboleth IdP, Okta, InCommon. If you don’t see your IdP here or if you need assistance, contact your IdP.
The Google IdP Information screen displays. Note the SSO URL, Entity ID, download the certificate, and click Next.
Change the .pem extension of the certificate file to .cer by renaming the file.
If there are multiple certificate types, choose the SHA-1 certificate. Also, the certificate must be in PEM format. If you are unsure about certificate type and format, contact your identity provider.
Go back to the Adobe Admin Console. Navigate to Settings > Identity > Directories, and click Configure for the relevant directory.
On the Configure Directory screen, do the following:
- Upload the certificate.
- Paste the Entity ID and SSO URL.
- Select HTTP - Post as the IdP Binding.
- Select Email as the User Login Setting.
- Click Complete Configuration.
Now, in the Adobe Admin Console, on the Configure Directory screen. To confirm that you have completed the configuration with your Identity Provider, select the check-box and click Complete.
Your directory is now configured for Single Sign-On, you can start adding users to your directory.
To test your setup, you can add a user, and sign in using the new user account. You can choose an existing email address that you have access to or create one for this test.
2.a. Add a user
To assign products to the user, navigate to Assign Products. Click a product, select a profile for the product, and save the changes.
The list of products that displays, is based on the purchase plan of your organization. For details on products and profiles, see Manage products and profiles.
2.b. Sign in as the new user
To sign in as the user that you created, open the website for Adobe Spark, click Log In > Log In With Adobe ID. Then, sign in using your email address and password.
If the email address has both, a personal Adobe ID (created by the end user) and a school ID (Enterprise ID or Federated ID created in the Adobe Admin Console), you see the account chooser screen. To sign in with your new enterprise account, choose Enterprise ID.
If you are using Federated IDs, you are redirected to the sign-in screen of your IdP (For example, Google). Enter the email address for the user, click Next, and follow the instructions on the screen.
3.a. Create Product Profiles
Product Profiles let you enable all or a subset of Adobe services available in the plan you have purchased from Adobe. They let you customize settings associated with a given product and plan.
For a user to be entitled to use a product or a service, the user must be part of a Product Profile. You can assign licenses to a Product Profile by associating it with a plan that you have purchased. A user could belong to multiple product profiles, each conferring different licenses to the user. The final eligibility of a user is the union of all licenses conferred by each Product Profile to that user. To know more about Product Profiles, see Manage products and profiles.
3.b. Create User Groups and assign Product Profiles
Adobe recommends creating user groups to provide access to products and services. You can either create one group and add all users to it, or create separate groups for departments, programs, or roles (student, teacher, staff).
Creating multiple user groups is useful:
- If you are planning to give different products to certain groups of users. For example, Creative Cloud- All Apps to high school students, and Adobe Spark to all students.
- If you want to give limited administrative rights. For example, the department head can add or remove users from their department so that central IT does not have to.
To create a user group, do the following:
3.c. Add users
For most K-12 schools/districts, Adobe recommends you to use spreadsheet upload (a template is provided in the Admin Console) to add or remove users in bulk.
You can add multiple users to your organization and provision them to product profiles at the same time by uploading a comma-separated list. You can download a sample CSV file from the Import Users dialog and then fill the details and upload the file. You can import up to 5,000 users at a time.
You can also add users via the User Sync tool. This method is more complex. Large districts with sufficient IT resources can decide to use User Sync to make ongoing management of users more automated. To learn more, see User Sync documentation on GitHub.
Open the downloaded CSV template in a spreadsheet editor like Microsoft Excel, and paste your users into the template like the screenshot below.
For a description of the fields in the downloaded file, see CSV File format.
For Enterprise IDs and Federated IDs, columns A to G are mandatory.
If you are using user groups to manage access to products, assign users to the appropriate groups using columns K and L. In this case, you can leave the other cells empty.
This feature does not support user names having special characters, such as the comma (,) and the semicolon (;).
You can upload a CSV file size of up to 10 MB.
For more information on bulk operations, see Manage Users and Bulk Operations.
3.d. End-user experience
After you have successfully assigned product profiles or administrative rights to the users, they receive a welcome email.
To sign in to Adobe Spark, open the website for Adobe Spark, click Log In > Log In With Adobe ID. Then, sign in using your email address and password.
As a first step for any issues, see the Admin guide and search for articles on Enterprise Learn & Support page.
Troubleshoot SSO issues
Troubleshoot bulk upload
Contact Adobe Support
When contacting Adobe Support to report a suspected SSO issue, provide the following to ensure fast and effective service from Adobe Customer Support.
- Number of affected user accounts
- Adobe domain name
- Affected login and email name (must be identical)
- Full contact details of the user
- Date and time range the issue occurred
- Screenshots or video of the user experience workflow shown from a signed out user state then attempting to sign in via www.adobe.com
- A SAML trace output captured during the demonstration workflow. SAML trace requires no special skills or permission to use (non admin is OK) and is available on many browsers. (For example, Firefox and Chrome)
- Case must exactly match that shown in the list above.
- Check the values next to each and validate that each is populated.
- Check Email matches NameID and conversely.
- Check Email and NameID format are both correct and complete.
A mismatch between the network user account and the Adobe user account name causes SSO to fail.
Another good place to check when problems arise is the Adobe Admin Console under Settings - Identity - <click domain> - Event Logs. These logs are provided from the SP (Okta) syslog. There can be a few minutes delay for the log to update.