Adobe-supported identity types

Adobe uses an underlying identity management system to authenticate and authorize users. If you're using named licensing or are planning to provide access to services, using identities is a requirement. Adobe supports three identity or account types; they use an email address as the user name.

adobe-id

Adobe ID is created, owned, and managed by the end user. Adobe performs the authentication and the end user manages the identity. Users retain complete control over files and data associated with their ID. Users can purchase additional products and services from Adobe. Admins invite users to join the organization, and can remove them. However, users cannot be locked out from their Adobe ID accounts. And, the admin can't delete or take over the accounts. No setup is necessary before you can start using Adobe IDs.

The following are a few requirements and scenarios, where Adobe IDs are recommended:

  • If you want to enable users to create, own, and manage their identities.
  • If you want to allow users to purchase or sign up for other Adobe products and services.
  • If users are expected to use other Adobe services, which do not currently support Enterprise or Federated IDs.
  • If users already have Adobe IDs, and associated data such as files, fonts, or settings. 
  • In educational setups, where students can retain their Adobe ID after they graduate.
  • If you have contractors and freelancers who do not use your corporate email address.

enterprise-id

Enterprise ID is created, owned, and managed by an organization. Adobe hosts the Enterprise ID and performs authentication, but the organization maintains the Enterprise ID. End users cannot sign up and create an Enterprise ID, nor can they sign up for additional products and services from Adobe using an Enterprise ID.

Admins create an Enterprise ID and issue it to a user. Admins can revoke access to products and services by taking over the account, or deleting the Enterprise ID to permanently block access to associated data.

The following are a few requirements and scenarios where Enterprise IDs are recommended:

  • If you need to maintain strict control over apps and services available to a user.
  • If you need emergency access to files and data associated with an ID.
  • If you need the ability to completely block or delete a user account.

To claim a domain to set up Enterprise IDs, see Add new domain.

federated-id

Federated ID is created and owned by an organization, and linked to the enterprise directory via federation. The organization manages credentials and processes Single Sign-On via a SAML2 identity provider.

The following are a few requirements and scenarios where Federated IDs are recommended:

  • If you want to provision users based on your organization's enterprise directory.
  • If you want to manage authentication of users.
  • If you need to maintain strict control over apps and services available to a user.
  • If you want to allow users to use the same email address to sign up for an Adobe ID.

To claim a domain to set up Federation IDs, see Add new domain. To configure Single Sign-On, see Configure Single Sign-On.

You can use Adobe IDs, Enterprise IDs, and Federated IDs in the same enterprise deployment. Use Enterprise or Federated IDs for users where you want to strictly manage the accounts.

Impact on Creative Cloud end users

Before you create Enterprise IDs or Federated IDs, consider the impact on existing users. It is possible that users have an Adobe ID with email addresses from your domain to access products and services from Adobe.

Any data, such as design libraries, files, fonts, app settings, Adobe Color themes, Behance portfolios are not transferred to the Enterprise ID or Federated ID account. They remain available with the Adobe ID account, now accessible under the updated email address.

If you decide to create Enterprise or Federated IDs for existing Creative Cloud members (Adobe IDs), users may need to manually migrate data from their Adobe ID accounts.

  • Sync Settings: Users can sign in to an app with their Adobe ID, sync settings, sign out, and then sign in with the Enterprise or Federated ID. The latest settings on the desktop can then be synced to Creative Cloud.
  • Creative Cloud Assets: Users need to download files from the existing Adobe ID account, and then upload them to the Enterprise or Federated ID account. If end-users use the Creative Cloud desktop app to sync files, all files are already present on their computers. For more information, see Transfer assets.
    Note: Comments and versions associated with the files are not retained.
  • Typekit: When an enterprise has claimed its own domain to create Enterprise or Federated IDs, existing Typekit accounts which are linked to addresses in that domain might be affected. Typekit accounts can be restored by contacting support@typekit.com. Contact enterprise@typekit.com or your Adobe sales representative for more information.
  • Behance: Users can access their Behance profile using the new email address. However, they’ll need to update the email address in their Behance email preferences. There is no direct way to migrate the data from Behance.  As a work-around, users could do the following for Behance:
    1. Create an account using their Enterprise or Federated ID
    2. Sign in to their existing account
    3. Co-own the projects in the existing account with their new account.
    4. Optionally, log in to their new account and remove the co-owner of their old account. This would migrate the content but not the comments and followers associated with the old account.
  • PhoneGap Build: Users can migrate associated data when they switch to Enterprise IDs.
  • Adobe Color: To migrate data from an Adobe ID to an Enterprise or Federated ID, users can send a request to kuler-team@adobe.com.
  • Lightroom: Data is synced again from the desktop to Creative Cloud using the Enterprise or Federated ID.
  • Story Plus: Users can access data using the updated email address. There is no migration path to associate existing data with the Enterprise or Federated ID.

If existing Creative Cloud users, were using services that are not included with Creative Cloud for enterprise, their memberships revert to free versions. If users discontinue the Creative Cloud membership associated with their Adobe ID, access is limited. For example, Digital Publishing Suite users will be able to access their Folios, but won't be able to publish them. Similarly, Web hosting will expire after 30 days.

Switch user identity

As a System Administrator, you can change the identity type for the users in your organization from Adobe ID type users to Enterprise ID or Federated ID type users. Alternatively, you can switch Enterprise ID or Federated ID type users to Adobe ID. For details on user identity types, see Adobe-supported identity types.

If you switch the identity type for users from Adobe ID to Enterprise or Federated ID, these users will continue to have access to their personally owned Adobe ID. However, they will access the organization’s Adobe apps, services, and solutions through the new identity type assigned to them.

Note:

Using this process, you can switch the following identity types through the Admin Console:

  • Adobe ID to Enterprise ID
  • Enterprise ID to Adobe ID
  • Adobe ID to Federated ID
  • Federated ID to Adobe ID

However, to switch the following types, you will need to contact Adobe Support:

  • Enterprise ID to Federated ID
  • Federated ID to Enterprise ID

The following procedure enables you to switch user identity for users in bulk. However, you can also edit user details such as email addresses or users' names for individual users in the Admin Console or by using the User Sync tool or the User Management API.

  1. Log in to the Admin Console and navigate to Users.

  2. Click , and select Edit Identity Type by CSV from the drop-down list.

    The Edit Identity Type by CSV dialog box displays.

    Edit Identity Type by CSV
  3. To include the users you would like to edit the Identity type for, you can download the Current User List or the CSV Standard Template, clicking Download CSV Template.

    The .csv file downloaded, contains the following data:

    • Identity Type - Adobe ID, Enterprise ID, or Federated ID
    • Username
    • Domain
    • New Identity Type - Adobe ID, Enterprise ID, or Federated ID
    • New Email
    • New Username
    • New Country Code
  4. Open the .csv file in Excel and edit the identity types, as required.

    Note:

    Ensure that you specify the correct country code for the users. This code must match the country in which their assets are located. This code can't be changed later.

    Also, if you are switching an Adobe ID user type to an Enterprise ID or Federated ID type, ensure that the Adobe ID email matches the email ID for user in the Enterprise.

    Adobe ID email Enterprise ID or Federated ID email User identity switch
    janedoe@xyz.com janedoe@xyz.com Success
    johndoe@adobe.com johndoe.@xyz.com Fail
  5. Open the Edit Identity Type by CSV dialog box.

    Upload the updated .csv file, either by dragging it to the dialog box, or clicking Select a File.

If you switch the identity of Adobe ID users in an organization on the Admin Console to Enterprise ID or Federated ID users, the Adobe ID users are removed from the organization.

Also, the users whose identity has changed, receive a notification that they will need to use their new credentials when working with the Adobe products they have been provisioned.

This process also migrates the permissions and provisioned products for all migrated users.

Note:

 If your users were previously using Adobe IDs and had assets linked to their Adobe ID account, these users will need to migrate these assets as described in Migrate assets using Adobe Creative Cloud.

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License  Twitter™ and Facebook posts are not covered under the terms of Creative Commons.

Legal Notices   |   Online Privacy Policy