Migrate user management to the Adobe Admin Console
- Adobe Enterprise & Teams: Administration guide
- Plan your deployment
- Basic concepts
- Deployment Guides
- Deploy Creative Cloud for education
- Set up your organization
- Identity types | Overview
- Set up identity | Overview
- Set up organization with Enterprise ID
- Setup Azure AD federation and sync
- Set up Google Federation and sync
- Set up organization with Microsoft ADFS
- Set up organization for District Portals and LMS
- Set up organization with other Identity providers
- SSO common questions and troubleshooting
- Manage your organization setup
- Manage products and entitlements
- Manage users
- Administrative roles
- User management techniques
- Change user's identity type
- Manage user groups
- Manage directory users
- Manage developers
- Migrate existing users to the Adobe Admin Console
- Migrate user management to the Adobe Admin Console
- Manage products and product profiles
- Manage products
- Manage product profiles for enterprise users
- Manage automatic assignment rules
- Review product requests
- Manage self-service policies
- Manage app integrations
- Manage product permissions in the Admin Console
- Enable/disable services for a product profile
- Single App | Creative Cloud for enterprise
- Optional services
- Manage Shared Device licenses
- Manage users
- Manage storage and assets
- Asset migration
- Reclaim assets from a user
- Student asset migration | EDU only
- Manage services
- Adobe Stock
- Custom fonts
- Adobe Asset Link
- Adobe Acrobat Sign
- Creative Cloud for enterprise - free membership
- Deploy apps and updates
- Create packages
- Customize packages
- Deploy Packages
- Manage updates
- Adobe Update Server Setup Tool (AUSST)
- Adobe Remote Update Manager (RUM)
- Create packages using Creative Cloud Packager (CC 2018 or earlier apps)
- About Creative Cloud Packager
- Creative Cloud Packager release notes
- Application packaging
- Create packages using Creative Cloud Packager
- Create named license packages
- Create packages with device licenses
- Create a license package
- Create packages with serial number licenses
- Packager automation
- Package non-Creative Cloud products
- Edit and save configurations
- Set locale at system level
- Manage your account
- Manage your Teams account
- Assign licenses to a Teams user
- Add products and licenses
- Automated expiration stages for ETLA contracts
- Switching contract types within an existing Adobe Admin Console
- Purchase Request compliance
- Value Incentive Plan (VIP) in China
- VIP Select help
- Reports & logs
- Get help
As an administrator of an Adobe product, you may have traditionally managed your users and controlled their access to various product capabilities through the product's administrative interface. Now you can achieve the same through Adobe's Admin Console. This document explains the benefits of doing so, and also guides you through the process.
The document provides an overview of the steps that are required to transition user management from your current in-product interface to the Adobe Admin Console. It links to other documents that cover the specific how-tos in full detail.
To enable enterprise storage and other enterprise-level features, we're updating all existing Adobe IDs to Business IDs. All new business customers will use Business IDs for their team members.
You'll receive advance communication when your organization is scheduled for the update. For more information, see Introduction to Business IDs and new storage features. Until your organization is updated, you will continue to use Adobe ID type to access the organization. Support for Adobe IDs will then be reserved for individual customers only.
Who should read this document
This document is targeted at the following administrative roles.
The specific names for these roles can differ in the product you manage.
Administrators of the current product who are responsible for user management. This role involves tasks such as:
- Adding and inviting users to the product
- Editing user properties
- Removing users
Administrators of the current product who are responsible for assigning product permissions to users for access to various product capabilities. This role involves tasks such as:
- Enabling and revoking permissions to a specific product functionality
- Assigning a product-specific role to a user
This document is not for the end users. Usually, the migration process is seamless to the end user and does not require their involvement. As a system administrator, you can inform your end users about what to expect from this migration process.
Benefits of migrating to the Admin Console
Why move to the Admin Console
The Adobe Admin Console provides a centralized location to manage the administrators, users, user groups, product permissions, and product roles across all the Adobe products that your organization has purchased.
You can delegate system administrative tasks by creating other system administrators. You can also designate product-specific administrators to manage Adobe products that your organization has purchased. For details, see Administrative roles.
As Adobe introduces new products and services, you can quickly provide your users access to these products from within the Admin Console. You can also manage product-specific permissions and roles by using product profiles.
You can also create user groups to collectively manage product permissions and product roles. Simply create groups of users based on your needs and then assign these user groups to the product profiles that you define.
For more details, see the Admin Console.
Who does migration benefit
If you are a system administrator, the Admin Console provides you with a single interface to manage all the users in your organization, irrespective of which Adobe products they use. You can add new users to the Admin Console using their Business ID or their enterprise credentials.
If you are a product administrator, the Admin Console provides you with a single interface to manage the product-specific permissions and roles for the users in your organization. When Adobe adds new capabilities to the products that your organization uses, you can manage any new permissions for your existing users from within the same interface. When your organization purchases new products from Adobe, you can use the same Admin Console to provide your users access to and manage their permissions and roles for these new products.
Your end users have one set of user credentials that they use across all existing and new Adobe products available to your organization.
You will receive an in-product notification to get you started with the migration.
Email invitation from Adobe to primary system administrator
If your organization is not already using the Admin Console, you will be designated the primary system administrator and will receive an email invitation from Adobe to the Admin Console. To log in, use your Adobe ID credentials.
Following is an overview of the steps to migrate your user management to the Admin Console.
Step 1: Plan the identity type for your users
The first step is to decide the identity type for your users. Adobe’s identity management system helps admins create and manage user access to applications and services. Adobe offers three varying types of identities or accounts to authenticate and authorize users. They use an email address as the user name. You can choose between any of the following identity types supported by the Admin Console.
- Business ID: Created, owned, and managed by an organization. Adobe performs the authentication, and the organization user manages the identity.
- Federated ID: Created, owned, and managed by an organization and linked to the enterprise directory via federation. The organization manages credentials and processes Single Sign-On via a SAML2 Identity Provider (IdP).
- Enterprise ID: Created, owned, and managed by an organization. Adobe hosts the Enterprise ID and performs authentication, but the organization maintains the Enterprise ID.
Based on your organizational needs, you can select the most appropriate identity model to implement and use.
You can either choose to use Federated IDs or Enterprise IDs (and not both). However, you can choose only one of these identity types with the Business IDs. Like, if some of your users are logging into your product with your enterprise credentials (such as email@example.com) and some users are using emails that are from outside your enterprise (such as firstname.lastname@example.org).
If you need, read more about Adobe's supported identity types.
Step 2: Add Business ID users to Admin Console
If you have chosen to use only Enterprise or Federated ID types, you can skip this step in the workflow.
Step 3: Set up a Directory
As a system admin on the Admin Console, one of your first tasks is to define and set up an identity system against which your end users will be authenticated. As your organization purchases licenses for Adobe products and services, you will need to provision those licenses to your end users. And for this, you will need a way to authenticate these users.
Adobe provides you with the following identity types that you can use to authenticate your end users:
- Business ID
- Enterprise ID
- Federated ID
If you want to have separate accounts owned and controlled by your organization for users in your domain, you must use either Enterprise ID or Federated ID (for Single- Sign-On) identity types.
For details, see Set up identity.
Step 4: Claim your domain (If you have chosen Enterprise or Federated IDs types in Step 1)
Your end users are authenticated against domains that you set up in the Admin Console. If your email address is email@example.com, your domain is example.com. A claimed domain can be used either with Enterprise IDs or Federated IDs, but not both. You can however claim multiple domains.
Your organization must demonstrate its control over a domain to claim it. And, a domain can be claimed only once.
If the domain has already been claimed, like, by another department of the same company, one can request access to it by the domain claim process. The first department to claim the domain (owner) is responsible for approving any requests for access by other departments (trustees). For details, see Directory trusting.
If you’ve set up Federated IDs, Single Sign-On can be configured. When organizations configure and enable Single Sign-On (SSO), users in that organization are able to use their corporate credentials to access Adobe software.
Step 5: Migrate user management
Before you start the migration, one (or both) of the following must be completed:
- If you have chosen to use Enterprise or Federated IDs, you must have claimed the domain for your enterprise.
- If you have chosen to use Business IDs (either entirely or with Enterprise or Federated IDs), you must add these users to the Admin Console.
After your users have created their Business IDs or you have claimed the domain for your enterprise, initiate the migration process from within your Adobe product.
Step 6: Users receive invitation email
All users that are set up to be managed via the Admin Console receive an email that explains what they have been given access to.
System and product administrators will be able to access to the Admin Console.
End users will be able to log into the product using their credentials.
After the migration is complete, the following changes take effect:
You no longer manage users in the product.
Use the Admin Console to manage users. For an introduction on how to use the Admin Console, see this article.
If you are the primary (or first) System administrator for your organization on the Admin Console, you can assign administrative roles to other users. These roles can include:
- Other System administrators
- Product administrators
You no longer manage users, their permissions, or their roles in the product.
You are assigned administrative privileges to one or more products in your organization. You can create product profiles and assign administrators to the profiles that you create. You can also assign users and user groups to these product profiles. Optionally, you can then assign roles to these users and user groups.
Your end users will log into the existing product using their credentials. All user information is specific to the Business ID or as specified in your enterprise (if you choose Federated or Enterprise IDs).