When you are setting up your Adobe Admin Console, you need to decide which type of users you plan to create.
Adobe supports three identity or account types; they use an email address as the user name.
is created, owned, and managed by the end user. Adobe performs the authentication and the end user manages the identity. Users retain complete control over files and data associated with their ID. Users can purchase more products and services from Adobe. Admins invite users to join the organization, and can remove them. However, users cannot be locked out from their Adobe ID accounts. And the admin can't delete or take over the accounts.
is created, owned, and managed by an organization. Adobe hosts the Enterprise ID and performs authentication, but the organization maintains the Enterprise ID. End users cannot sign up and create an Enterprise ID, nor can they sign up for more products and services from Adobe using an Enterprise ID.
is created and owned by an organization, and linked to the enterprise directory via federation. The organization manages credentials and processes Single Sign-On via a SAML2 identity provider.
For details on identity types, see Manage identity types.
To use Enterprise ID or Federated ID, set up your own authorization source by claiming a domain. For example, if your email address is firstname.lastname@example.org, example.com is your domain. A claimed domain permits the creation of Enterprise IDs or Federated IDs with email addresses on the claimed domain.
For more details, see Claim a domain.
A domain can only be claimed by a single organization. So consider the following scenario:
A company, Geometrixx, has multiple departments, each of which has their own unique Admin Console. Also, each department wants to use either Enterprise or Federated user IDs, all using the geometrixx.com domain. In this case, the system administrator for each of these departments would want to claim this domain for identity use. The Admin Console prevents multiple departments from claiming the same domain. However, once claimed by a single department, other departments can request access to it through the domain claim process.
The first department to claim the domain (owner) is responsible for approving any requests for access by other departments (trustees).
If you plan to use Enterprise or Federated ID on your Admin Console, you must claim the domain associated with your organization. If this domain is previously claimed by another organization, you can request access to the domain as a trustee.
If you are setting up Federation IDs, click Next. If you are setting up Enterprise IDs, click Add New Domain.
If another organization has already claimed the domain, you are prompted with the following message:
If the domain has not been claimed, follow the procedure detailed in Claim a domain.
When the trust request is accepted by the owner, your organization will have access to the domain as it has been configured.
The type of domain (Enterprise or Federated) depends on how it is set up by the owning organization. This implies that if the domain is already claimed, you (trustee) cannot choose or change the type of domain setup.
As a trustee, if you no longer need access to the trusted domain, you can withdraw your trustee status at any time.
If you withdraw your access to an owning domain, all the users of your organization are removed from the domain. Also, these users lose access to any software granted to them by your organization.
This operation cannot be undone.
As a system administrator of an owning organization, you can choose to accept or reject the requests for access to the domains that you own.
The admin of the owning organization receives an email notification for the domain access request, with a link to the Domain Sharing Requests page. Click the link in the email and follow the below steps to accept the request.
On clicking the link in the email notification, the Domain Sharing Requests page opens.
On the Domain sharing Requests page, click Accept, for a pending request.
The Accept Domain Access Request dialog box appears.
A trustee organization can add users to a domain that you own, but that organization cannot remove users from the domain. As the system administrators of the owning domain, you can remove users created by trustee organizations. However, if the organization withdraws its trustee status, all the users of that organization are removed from the domain.
The reason that you provide is shared with the requesting organization. However, your email, name, and organizational information are withheld.
If you revoke the access of a trustee organization, all the users of the trustee organization are removed from the domain. Also, these users lose access to any software granted to them by the trustee organization.
This operation cannot be undone.
When an owning organization gives access to a trustee organization, the trustee can then add users to the owning organization.
The users added by a trustee organization are managed primarily by the trustee organization itself. However, as the owning organization, you can manage the users of all trustee organizations.
- Delete a user who has left the company (user should no longer be able to log in and receive software).
- Troubleshoot user login issues for Federated ID users.
- Change information about the user, such as their first or last name.
To manage users of a trustee organization, follow the below process: