User Guide Cancel

Authenticate your users with Microsoft Azure

  1. Adobe Enterprise & Teams: Administration guide
  2. Plan your deployment
    1. Basic concepts
      1. Licensing
      2. Identity
      3. User management
      4. App deployment
      5. Admin Console overview
      6. Admin roles
    2. Deployment Guides
      1. Named User deployment guide
      2. SDL deployment guide
      3. Deploy Adobe Acrobat 
    3. Deploy Creative Cloud for education
      1. Deployment home
      2. K-12 Onboarding Wizard
      3. Simple setup
      4. Syncing Users
      5. Roster Sync K-12 (US)
      6. Key licensing concepts
      7. Deployment options
      8. Quick tips
      9. Approve Adobe apps in Google Admin Console
      10. Enable Adobe Express in Google Classroom
      11. Integration with Canvas LMS
      12. Integration with Blackboard Learn
      13. Configuring SSO for District Portals and LMSs
      14. Add users through Roster Sync
      15. Kivuto FAQ
      16. Primary and Secondary institution eligibility guidelines
  3. Set up your organization
    1. Identity types | Overview
    2. Set up identity | Overview
    3. Set up organization with Enterprise ID
    4. Setup Azure AD federation and sync
      1. Set up SSO with Microsoft via Azure OIDC
      2. Add Azure Sync to your directory
      3. Role sync for Education
      4. Azure Connector FAQ
    5. Set up Google Federation and sync
      1. Set up SSO with Google Federation
      2. Add Google Sync to your directory
      3. Google federation FAQ
    6. Set up organization with Microsoft ADFS
    7. Set up organization for District Portals and LMS
    8. Set up organization with other Identity providers
      1. Create a directory
      2. Verify ownership of a domain
      3. Add domains to directories
    9. SSO common questions and troubleshooting
      1. SSO Common questions
      2. SSO Troubleshooting
      3. Education common questions
  4. Manage your organization setup
    1. Manage existing domains and directories
    2. Enable automatic account creation
    3. Set up organization via directory trust
    4. Migrate to a new authentication provider 
    5. Asset settings
    6. Authentication settings
    7. Privacy and security contacts
    8. Console settings
    9. Manage encryption  
  5. Manage users
    1. Overview
    2. Administrative roles
    3. User management strategies
      1. Manage users individually   
      2. Manage multiple users (Bulk CSV)
      3. User Sync tool (UST)
      4. Microsoft Azure Sync
      5. Google Federation Sync
    4. Assign licenses to a Teams user
    5. In-app user management for teams
      1. Manage your team in Adobe Express
      2. Manage your team in Adobe Acrobat
    6. Add users with matching email domains
    7. Change user's identity type
    8. Manage user groups
    9. Manage directory users
    10. Manage developers
    11. Migrate existing users to the Adobe Admin Console
    12. Migrate user management to the Adobe Admin Console
  6. Manage products and entitlements
    1. Manage products and product profiles
      1. Manage products
      2. Buy products and licenses
      3. Manage product profiles for enterprise users
      4. Manage automatic assignment rules
      5. Entitle users to train Firefly custom models
      6. Review product requests
      7. Manage self-service policies
      8. Manage app integrations
      9. Manage product permissions in the Admin Console  
      10. Enable/disable services for a product profile
      11. Single App | Creative Cloud for enterprise
      12. Optional services
    2. Manage Shared Device licenses
      1. What's new
      2. Deployment guide
      3. Create packages
      4. Recover licenses
      5. Manage profiles
      6. Licensing toolkit
      7. Shared Device Licensing FAQ
  7. Get started with Global Admin Console
    1. Adopt global administration
    2. Select your organization
    3. Manage organization hierarchy
    4. Manage product profiles
    5. Manage administrators
    6. Manage user groups
    7. Update organization policies
    8. Manage policy templates
    9. Allocate products to child organizations
    10. Execute pending jobs
    11. Explore insights
    12. Export or import organization structure
  8. Manage storage and assets
    1. Storage
      1. Manage enterprise storage
      2. Adobe Creative Cloud: Update to storage
      3. Manage Adobe storage
    2. Asset migration
      1. Automated Asset Migration
      2. Automated Asset Migration FAQ  
      3. Manage transferred assets
    3. Reclaim assets from a user
    4. Student asset migration | EDU only
      1. Automatic student asset migration
      2. Migrate your assets
  9. Manage services
    1. Adobe Stock
      1. Adobe Stock credit packs for teams
      2. Adobe Stock for enterprise
      3. Use Adobe Stock for enterprise
      4. Adobe Stock License Approval
    2. Custom fonts
    3. Adobe Asset Link
      1. Overview
      2. Create user group
      3. Configure Adobe Experience Manager Assets
      4. Configure and install Adobe Asset Link
      5. Manage assets
      6. Adobe Asset Link for XD
    4. Adobe Acrobat Sign
      1. Set up Adobe Acrobat Sign for enterprise or teams
      2. Adobe Acrobat Sign - Team feature Administrator
      3. Manage Adobe Acrobat Sign on the Admin Console
    5. Creative Cloud for enterprise - free membership
      1. Overview
  10. Deploy apps and updates
    1. Overview
      1. Deploy and deliver apps and updates
      2. Plan to deploy
      3. Prepare to deploy
    2. Create packages
      1. Package apps via the Admin Console
      2. Create Named User Licensing Packages
      3. Manage pre-generated packages
        1. Manage Adobe templates
        2. Manage Single-app packages
      4. Manage packages
      5. Manage device licenses
      6. Serial number licensing
    3. Customize packages
      1. Customize the Creative Cloud desktop app
      2. Include extensions in your package
    4. Deploy Packages 
      1. Deploy packages
      2. Deploy Adobe packages using Microsoft Intune
      3. Deploy Adobe packages with SCCM
      4. Deploy Adobe packages with ARD
      5. Install products in the Exceptions folder
      6. Uninstall Creative Cloud products
      7. Use Adobe provisioning toolkit enterprise edition
    5. Manage updates
      1. Change management for Adobe enterprise and teams customers
      2. Deploy updates
    6. Adobe Update Server Setup Tool (AUSST)
      1. AUSST Overview
      2. Set up the internal update server
      3. Maintain the internal update server
      4. Common use cases of AUSST   
      5. Troubleshoot the internal update server
    7. Adobe Remote Update Manager (RUM)
      1. Release notes
      2. Use Adobe Remote Update Manager
    8. Troubleshoot
      1. Troubleshoot Creative Cloud apps installation and uninstallation errors
      2. Query client machines to check if a package is deployed
  11. Manage your Teams account
    1. Overview
    2. Update payment details
    3. Manage invoices
    4. Change contract owner
    5. Change your plan
    6. Change reseller
    7. Cancel your plan
    8. Purchase Request compliance
  12. Renewals
    1. Teams membership: Renewals
    2. Enterprise in VIP: Renewals and compliance
  13. Manage contracts
    1. Automated expiration stages for ETLA contracts
    2. Switching contract types within an existing Adobe Admin Console
    3. Value Incentive Plan (VIP) in China
    4. VIP Select help
  14. Reports & logs
    1. Audit Log
    2. Assignment reports
    3. Content Logs
  15. Get help
    1. Contact Adobe Customer Care
    2. Support options for teams accounts
    3. Support options for enterprise accounts
    4. Support options for Experience Cloud

Authenticate your users quickly using Open ID Connect (OIDC). You can also add Microsoft Azure AD Sync (Azure Sync) to the directories set up with Microsoft Azure to automate user management.

Prerequisites

You need the following to integrate Adobe Admin Console with Microsoft Azure Active Directory (Azure AD):
  • Azure AD as the identity provider (IdP).
  • One or more of the following products: Creative Cloud for enterprise, Document Cloud for enterprise, or Experience Cloud. 
  • Domains associated with Azure AD are unclaimed in the Adobe Admin Console, or you can easily withdraw pending domain claims.
Note:
  • If your identity provider is Azure AD and you do not have a federated directory in the Adobe Admin Console: you can set up federation using the following ways:
    • OpenID Connect (OIDC): Create a federated directory in seconds via OIDC. The process to set up lies mostly within the Adobe Admin Console.
    • SSO with Azure AD via SAML: Create a federated directory using Azure AD with SAML setup. The process to set up lies mostly within the Microsoft Azure Portal.

Create a directory

If you meet the criteria mentioned in the prerequisites section, it's time to set up the integration and get your users up and running with their entitlements.

Once the Azure portal is set up and ready, do the following:

  1. Sign in to Adobe Admin Console and click Settings. On the Identity page, click Create Directory

  2. On the Create a Directory screen, do the following and click Next.

    • Enter a name for the directory
    • Select the Federated ID card
  3. Select Microsoft Azure Active Directory and then select Login to Azure AD.

  4. You are redirected to Microsoft Account sign-in page. Enter admin credentials with the appropriate permissions and sign in. Review the permissions, then click Accept.

    Azure permissions

  5. Return to Adobe Admin Console, review your Azure AD information and, click Next.

  6. Set up auto-account creation.

    Automatic account creation is enabled by default. It allows users without a federated account to automatically create one with their organization based on a verified email domain. When enabled for a federated directory, new users with a valid email domain in that directory will be able to create a federated account.

    If you disable automatic account creation, new users in your organization who have valid accounts with domains of this identity provider will no longer be able to create a federated account automatically.

  7. Select a default country from the dropdown menu in the Attribute mappings section. Learn more about attribute mappings.

  8. You can also choose to update user information in Admin Console when users log in. Then, select Done.

Add domains via Azure AD

Once you have linked your Adobe Admin Console directory with Azure AD, it's time to add domains. To pull verified domains directly from the Azure Portal, do the following:

  1. In the Adobe Admin Console, navigate to Settings > Identity. Select a directory, go to the Domains tab and select Add domain.

  2. Select an IdP (Microsoft Azure in this case). Then, select Login to Azure AD.

  3. Sign in to the Azure account containing the verified domains to be added to the Admin Console.

    Select one or more from the list of available domains and click Confirm.

    Microsoft Azure

    On confirming, you're sent to the directory details view where the domains are listed under the Domains tab.

Next steps

After you’ve created a directory and added domains, you can start managing single sign-on operations by adding the user and user group assignments to corresponding product profiles.

If you administer user accounts in the Adobe Admin Console using Azure AD, you can add Azure Sync to the directory from the Sync tab in the directory details. Once configured, Azure AD becomes the direct source of truth for Federated ID users' account management, keeping user data in sync with the Adobe Admin Console.

Note:

Ensure that there are no domain trusts established to the domains being removed.

If you want to retain these trust relationships, break it temporarily while completing the remaining steps. You can associate domain trusts once the domains are re-established in the Adobe Admin Console. Learn more about directory trust.

Get help faster and easier

New user?