The Adobe Admin Console allows a system administrator to configure domains which are used for login via Federated ID for Single Sign-On (SSO). Once ownership of a domain has been demonstrated by use of a DNS token, the domain can be configured to allow users to log-in to Creative Cloud using e-mail addresses within that domain via an Identity Provider (IdP) - either as a software service which runs within the company network and is accessible from the internet or a cloud service hosted by a third party which allows for the verification of user login details via secure communication using the SAML protocol.
One such IdP is Okta, a cloud service which facilitates secure identity management.
Before configuring a domain for single sign-on using Okta as the IdP, the following requirements should be met:
1. Begin by filling-out the identity configuration on the Adobe Admin Console with placeholder information as follows:
3. Within the Okta dashboard, under Applications -> Add Application, click "Create New App".
4. Fill-out the general settings as follows:
6. Click "Next"
7. Click "Download Okta Certificate"
8. Change the file extension of the certificate downloaded form the Okta Dashboard to ".cer" to allow it to be uploaded to the Adobe Admin Console.
9. Open the Adobe Admin Console https://adminconsole.adobe.com/enterprise and browse to the "Identity" tab and to the details for the relevant domain.
10. Upload the Okta certificate in the "IDP Certificate" field.
11. Save the settings
12. Click "Download metadata" and save the file
13. Return to the Okta Dashboard and complete the App Setup Wizard. Open the metadata saved from the Adobe Admin Console in a web browser (e.g. Internet Explorer) and copy the values form the following fields, as per the example screenshot below:
14. Click "Show Advanced Settings"
15. Modify the Attribute Statements as follows:
16. Click "Finish" and access the newly created "Adobe Creative Cloud" app.
17. Go to "Sign-On" -> "View Setup Instructions"
18. Obtain the following information in order to replace the dummy values previously entered into the Adobe Admin Console:
19. On the Adobe Admin Console, click "Edit Configuration"
20. Fill in the information obtained from the Okta Dashboard as follows:
21. Save the configuration
22. Test with a user which you have defined both in your own identity management system and in the Adobe Admin Console by logging in to https://www.adobe.com/ and also Creative Cloud Desktop.
If you need additional assistance after following the steps in this guide, open a ticket on the Support tab in the Adobe Admin Console.