In your Adobe Admin Console, go to Settings > Directories > Edit the directory. Then, select Add new IdP in the directory Details.
Last updated on
27 Des 2022
- Adobe Enterprise & Teams: Panduan administrasi
- Rencanakan penerapan Anda
- Konsep dasar
- Panduan Penerapan
- Terapkan Creative Cloud for Education
- Beranda penerapan
- Wizard Orientasi K-12
- Penyiapan sederhana
- Menyinkronkan Pengguna
- Roster Sync K-12 (AS)
- Konsep pemberian lisensi utama
- Opsi penerapan
- Kiat ringkas
- Setujui aplikasi Adobe di Admin Console Google
- Aktifkan Adobe Express di Google Classroom
- Integrasi dengan Canvas LMS
- Integrasi dengan Blackboard Learn
- Mengonfigurasi SSO untuk Portal Distrik dan LMS
- Tambahkan pengguna melalui Roster Sync
- FAQ Kivuto
- Pedoman kelayakan institusi Primer dan Sekunder
- Atur organisasi Anda
- Tipe identitas | Ringkasan
- Atur identitas | Ringkasan
- Atur organisasi dengan Enterprise ID
- Atur federasi dan sinkronisasi Azure AD
- Atur Google Federation dan sinkronkan
- Atur organisasi dengan Microsoft ADFS
- Mengatur organisasi untuk Portal Distrik dan LMS
- Atur organisasi dengan Penyedia Identitas lainnya
- Pertanyaan umum dan pemecahan masalah SSO
- Kelola pengaturan organisasi Anda
- Mengelola pengguna
- Ikhtisar
- Peran administratif
- Strategi manajemen pengguna
- Tetapkan lisensi ke pengguna Tim
- Manajemen pengguna dalam aplikasi untuk tim
- Tambahkan pengguna dengan domain email yang cocok
- Mengubah jenis identitas pengguna
- Mengelola grup pengguna
- Mengelola pengguna direktori
- Mengelola pengembang
- Memigrasikan pengguna yang ada ke Adobe Admin Console
- Memigrasikan manajemen pengguna ke Adobe Admin Console
- Ikhtisar
- Mengelola produk dan hak
- Mengelola produk dan profil produk
- Mengelola produk
- Beli produk dan lisensi
- Mengelola profil produk untuk pengguna perusahaan
- Mengelola aturan penugasan otomatis
- Beri hak kepada pengguna untuk melatih model kustom Firefly
- Meninjau permintaan produk
- Mengelola kebijakan layanan mandiri
- Mengelola integrasi aplikasi
- Mengelola izin produk di Admin Console
- Mengaktifkan/menonaktifkan layanan untuk profil produk
- Aplikasi Tunggal | Creative Cloud untuk perusahaan
- Layanan opsional
- Mengelola lisensi Perangkat Bersama
- Mengelola produk dan profil produk
- Mulai menggunakan Global Admin Console
- Mengadopsi administrasi global
- Memilih organisasi Anda
- Mengelola hierarki organisasi
- Mengelola profil produk
- Mengelola administrator
- Mengelola grup pengguna
- Memperbarui kebijakan organisasi
- Mengelola templat kebijakan
- Mengalokasikan produk ke organisasi turunan
- Menjalankan pekerjaan yang tertunda
- Menjelajahi wawasan
- Mengekspor atau mengimpor struktur organisasi
- Kelola penyimpanan dan aset
- Penyimpanan
- Migrasi aset
- Klaim kembali aset dari pengguna
- Migrasi aset siswa | hanya untuk EDU
- Kelola layanan
- Adobe Stock
- Font khusus
- Adobe Asset Link
- Adobe Acrobat Sign
- Creative Cloud untuk perusahaan - keanggotaan gratis
- Terapkan aplikasi dan pembaruan
- Ikhtisar
- Buat paket
- Sesuaikan paket
- Terapkan Paket
- Kelola pembaruan
- Adobe Update Server Setup Tool (AUSST)
- Adobe Remote Update Manager (RUM)
- Memecahkan masalah
- Kelola akun Teams Anda
- Perpanjangan
- Kelola kontrak
- Laporan & log
- Dapatkan bantuan
You can migrate your existing directory to a new authentication provider within the Adobe Admin Console. This allows you to choose an authentication provider based on your needs and seamlessly migrate your users along with their apps and assets.
To migrate to a new authentication provider, you must have the following:
- Access to your organization's Adobe Admin Console with System Administrator credentials
- An existing directory configured for federation in Admin Console
- Access to your organization's identity provider portal (for example, Microsoft Azure Portal, Google Admin console, etc.)
You can find detailed information in Implementation Considerations.
If you meet the access requirements and implementation considerations, follow the procedure below to edit your authentication profile and migrate your directory:
-
-
Select the identity provider to set up the new authentication profile. Choose the identity provider (IdP) that your organization uses to authenticate users. Click Next.
-
Based on your choice of Identity provider, follow the steps below:
Log In to Azure with your Microsoft Azure Active Directory Global Admin credentials and Accept the permission prompt. You're taken back to the Directory details in the Admin Console.
Note:- The Microsoft Global Admin login is only required to create an application in the organization's Azure Portal. The Global Admin's login information is not stored, and only used for the one-time permission to create the application.
- When selecting the identity provider for Step 3 above, the Microsoft Azure option should not be used if the Username field in the Adobe Admin Console does not match the UPN field in Azure Portal.
If the existing directory is configured to pass Username as the User Login Setting, the new IdP should be established under the Other SAML Providers' option. The login setting can be confirmed by selecting Edit option in the current directory under User Login Setting.
- Choosing the Microsoft Azure' option in Step 3 only configures the identity provider and does not include directory sync services at this time.
- Copy the ACS URL and Entity Id from the Edit SAML Configuration screen displays.
- In a separate window, log in to the Google Admin Console with Google Admin credentials and navigate to Apps > SAML Apps.
- Use the + sign to add new App and select Adobe app. Then, download the IDP metadata under Option 2 and upload it to the Edit SAML Configuration in the Adobe Admin Console. Then, click Save.
- Confirm the Basic Information for Adobe. Enter the previously copied ACS URL and Entity ID in the Service Provider Details to finish. There is no need to set up User Provisioning as this is not currently supported for existing directories.
- Last, go to Apps > SAML apps > Settings for Adobe > Service Status. Turn Service Status as ON for everyone and Save.
For Other SAML Providers:
- Log in to your identity provider's application in a different window and create a new SAML app. (Do not edit the existing SAML app to prevent down-time for migration).
- Based on your identity provider's settings, copy the Metadata file or ACS URL and Entity ID from the Adobe Admin Console to the identity provider's settings.
- Upload metadata file from the identity provider setup to the Adobe Admin Console. Then, click Save.
-
In the Adobe Admin Console > Directory details, the new authentication profile is created. Use Test to verify whether the configuration functions correctly to ensure that all end users have access to SAML apps.
The Test feature ensures that the username format for the new authentication profile in their IdP matches the user information for the existing profile for user login.
-
Go to Directory users in the Adobe Admin Console > check that the identity provider usernames match Admin Console usernames.
For SAML, make sure that Subject field in the assertion from the new configuration matches the existing users' username format in the Admin Console.
Click Activate to migrate to the new authentication profile. Once done, the new profile displays In use.
After you've updated your directory setup, you can move domains from existing directories to the new directory using domain migration. Note that users of the migrated domains must be in the identity provider that is configured to work with the new target directory.
To know more about limitations and avoid errors that you might encounter while configuring, see Common questions.
Find answers to your questions related to directory migration to a new authentication provider and updating a deprecated SAML setup.
Before you start, ensure you meet the access requirements to be able to follow the procedure for migrating to a different identity provider. Also, consider the following points to ensure a seamless and error-free migration for your organization's directories:
- Admins must create a new SAML app on their IdP setup to configure. If they edit the existing app, it will rewrite any active existing configuration, incur downtime, and nullify the ability to switch between available IdP’s in the Adobe Admin Console.
- Admins must ensure that all required users are assigned to, or can use, the newly-created SAML app.
- Admins must ensure the username format for the new authentication profile in their IdP matches what is used by the existing profile for user login. They can use the Test feature provided on the authentication profile to verify. This Test link can be copied to clipboard and share it with others to validate from their machines.
- Admins should test the newly-added IdP before activation with 2 to 3 active accounts of the directory.
Error logs will not be available for these features. However, the Test workflow allows the Admin to validate relevant errors before activation. Limitations to consider include:
- One directory can have up to two authentication profiles, and both the profiles should be for different authentication types. This means Microsoft Azure AD (which uses Open ID Connect) can stay with Other SAML providers, but Google (which itself uses SAML) cannot stay with Other SAML providers in the same directory.
- This feature does not allow admins to migrate their identity provider to enable directory sync functionality (Azure AD Connector and Google Connector). Although customers migrating to Microsoft Azure or Google as their IdP can use a different form of user management strategy. To learn more, see Adobe Admin Console users.
