In the Admin Console, navigate to Settings > Privacy and Security > Authentication Settings.
- Adobe Enterprise & Teams: Administration guide
- Plan your deployment
- Basic concepts
- Deployment Guides
- Deploy Creative Cloud for education
- Set up your organization
- Identity types | Overview
- Set up identity | Overview
- Set up organization with Enterprise ID
- Setup Azure AD federation and sync
- Set up Google Federation and sync
- Set up organization with Microsoft ADFS
- Set up organization for District Portals and LMS
- Set up organization with other Identity providers
- SSO common questions and troubleshooting
- Manage your organization setup
- Manage products and entitlements
- Manage users
- Administrative roles
- User management techniques
- Change user's identity type
- Manage user groups
- Manage directory users
- Manage developers
- Migrate existing users to the Adobe Admin Console
- Migrate user management to the Adobe Admin Console
- Manage products and product profiles
- Manage products
- Manage product profiles for enterprise users
- Manage automatic assignment rules
- Review product requests
- Manage self-service policies
- Manage app integrations
- Manage product permissions in the Admin Console
- Enable/disable services for a product profile
- Single App | Creative Cloud for enterprise
- Optional services
- Manage Shared Device licenses
- Manage users
- Manage storage and assets
- Asset migration
- Reclaim assets from a user
- Student asset migration | EDU only
- Manage services
- Adobe Stock
- Custom fonts
- Adobe Asset Link
- Adobe Acrobat Sign
- Creative Cloud for enterprise - free membership
- Deploy apps and updates
- Create packages
- Customize packages
- Deploy Packages
- Manage updates
- Adobe Update Server Setup Tool (AUSST)
- Adobe Remote Update Manager (RUM)
- Create packages using Creative Cloud Packager (CC 2018 or earlier apps)
- About Creative Cloud Packager
- Creative Cloud Packager release notes
- Application packaging
- Create packages using Creative Cloud Packager
- Create named license packages
- Create packages with device licenses
- Create a license package
- Create packages with serial number licenses
- Packager automation
- Package non-Creative Cloud products
- Edit and save configurations
- Set locale at system level
- Manage your account
- Manage your Teams account
- Assign licenses to a Teams user
- Add products and licenses
- Automated expiration stages for ETLA contracts
- Switching contract types within an existing Adobe Admin Console
- Purchase Request compliance
- Value Incentive Plan (VIP) in China
- VIP Select help
- Reports & logs
- Get help
Adobe Admin Console supports several password protection levels and policies to ensure safety and security. You can specify to use a password protection level to apply to all users across your organization. Adobe Customer Care three levels of security.
Password protection levels
Password policies apply to all identity types supported on the Adobe admin console except the Federated ID type.
All accounts include a lockout mechanism. If the system detects a quick succession of multiple failed login attempts, the user account is temporarily unavailable to prevent brute force attacks.
To specify a password policy, do the following:
Choose a level of authentication for your users.
Clicking an option automatically selects and saves it.
To strengthen the security in their Adobe accounts, your users can set up two-step verification. Once set up, your users require a verification code to sign in to their Adobe accounts before they enter their Adobe account passwords. This setup is done by each user in their Adobe account. Adobe users can normally turn two-step verification on and off on depending on their security preferences.
As an admin, you have the option to enforce two-step verification. This ensures that users then do not have the options to turn it off.
Adobe highly recommends that you, as the admin, enforce two-step verification in your organization, and don’t leave this as optional for your users.
Adobe recommends you to use 2-step verification for extra security. 2-step verification (or 2-factor authentication) is available for Enterprise ID and Adobe ID users only. Note: 2FA may take up to 24 hours to apply to all the users in your organization.
This method does not apply to Federated ID users. However, you can enforce 2-step verification for Federated ID users from your identity provider.
When you turn on two-step verification, the users in your organization will receive an email.
- After you've set up two-step verification, the first time a user signs in, Adobe requires the collection of their phone number. This ensures that the user can recover their account in case they've lost the password.
- Users who have already set up two-step verification, won’t be required to take any action, but will be prevented from un-enrolling from two-step verification, by this policy.
- Users who have not set up two-step verification, will be required to enroll in this service the next time they sign into their Adobe account. For details how your users must enroll for this service, see this article.
As a teams or enterprise admin, you can choose to enable or disable social login for your end users. When you've disabled these options, we'll notify all your users via email. And they will not have the option to sign in with the disabled social provider.
This option is not available if you've set up Federated ID users. Federated ID users always use the configured single sign on provider.
If an end user attempts to sign-in via a social login that you've disabled, we'll inform the user that this provider is not supported. We'll then prompt the user to create a password for their Adobe ID or Enterprise ID. After this, the user will sign in using these credentials.
To control how long your users remain authenticated in Adobe apps, use the following Advanced settings:
- Max session life: Users need to reauthenticate after the duration you specify. The session life is effective on all user sessions of Adobe apps across devices.
- Max idle time: Adobe will automatically sign out users who do not interact with the account for a period more than the idle time that you specify. The idle time affects the following Adobe Web Applications:
- Creative Cloud Web
- Adobe Express
- Adobe Stock
- Adobe Color
- Adobe Font
- Creative Cloud Assets
If a user is a member of multiple organizations with advanced authentication policies, the most restrictive policies will apply to that user. For example, if one policy defines a Maximum session life as 12 days and another defines this setting as 9 days, the user is reauthenticated every 9 days.
We recommend that you do not set short session policies unless you require stricter security measures. Short session policies will require users to sign in more frequently. Leaving these policies at their default state is the right choice for most Adobe customers.