Manage SAML-based SSO for Google
artboard_1

This article describes the older SAML-based set-up for Google Federation tool.

For new configurations, it is recommended to use the Google Connector, which can be set up within minutes and shortens the process of Domain Claim, SSO-setup, and user-sync.


Overview

The Adobe Admin Console allows a system administrator to configure domains which are used for login via Federated ID for Single Sign-On (SSO). Once the domain is verified, the directory containing the domain is configured to allow users to log in to Creative Cloud. Users can log in using email addresses within that domain via an Identity Provider (IdP). The process is provisioned either as a software service which runs within the company network and is accessible from the Internet or a cloud service hosted by a third party that allows for the verification of user login details via secure communication using the SAML protocol.

One such IdP is Google, a cloud-based service which facilitates secure identity management.

Configure single sign-on using Google

To configure single sign-on for your domain, do the following:

  1. Sign in to the Admin Console and start with creating a Federated ID directory, selecting Other SAML Providers as the identity provider. Copy the values for ACS URL and Entity ID from the Add SAML Profile screen.
  2. Configure the Google Admin Console specifying the ACS URL and Entity ID and download the IdP metadata file.
  3. Return to the Adobe Admin Console and upload the IdP metadata file in the Add SAML Profile screen and click Done.

Configure the Google Admin Console

Ensure that you have administrative access to both the Google Admin Console.

  1. In the Google Admin Console, navigate to Apps > SAML Apps, and click .

  2. The Enable SSO for SAML Application screen displays.
    Click Setup My Own Custom App.

    Enable SSO for SAML Application
  3. On the Google IdP Information screen, click Download under Option 2 to download the IDP metadata file. Then, click Next.

    Google IdP Information
  4. On the Basic Information for Your Custom App screen, click Next again.

  5. Enter the ACS URL and Entity ID copied from the Adobe Admin Console on the Service Provider Details screen.

  6. Click Next, and on the Attribute Mapping screen that displays, click Add New Mapping.

    Attribute Mapping
  7. Click Finish.

    Add new mapping
  8. On the Setting up SSO for Adobe dialog box, click OK.

    screenshot_9
  9. Change the Settings for Adobe Creative Cloud to On for Everyone.

    Settings for Adobe Creative Cloud

Upload IdP metadata file to Adobe Admin Console

To update the latest certificate, return to the Adobe Admin Console. Upload the certificate downloaded from Google to the Add SAML profile screen and click Done.

Test your setup

Check the user access for a user who you have defined in your own identity management system and in the Adobe Admin Console, by logging in to the Adobe website or the Creative Cloud desktop app.

If you encounter problems, see our troubleshooting document.

If you need assistance with your single sign-on configuration, navigate to Adobe Admin Console > Support to contact us.