User Guide Cancel

Set up identity and Single Sign-On

Search
  1. Adobe Enterprise & Teams: Administration guide
  2. Plan your deployment
    1. Basic concepts
      1. Licensing
      2. Identity
      3. User management
      4. App deployment
      5. Admin Console overview
      6. Admin roles
    2. Deployment Guides
      1. Named User deployment guide
      2. SDL deployment guide
      3. Deploy Adobe Acrobat 
    3. Deploy Creative Cloud for education
      1. Deployment guide
      2. Enable Adobe Express in Google Classroom
      3. Integration with Canvas LMS
      4. Integration with Blackboard Learn
      5. Configuring SSO for District Portals and LMSs
      6. Deploy Adobe Express through Google App Licensing
      7. Add users through Roster Sync
      8. Kivuto FAQ
      9. Primary and Secondary institution eligibility guidelines
  3. Set up your organization
    1. Identity types | Overview
    2. Set up identity | Overview
    3. Set up organization with Enterprise ID
    4. Setup Azure AD federation and sync
      1. Set up SSO with Microsoft via Azure OIDC
      2. Add Azure Sync to your directory
      3. Azure Connector FAQ
    5. Set up Google Federation and sync
      1. Set up SSO with Google Federation
      2. Add Google Sync to your directory
      3. Google federation FAQ
    6. Set up organization with Microsoft ADFS
    7. Set up organization for District Portals and LMS
    8. Set up organization with other Identity providers
      1. Create a directory
      2. Verify ownership of a domain
      3. Add domains to directories
    9. SSO common questions and troubleshooting
      1. SSO Common questions
      2. SSO Troubleshooting
      3. Education common questions
  4. Manage your organization setup
    1. Manage existing domains and directories
    2. Enable automatic account creation
    3. Set up organization via directory trust
    4. Migrate to a new authentication provider 
    5. Asset settings
    6. Authentication settings
    7. Privacy and security contacts
    8. Console settings
    9. Manage encryption  
  5. Manage products and entitlements
    1. Manage users
      1. Overview
      2. Administrative roles
      3. User management techniques
        1. Manage users individually   
        2. Manage multiple users (Bulk CSV)
        3. User Sync tool (UST)
        4. Microsoft Azure Sync
        5. Google Federation Sync
      4. Change user's identity type
      5. Manage user groups
      6. Manage directory users
      7. Manage developers
      8. Migrate existing users to the Adobe Admin Console
      9. Migrate user management to the Adobe Admin Console
    2. Manage products and product profiles
      1. Manage products
      2. Manage product profiles for enterprise users
      3. Manage automatic assignment rules
      4. Review product requests
      5. Manage self-service policies
      6. Manage app integrations
      7. Manage product permissions in the Admin Console  
      8. Enable/disable services for a product profile
      9. Single App | Creative Cloud for enterprise
      10. Optional services
    3. Manage Shared Device licenses
      1. What's new
      2. Deployment guide
      3. Create packages
      4. Recover licenses
      5. Manage profiles
      6. Licensing toolkit
      7. Shared Device Licensing FAQ
  6. Manage storage and assets
    1. Storage
      1. Manage enterprise storage
      2. Adobe Creative Cloud: Update to storage
      3. Manage Adobe storage
    2. Asset migration
      1. Automated Asset Migration
      2. Automated Asset Migration FAQ  
      3. Manage transferred assets
    3. Reclaim assets from a user
    4. Student asset migration | EDU only
      1. Automatic student asset migration
      2. Migrate your assets
  7. Manage services
    1. Adobe Stock
      1. Adobe Stock credit packs for teams
      2. Adobe Stock for enterprise
      3. Use Adobe Stock for enterprise
      4. Adobe Stock License Approval
    2. Custom fonts
    3. Adobe Asset Link
      1. Overview
      2. Create user group
      3. Configure Adobe Experience Manager Assets
      4. Configure and install Adobe Asset Link
      5. Manage assets
      6. Adobe Asset Link for XD
    4. Adobe Acrobat Sign
      1. Set up Adobe Acrobat Sign for enterprise or teams
      2. Adobe Acrobat Sign - Team feature Administrator
      3. Manage Adobe Acrobat Sign on the Admin Console
    5. Creative Cloud for enterprise - free membership
      1. Overview
  8. Deploy apps and updates
    1. Overview
      1. Deploy and deliver apps and updates
      2. Plan to deploy
      3. Prepare to deploy
    2. Create packages
      1. Package apps via the Admin Console
      2. Create Named User Licensing Packages
      3. Adobe templates for packages
      4. Manage packages
      5. Manage device licenses
      6. Serial number licensing
    3. Customize packages
      1. Customize the Creative Cloud desktop app
      2. Include extensions in your package
    4. Deploy Packages 
      1. Deploy packages
      2. Deploy Adobe packages using Microsoft Intune
      3. Deploy Adobe packages with SCCM
      4. Deploy Adobe packages with ARD
      5. Install products in the Exceptions folder
      6. Uninstall Creative Cloud products
      7. Use Adobe provisioning toolkit enterprise edition
      8. Adobe Creative Cloud licensing identifiers
    5. Manage updates
      1. Change management for Adobe enterprise and teams customers
      2. Deploy updates
    6. Adobe Update Server Setup Tool (AUSST)
      1. AUSST Overview
      2. Set up the internal update server
      3. Maintain the internal update server
      4. Common use cases of AUSST   
      5. Troubleshoot the internal update server
    7. Adobe Remote Update Manager (RUM)
      1. Use Adobe Remote Update Manager
      2. Channel IDs for use with Adobe Remote Update Manager
      3. Resolve RUM errors
    8. Troubleshoot
      1. Troubleshoot Creative Cloud apps installation and uninstallation errors
      2. Query client machines to check if a package is deployed
      3. Creative Cloud package "Installation Failed" error message
    9. Create packages using Creative Cloud Packager (CC 2018 or earlier apps)
      1. About Creative Cloud Packager
      2. Creative Cloud Packager release notes
      3. Application packaging
      4. Create packages using Creative Cloud Packager
      5. Create named license packages
      6. Create packages with device licenses
      7. Create a license package
      8. Create packages with serial number licenses
      9. Packager automation
      10. Package non-Creative Cloud products
      11. Edit and save configurations
      12. Set locale at system level
  9. Manage your account
    1. Manage your Teams account
      1. Overview
      2. Update payment details
      3. Manage invoices
      4. Change contract owner
      5. Change reseller
    2. Assign licenses to a Teams user
    3. Add products and licenses
    4. Renewals
      1. Teams membership: Renewals
      2. Enterprise in VIP: Renewals and compliance
    5. Automated expiration stages for ETLA contracts
    6. Switching contract types within an existing Adobe Admin Console
    7. Purchase Request compliance
    8. Value Incentive Plan (VIP) in China
    9. VIP Select help
  10. Reports & logs
    1. Audit Log
    2. Assignment reports
    3. Content Logs
  11. Get help
    1. Contact Adobe Customer Care
    2. Support options for teams accounts
    3. Support options for enterprise accounts
    4. Support options for Experience Cloud

Learn how to set up your users' accounts with different ID types with or without Single Sign-on. Set up SSO for Adobe software, configure SAML settings, and go through the most common questions and errors.

Set up identity and SSO | YouTube video

Key terms and concepts

A directory in the Admin Console is an entity that holds resources such as users and policies like authentication. These directories are similar to LDAP or Active Directories.

Organization identity provider such as Active Directory, Microsoft Azure, Ping, Okta, InCommon, or Shibboleth.

System admin Works with IdP directory managers and DNS managers to set up identity in the Admin Console.

DNS Manager Updates DNS tokens to validate domain ownership

Identity Provider (IdP) directory manager Handles the IdP portal and associated connectors

Created, owned, and managed by the end user. Adobe performs the authentication, and the end user manages the identity. Depending upon the storage model, users or businesses retain control over files and data.

For organizations that have been updated to the Enterprise storage model, assets and data is controlled by the organization. For organizations that have not been updated, the individual owns and controls Adobe ID assets.

Created, owned, and managed by an organization. Adobe hosts the Enterprise ID and performs authentication, but the organization maintains the Enterprise ID. Admins create an Enterprise ID and issue it to a user. Admins can revoke access to products and services by taking over the account or deleting the Enterprise ID to permanently block access to associated data. Learn more

Created and owned by an organization, and linked to the enterprise directory via federation. The organization manages credentials and processes Single Sign-On via a SAML2 Identity Provider (IdP).

The following are a few requirements and scenarios where Federated IDs are recommended:

  • If you want to provision users based on your organization's enterprise directory.
  • If you want to manage the authentication of users.
  • If you need to maintain strict control over apps and services available to a user.

Set up identity without Single Sign-On

You may use Adobe ID or Enterprise ID if your organization is currently not using SSO on other applications.

Using Adobe ID

We're updating all organizations to the Enterprise storage model. This gives your organization greater control over your users' assets and data.

Get started with adding users to your Admin Console.

Set up identity with Enterprise ID

You can set up an Enterprise ID directory if you want more control on your users' data without using SSO. Only Admins create an Enterprise ID and issue it to a user.

See Set up organization with Enterprise ID to know the requirements and steps involved in creating Enterprise ID directories.

Set up identity with Single Sign-On

You must set up your user identity with Federated ID accounts to use SSO. The following are a few requirements and scenarios where Federated IDs are recommended:

  • If you want to provision users based on your organization's enterprise directory.
  • If you want to manage the authentication of users.
  • If you need to maintain strict control over apps and services available to a user.

Set up a new SSO integration

You can use popular identity providers such as Microsoft Azure AD, Google, or use other SAML-based IdP to set up SSO between your organization and Adobe products.

Azure AD (Recommended)

Set up SSO and user-sync with Azure AD Connector

Other SAML IdP

Set up SSO with other SAML-providers

Integrate with any standard SAML-compliant Identity Provider (IdP).

Google (Recommended)

Set up SSO and user-sync using Google Connector

Manage existing SSO setup

Follow the next steps after you have set up an SSO between your organization and Adobe:

Learn how to manage your domains and directories:

Learn how to change your identity provider:

Errors and common questions

Find solutions to the most commonly occuring questions and errors as you set up and manage SSO:

Azure AD

FAQs

Azure AD connector FAQs

How to delete directories and domains

Troubleshoot

Users denied access

Sync issues

Other SAML IdP

FAQs

SAML integration FAQs

Troubleshoot

General SSO troubleshooting

"Access denied" error

"Another user is currently logged in" error

Perform a SAML trace

Google

FAQs

Google connector FAQs

How to delete directories and domains

Join the conversation

To collaborate, ask questions, and chat with other administrators, use our Enterprise and Teams Community.

Adobe logo

Sign in to your account

Quick links

View all your plans Manage your plans

Legal Notices    |    Online Privacy Policy