The Adobe Admin Console allows a system administrator to configure domains which are used for login via Federated ID for Single Sign-On (SSO). Once ownership of a domain has been demonstrated by use of a DNS token, the domain can be configured to allow users to log-in to Creative Cloud using e-mail addresses within that domain via an Identity Provider (IdP) - either as a software service which runs within the company network and is accessible from the internet or a cloud service hosted by a third party which allows for the verification of user login details via secure communication using the SAML protocol.
One such IdP is Microsoft Azure, a cloud-based service which facilitates secure identity management.
Before configuring a domain for single sign-on using Microsoft Azure as the IdP, the following requirements should be met:
1.) Go to Active Directory > Your Azure Active Directory > Applications > Add
2.) Select Add an application from Gallery
3.) Select Custom and type in “Adobe Creative Cloud”
4.) Select Configure Single Sign-On
5.) Check Microsoft AD Single Sign-On
6.) Enter dummy information initially via “Configure” tab
a. Enter https://adobe.com for the Issuer/Reply URL fields
7.) Download the Certificate and check the Confirm checkbox
1.) Select “Assign Accounts”
2.) Select Show All Users, click the Checkbox.
3.) Select a user you wish to have access to the application and click the Assign button
4.) Select Yes to confirm
1.) Click on the Attributes tab and select the add user attribute button
2.) Create the following attributes:
3.) Click Apply Changes
1.) Access Adobe Admin Console - https://adminconsole.adobe.com/enterprise/
2.) Go to Identity > Click the domain > Add/Enter your Azure details
3.) Upload the certificate you downloaded earlier
4.) Enter your Azure details
5.) Click save
6.) The console will now present the XML “Download Metadata” file to replace the dummy
values entered earlier within Azure. The file will contain Adobe’s EntityID URL and
1.) Within Azure > Adobe Create Cloud > Configure Single Sign-on
2.) Enter the following values and click Next
3.) Check the Confirm box and click Next.
1.) Access Adobe Admin Console - https://aedash.adobe.com
2.) Go to Identity > Click the domain
3.) Click Edit Configuration
4.) Upload the latest certificate **Important since we’ve replaced the dummy values**
1.) Ensure to assigned the user via Azure (See Assigning User in Azure step)
2.) Lastly, ensure to add the user within Adobe’s console as Federated ID and assign them to a group for entitlement.
3.) At this point, type your email address/upn into the Adobe signin form, press tab, and you should
be federated back to Azure AD:
If you need additional assistance after following the steps in this guide, open a ticket on the Support tab in the Adobe Admin Console.