This article describes the older SAML-based set-up for Google Federation tool.
For new configurations, it is recommended to use the Google Connector, which can be set up within minutes and shortens the process of Domain Claim, SSO-setup, and user-sync.
The Adobe Admin Console allows a system administrator to configure domains which are used for login via Federated ID for Single Sign-On (SSO). Once the domain is verified, the directory containing the domain is configured to allow users to log in to Creative Cloud. Users can log in using email addresses within that domain via an Identity Provider (IdP). The process is provisioned either as a software service which runs within the company network and is accessible from the Internet or a cloud service hosted by a third party that allows for the verification of user login details via secure communication using the SAML protocol.
One such IdP is Google, a cloud-based service which facilitates secure identity management.
To configure single sign-on for your domain, do the following:
- Sign in to the Admin Console and start with creating a Federated ID directory, selecting Other SAML Providers as the identity provider. Copy the values for ACS URL and Entity ID from the Add SAML Profile screen.
- Configure the Google Admin Console specifying the ACS URL and Entity ID and download the IdP metadata file.
- Return to the Adobe Admin Console and upload the IdP metadata file in the Add SAML Profile screen and click Done.
To update the latest certificate, return to the Adobe Admin Console. Upload the certificate downloaded from Google to the Add SAML profile screen and click Done.
Check the user access for a user who you have defined in your own identity management system and in the Adobe Admin Console, by logging in to the Adobe website or the Creative Cloud desktop app.
If you encounter problems, see our troubleshooting document.
If you need assistance with your single sign-on configuration, navigate to Adobe Admin Console > Support to contact us.