User Guide Cancel

Migrate to a new authentication provider

You can migrate your existing directory to a new authentication provider within the Adobe Admin Console. This allows you to choose an authentication provider based on your needs and seamlessly migrate your users along with their apps and assets.

Before you begin

To migrate to a new authentication provider, you must have the following:

  • Access to your organization's Adobe Admin Console with System Administrator credentials
  • An existing directory configured for federation in Admin Console
  • Access to your organization's identity provider portal (for example, Microsoft Azure Portal, Google Admin console, etc.)

You can find detailed information in Implementation Considerations.

Change your directory's identity provider

If you meet the access requirements and implementation considerations, follow the procedure below to edit your authentication profile and migrate your directory:

  1. In your Adobe Admin Console, go to Settings > Directories > Edit the directory. Then, select Add new IdP in the directory Details.

  2. Select the identity provider to set up the new authentication profile. Choose the identity provider (IdP) that your organization uses to authenticate users. Click Next.

  3. Based on your choice of Identity provider, follow the steps below:

  4. In the Adobe Admin Console > Directory details, the new authentication profile is created. Use Test to verify whether the configuration functions correctly to ensure that all end users have access to SAML apps.

    The Test feature ensures that the username format for the new authentication profile in their IdP matches the user information for the existing profile for user login.

  5. Go to Directory users in the Adobe Admin Console > check that the identity provider usernames match Admin Console usernames.

    For SAML, make sure that Subject field in the assertion from the new configuration matches the existing users' username format in the Admin Console.

    Click Activate to migrate to the new authentication profile. Once done, the new profile displays In use.

After you've updated your directory setup, you can move domains from existing directories to the new directory using domain migration. Note that users of the migrated domains must be in the identity provider that is configured to work with the new target directory.

To know more about limitations and avoid errors that you might encounter while configuring, see Common questions.

Common questions: Directory migration

Find answers to your questions related to directory migration to a new authentication provider and updating a deprecated SAML setup.

Get help faster and easier

New user?