In your Adobe Admin Console, go to Settings > Directories > Edit the directory. Then, select Add new IdP in the directory Details.
Terakhir dikemas kini pada
27 Dis 2022
- Adobe Enterprise & Teams: Panduan pentadbiran
- Rancang pemasangan anda
- Konsep asas
- Panduan Pemasangan
- Pasangkan Creative Cloud untuk pendidikan
- Laman utama Penerapan
- Bestari Penyesuaian Tugas K-12
- Persediaan mudah
- Menyegerakkan Pengguna
- Penyegerakan Senarai K-12 (AS)
- Konsep pelesenan utama
- Pilihan penerapan
- Petua cepat
- Luluskan aplikasi Adobe dalam Google Admin Console
- Dayakan Adobe Express dalam Google Classroom
- Penyepaduan dengan Canvas LMS
- Penyepaduan dengan Blackboard Learn
- Mengkonfigurasikan SSO untuk District Portal dan LMS
- Tambahkan pengguna melalui Roster Sync
- Soalan Lazim Kivuto
- Garis panduan kelayakan institusi Utama dan Sekunder
- Sediakan organisasi anda
- Jenis identiti | Gambaran keseluruhan
- Sediakan identiti | Gambaran keseluruhan
- Sediakan organisasi dengan Enterprise ID
- Sediakan Azure AD federation dan segerakkan
- Sediakan Google Federation dan segerakkan
- Sediakan organisasi dengan Microsoft ADFS
- Sediakan organisasi untuk District Portal dan LMS
- Sediakan organisasi dengan penyedia Identiti lain
- Soalan lazim dan penyelesaian masalah SSO
- Urus persediaan organisasi anda
- Urus pengguna
- Gambaran Keseluruhan
- Peranan pentadbiran
- Strategi pengurusan pengguna
- Berikan lesen kepada pengguna Pasukan
- Pengurusan pengguna dalam apl untuk pasukan
- Tambahkan pengguna dengan domain e-mel yang sepadan
- Tukar jenis identiti pengguna
- Urus kumpulan pengguna
- Urus pengguna direktori
- Urus pembangun
- Hijrahkan pengguna sedia ada ke Adobe Admin Console
- Hijrahkan pengurusan pengguna ke Adobe Admin Console
- Gambaran Keseluruhan
- Urus produk dan kelayakan
- Urus produk dan profil produk
- Urus produk
- Beli produk dan lesen
- Urus profil produk untuk pengguna perusahaan
- Urus peraturan pemberian automatik
- Beri hak kepada pengguna untuk melatih model tersuai Firefly
- Semak permintaan produk
- Urus dasar layan diri
- Urus penyepaduan aplikasi
- Urus kebenaran produk dalam Admin Console
- Dayakan/lumpuhkan perkhidmatan untuk profil produk
- Aplikasi Tunggal | Creative Cloud untuk perusahaan
- Perkhidmatan pilihan
- Urus lesen Peranti yang Dikongsi
- Urus produk dan profil produk
- Bermula dengan Global Admin Console
- Amalkan pentadbiran global
- Pilih organisasi anda
- Urus hierarki organisasi
- Urus profil produk
- Urus pentadbir
- Urus kumpulan pengguna
- Kemas kini dasar organisasi
- Urus templat dasar
- Peruntukkan produk kepada organisasi anak
- Laksanakan kerja yang belum selesai
- Terokai insights
- Eksport atau import struktur organisasi
- Urus storan dan aset
- Storan
- Penghijrahan Aset
- Tuntut semula aset daripada pengguna
- Penghijrahan aset pelajar | EDU sahaja
- Urus perkhidmatan
- Adobe Stock
- Fon tersuai
- Pautan Aset Adobe
- Adobe Acrobat Sign
- Creative Cloud untuk perusahaan - keahlian percuma
- Pasangkan aplikasi dan kemas kini
- Gambaran Keseluruhan
- Cipta pakej
- Pakej aplikasi melalui Admin Console
- Cipta Pakej Pelesenan Pengguna Bernama
- Urus pakej yang dijana terlebih dahulu
- Urus pakej
- Urus lesen peranti
- Pelesenan nombor siri
- Sesuaikan pakej
- Pasangkan Pakej
- Urus kemas kini
- Adobe Update Server Setup Tool (AUSST)
- Adobe Remote Update Manager (RUM)
- Selesaikan masalah
- Urus akaun Pasukan anda
- Pembaharuan
- Urus kontrak
- Laporan & log
- Dapatkan bantuan
You can migrate your existing directory to a new authentication provider within the Adobe Admin Console. This allows you to choose an authentication provider based on your needs and seamlessly migrate your users along with their apps and assets.
To migrate to a new authentication provider, you must have the following:
- Access to your organization's Adobe Admin Console with System Administrator credentials
- An existing directory configured for federation in Admin Console
- Access to your organization's identity provider portal (for example, Microsoft Azure Portal, Google Admin console, etc.)
You can find detailed information in Implementation Considerations.
If you meet the access requirements and implementation considerations, follow the procedure below to edit your authentication profile and migrate your directory:
-
-
Select the identity provider to set up the new authentication profile. Choose the identity provider (IdP) that your organization uses to authenticate users. Click Next.
-
Based on your choice of Identity provider, follow the steps below:
Log In to Azure with your Microsoft Azure Active Directory Global Admin credentials and Accept the permission prompt. You're taken back to the Directory details in the Admin Console.
Nota:- The Microsoft Global Admin login is only required to create an application in the organization's Azure Portal. The Global Admin's login information is not stored, and only used for the one-time permission to create the application.
- When selecting the identity provider for Step 3 above, the Microsoft Azure option should not be used if the Username field in the Adobe Admin Console does not match the UPN field in Azure Portal.
If the existing directory is configured to pass Username as the User Login Setting, the new IdP should be established under the Other SAML Providers' option. The login setting can be confirmed by selecting Edit option in the current directory under User Login Setting.
- Choosing the Microsoft Azure' option in Step 3 only configures the identity provider and does not include directory sync services at this time.
- Copy the ACS URL and Entity Id from the Edit SAML Configuration screen displays.
- In a separate window, log in to the Google Admin Console with Google Admin credentials and navigate to Apps > SAML Apps.
- Use the + sign to add new App and select Adobe app. Then, download the IDP metadata under Option 2 and upload it to the Edit SAML Configuration in the Adobe Admin Console. Then, click Save.
- Confirm the Basic Information for Adobe. Enter the previously copied ACS URL and Entity ID in the Service Provider Details to finish. There is no need to set up User Provisioning as this is not currently supported for existing directories.
- Last, go to Apps > SAML apps > Settings for Adobe > Service Status. Turn Service Status as ON for everyone and Save.
For Other SAML Providers:
- Log in to your identity provider's application in a different window and create a new SAML app. (Do not edit the existing SAML app to prevent down-time for migration).
- Based on your identity provider's settings, copy the Metadata file or ACS URL and Entity ID from the Adobe Admin Console to the identity provider's settings.
- Upload metadata file from the identity provider setup to the Adobe Admin Console. Then, click Save.
-
In the Adobe Admin Console > Directory details, the new authentication profile is created. Use Test to verify whether the configuration functions correctly to ensure that all end users have access to SAML apps.
The Test feature ensures that the username format for the new authentication profile in their IdP matches the user information for the existing profile for user login.
-
Go to Directory users in the Adobe Admin Console > check that the identity provider usernames match Admin Console usernames.
For SAML, make sure that Subject field in the assertion from the new configuration matches the existing users' username format in the Admin Console.
Click Activate to migrate to the new authentication profile. Once done, the new profile displays In use.
After you've updated your directory setup, you can move domains from existing directories to the new directory using domain migration. Note that users of the migrated domains must be in the identity provider that is configured to work with the new target directory.
To know more about limitations and avoid errors that you might encounter while configuring, see Common questions.
Find answers to your questions related to directory migration to a new authentication provider and updating a deprecated SAML setup.
Before you start, ensure you meet the access requirements to be able to follow the procedure for migrating to a different identity provider. Also, consider the following points to ensure a seamless and error-free migration for your organization's directories:
- Admins must create a new SAML app on their IdP setup to configure. If they edit the existing app, it will rewrite any active existing configuration, incur downtime, and nullify the ability to switch between available IdP’s in the Adobe Admin Console.
- Admins must ensure that all required users are assigned to, or can use, the newly-created SAML app.
- Admins must ensure the username format for the new authentication profile in their IdP matches what is used by the existing profile for user login. They can use the Test feature provided on the authentication profile to verify. This Test link can be copied to clipboard and share it with others to validate from their machines.
- Admins should test the newly-added IdP before activation with 2 to 3 active accounts of the directory.
Error logs will not be available for these features. However, the Test workflow allows the Admin to validate relevant errors before activation. Limitations to consider include:
- One directory can have up to two authentication profiles, and both the profiles should be for different authentication types. This means Microsoft Azure AD (which uses Open ID Connect) can stay with Other SAML providers, but Google (which itself uses SAML) cannot stay with Other SAML providers in the same directory.
- This feature does not allow admins to migrate their identity provider to enable directory sync functionality (Azure AD Connector and Google Connector). Although customers migrating to Microsoft Azure or Google as their IdP can use a different form of user management strategy. To learn more, see Adobe Admin Console users.
