Overview

The Adobe Admin Console allows a system administrator to configure domains which are used for login via Federated ID for Single Sign-On (SSO). Once ownership of a domain has been demonstrated by use of a DNS token, the domain can be configured to allow users to log-in to Creative Cloud using e-mail addresses within that domain via an Identity Provider (IdP) - either as a software service which runs within the company network and is accessible from the internet or a cloud service hosted by a third party which allows for the verification of user login details via secure communication using the SAML protocol.

One such IdP is Microsoft Azure, a cloud-based service which facilitates secure identity management.

Prerequisites

Before configuring a domain for single sign-on using Microsoft Azure as the IdP, the following requirements should be met:

  • Domain has been claimed in the Adobe Admin Console, showing it as "Active" in the "Domain Status" column
  • Microsoft Azure dashboard is accessible 

Creating SSO Application in Azure for Adobe

1.)  Go to Active Directory > Your Azure Active Directory > Applications > Add

2.)  Select Add an application from Gallery

3.)  Select Custom and type in “Adobe Creative Cloud”

4.)  Select Configure Single Sign-On

5.)  Check Microsoft AD Single Sign-On

6.)  Enter dummy information initially via “Configure” tab

    a. Enter https://adobe.com for the Issuer/Reply URL fields


7.) Download the Certificate and check the Confirm checkbox 

Assigning Users via Azure

1.)  Select “Assign Accounts”

2.)  Select Show All Users, click the Checkbox.

3.)  Select a user you wish to have access to the application and click the Assign button

4.)  Select Yes to confirm 

Adding Required Attributes via Azure

1.)  Click on the Attributes tab and select the add user attribute button

2.)  Create the following attributes:

  • FirstName (givenname)
  • LastName (surname)
  • Email (mail)

3.)  Click Apply Changes 

Configure Azure inside Adobe Admin Console

1.)  Access Adobe Admin Console - https://adminconsole.adobe.com/enterprise/

2.)  Go to Identity > Click the domain > Add/Enter your Azure details 

3.)  Upload the certificate you downloaded earlier

4.)  Enter your Azure details

  • a. IDP issuer = Issuer URL in Azure
  • b. IDP Login URL = SSO Service URL in Azure
  • c. IDP Binding
  • d. User Login Setting

5.)  Click save

6.)  The console will now present the XML “Download Metadata” file to replace the dummy
values entered earlier within Azure. The file will contain Adobe’s EntityID URL and
AssertionConsumerService URL. 

Finalize Configuration within Azure

1.)  Within Azure > Adobe Create Cloud > Configure Single Sign-on

2.)  Enter the following values and click Next

  • Use the EntityID value Adobe provided you for ISSUER URL:
    Should look something like this: https://www.okta.com/saml2/service-provider/spi1t5qwd3rI7onSs0x78
  • Use the AssertionConsumerService value Adobe provided you for REPLY URL:
    Should look something like this: https://adbe-jackstromberg-dot-com-a8bd-prd.okta.com/auth/saml20/accauthlinktest 

3.) Check the Confirm box and click Next.

Finalize Configuration within Adobe Admin Console

1.)  Access Adobe Admin Console - https://aedash.adobe.com

2.)  Go to Identity > Click the domain

3.)  Click Edit Configuration

4.)  Upload the latest certificate **Important since we’ve replaced the dummy values** 

Testing User Access

1.)  Ensure to assigned the user via Azure (See Assigning User in Azure step)

2.)  Lastly, ensure to add the user within Adobe’s console as Federated ID and assign them to a group for entitlement. 

3.) At this point, type your email address/upn into the Adobe signin form, press tab, and you should
be federated back to Azure AD:

  • Web access: www.adobe.com > sign-in
  • Within the desktop app utility > sign-in
  • Within the application > help > sign-in 

Support

If you need additional assistance after following the steps in this guide, open a ticket on the Support tab in the Adobe Admin Console.

Ta zawartość jest licencjonowana na warunkach licencji Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License  Posty z serwisów Twitter™ i Facebook nie są objęte licencją Creative Commons.

Informacje prawne   |   Zasady prywatności online