This document is intended to walk K-12 (Primary & Secondary) schools and districts through the deployment of named user licenses of Adobe Spark (English only), All Apps, or other Adobe products to students, teachers, and faculty.

This document is a step-by-step guide, but there is more detailed information on Adobe Admin Console and on each of the steps at the Enterprise page.

Creative Cloud for education

Getting Started

Get access to Spark with Premium Features

As the IT Administrator of your school, if you already have Adobe products, Spark with Premium Features is available on your Adobe Admin Console.

  1. Sign in to the Admin Console.

    In addition to the licenses purchased, the Overview page shows New Free Offer cards for Spark with Premium Features.

    New Free Offer cards
  2. Click Getting Started.

  3. On the Confirm Type of Organization screen, select the category that your organization belongs to.

    Agree to the terms and conditions, if you select K-12, Primary & Secondary Education.

    Confirm Type of Organization
  4. Click Confirm and Continue.

    The Overview page shows the card for Spark with Premium Features. You can now start deploying Spark for your users.

    Card for Spark with Premium Features

Prepare to deploy

  1. Identify the domain administrator in your school/district.

    The school/district owns the named user licenses given to K-12 (Primary/Secondary) students (For Adobe Spark or All Apps). So, these licenses must be deployed using Enterprise or Federated IDs. As part of the setup, you have to prove that you own the domain, by updating the DNS records. If you do not have access, ensure that you let the domain admins know to make that update for you.

  2. Plan the Identity system for your organization. Decide if you want to set up Enterprise ID users or Federated ID type users.

    Adobe ID Not Supported. Only Enterprise and Federated IDs are permitted for K-12 (Primary/Secondary).
    Enterprise ID Your organization owns and manages the Enterprise IDs. End users sign in using the passwords they specify to sign in.
    Federated ID Federated IDs allow users to sign in using your organization's Single-Sign On (SSO). End users sign in using the same user name and password that they use for signing in to all other apps and services. For example, Google orActive Directory File System (ADFS).
  3. If you want to set up single sign-on (SSO), identify the administrator for the school-provided IDs (login credentials).

    Set up SSO if students have Google Suite IDs provided to them, and you want to use these IDs to sign in to Adobe apps. If you do not want to set up single sign-on, use Enterprise IDs.

1. Set up Identity

Start by signing in to the Admin Console with the admin account.

1.a. Create a directory and add a domain

  1. Navigate to Admin Console > Settings, and click Start Identity Setup.

    Start Identity Setup
  2. Click Create Directory, enter a name for the directory, select an identity type, and click Create Directory.

    Close the confirmation screen.

    Create Directory
  3. Click Add Domains. Enter your domains and click Next.

    Ensure that you claim the domains that your users have for their login ID. For example, if a user signs in with joestudent@schoolabc.edu, then claim schoolabc.edu.

    If users sign in using several domains (For example, if you have separate domains for teachers and students), claim all of them here. You can claim more than one domain at a time by adding comma-separated values. (For Example, schoolabc.edu, abcteachers.edu, abc staff.edu)

    Add Domains
  4. Verify the list of domains and click Add Domains.

    add-domain
  5. On the Setup Identity screen that appears, click Get DNS token and then click Copy Record Value.

    Get DNS token
  6. Visit your Domain management dashboard (For example, Google Domains or GoDaddy)

  7. Under My Domains, click Configure DNS for your domain.

    Configure DNS
  8. Add a TXT record and enter the token copied earlier from the Adobe Admin Console.

    Enter the values for Name, Type, and TTL as shown in the screenshot below.

    Add a TXT record
  9. Return to the Adobe Admin Console. If your domain has not been automatically validated, click Validate. Then, click Validate Now.

    Validate

    You receive an email notification when your domain is validated.

    • If you have created an Enterprise ID identity type directory, you are done. You can test your setup and proceed further.
    • If you have created a Federated ID identity type directory, configure SSO after you receive an email from Adobe confirming that your directory is provisioned.

1.b. Configure Single Sign-On (Optional)

The following procedure walks you through the basic steps for configring SSO. For more detailed instructions and concepts, see Set up identity.

Notă:

For illustration purposes, this document follows the steps to configure SSO with Google Suite for Education. Instructions for some common Identity Providers (IdPs) can be found here- Microsoft ADFSMicrosoft AzureShibboleth IdPOktaInCommon. If you don’t see your IdP here or if you need assistance, contact your IdP.

  1. Visit your Identity Provider’s admin console (For example, G-Suite)

  2. Navigate to Apps > SAML apps > Enable SSO for a SAML application.

    Enable SSO for a SAML Application
  3. On the Enable SSO for SAML Application screen, click Setup My Own Custom App.

    Setup My Own Custom App
  4. The Google IdP Information screen displays. Note the SSO URLEntity ID, download the certificate, and click Next.

    Change the .pem extension of the certificate file to .cer by renaming the file.

    Notă:

    If there are multiple certificate types, choose the SHA-1 certificate. Also, the certificate must be in PEM format. If you are unsure about certificate type and format, contact your identity provider.

    Google IdP Information
  5. Go back to the Adobe Admin Console. Navigate to Settings Identity > Directories, and click Configure for the relevant directory.

    On the Configure Directory screen, do the following:

    • Upload the certificate.
    • Paste the Entity ID and SSO URL.
    • Select HTTP - Post as the IdP Binding.
    • Select Email as the User Login Setting.
    • Click Complete Configuration.
    Set Up Domain
    Mapping of fields between Google Admin Console and Configure Directory screens.
  6. In the Adobe Admin Console, click Download Metadata. To complete the configuration, upload this metadata XML file to the Google Admin Console.

    To show that you understand the need to complete the configuration with your identity provider, select the check-box, and click Complete.

    Download Metadata
  7. Open the XML file in a plain text editor (For example, Notepad on Windows, or TextEdit on Mac). And, locate the strings entityId and Location in the Metadata file.

    Atenție:

    Do not open the XML file in Microsoft Word.

    Metadata
  8. Go back to G-Suite screen and complete the basic Information for your Custom App and click Next.

    Basic Information for your Custom App
  9. Paste the entityId and Location on the Service Provider Details screen and click Next.

    Service Provider Details
  10. Add a new mapping on the Attribute Mapping screen as shown below, and click Finish.

    Service provider attributes User profile fields
    FirstName First Name
    LastName Last Name
    Email Primary Email
    Attribute Mapping

    Notă:

    The Attributes are case-sensitive.

  11. On the Setting up SSO for Adobe screen that displays, click Ok.

    Setting up SSO for Adobe
  12. Change the settings for Adobe Creative Cloud to On For Everyone.

    Settings for Adobe Creative Cloud
  13. Now, in the Adobe Admin Console, on the Configure Directory screen. To confirm that you have completed the configuration with your Identity Provider, select the check-box and click Complete.

    Your directory is now configured for Single Sign-On, you can start adding users to your directory.

2. Test your setup

To test your setup, you can add a user, and sign in using the new user account. You can choose an existing email address that you have access to or create one for this test.

2.a. Add a user

To add a user, do the following:

  1. In the Admin Console, navigate to Users Users, and click Add User.

  2. Enter the email address of the user. Select Add as Federated ID User or Add as Enterprise ID User.

    Atenție:

    Use an email address that belongs to one of the claimed domains. Do not select Add as an Adobe ID User.

  3. Select the Country, and enter the First Name and Last Name of the user.

    Atenție:

    First Name and Last Name are mandatory, even though erroneously indicated as optional.

    Add a user
  4. To assign products to the user, navigate to Assign Products. Click a product, select a profile for the product, and save the changes.

    The list of products that displays, is based on the purchase plan of your organization. For details on products and profiles, see Manage products and profiles.

    Assign Products

    Once you've successfully created the user and assigned a product, you receive an email on the associated email account. Follow the instructions in the email.

2.b. Sign in as the new user

To sign in as the user that you created, open the website for Adobe Spark, click Log In > Log In With School Account. Then, sign in using your email address and password.

Adobe Spark sign in

Notă:

If the email address has both, a personal Adobe ID (created by the end user) and a school ID (Enterprise ID or Federated ID created in the Adobe Admin Console), you see the account chooser screen. To sign in with your new enterprise account, choose Enterprise ID.

If you are using Federated IDs, you are redirected to the sign-in screen of your IdP (For example, Google). Enter the email address for the user, click Next, and follow the instructions on the screen.

Sign in with your Google Account

3. Manage Users

3.a. Create Product Profiles

Product Profiles let you enable all or a subset of Adobe services available in the plan you have purchased from Adobe. They let you customize settings associated with a given product and plan.

For a user to be entitled to use a product or a service, the user must be part of a Product Profile. You can assign licenses to a Product Profile by associating it with a plan that you have purchased. A user could belong to multiple product profiles, each conferring different licenses to the user. The final eligibility of a user is the union of all licenses conferred by each Product Profile to that user. To know more about Product Profiles, see Manage products and profiles.

  1. In the Admin Console, navigate to Products.

    A list is displayed of all Adobe product plans for which you are an administrator.

  2. Select the desired product plan, and click New Profile.

    The Create a New Profile wizard displays.

    Create a New Profile
  3. On the Details screen, enter a profile name, display name, description, and click Next.

    To automatically notify users by email when they are added or removed from this profile, enable User Notifications.

  4. On the Quota screen, choose the target number of licenses allotted for this profile, and click Next.

    Notă:

    Quotas are not applicable for Adobe Spark for education plans.

  5. On the Services screen, you can choose to enable or disable individual services for the Product Profile.

    Services screen
  6. Click Done to save the new profile.

3.b. Create User Groups and assign Product Profiles

Adobe recommends creating user groups to provide access to products and services. You can either create one group and add all users to it, or create separate groups for departments, programs, or roles (student, teacher, staff).

Creating multiple user groups is useful:

  • If you are planning to give different products to certain groups of users. For example, Creative Cloud- All Apps to high school students, and Adobe Spark to all students.
  • If you want to give limited administrative rights. For example, the department head can add or remove users from their department so that central IT does not have to.

To create a user group, do the following:

  1. In the Admin Console, navigate to Users > User Groups, and click New User Group.

    New User Group
  2. Enter a name and description for the user group and click Save.

    The description does not play any role in the setup and is for information purposes only. However, enter a name and description that indicates the purpose of the group.

    Name and description
  3. Also, you can add an admin specific to a user group, called the User Group Administrator.

    To add a User Group Administrator, click the group name. Navigate to Admins, and click Add Admin.

    Add Admin
  4. Enter the email address for the admin. You can search for existing users or add new users by specifying a valid email address, and filling the information on the screen.

    Click Save.

    Add an Admin
  5. To manage the entitlements given to users, assign Product Profiles to the user group.

    Click the group name, navigate to Assigned Product Profiles, and click Assign Product Profile.

    Assign Product Profiles
  6. Add the desired Product Profiles to the user group, and click Save.

    Add Product Profiles to user group

The user group is now ready, you can now start adding users to the group.

When you assign an admin role or a Product Profile to users, they receive an email notification. Users must follow the link to complete their profile, if prompted.

3.c. Add users

To add multiple users to your organization and provision them to product profiles, you can upload a comma-separated list with the details of all the users. Using the CSV upload, you can import up to 5,000 users at a time.

If you want to automate the user management process, you can use the User Sync tool. This method requires additional software be installed in your network to synchronize users between your Directory and Adobe. However, for large districts with sufficient IT resources, Adobe recommends using the User Sync tool. To learn more, see Set up the User Sync tool or enroll in our Self-paced User Automation course using a free Adobe Captivate Prime account.

To add multiple users in bulk via the Admin Console, do the following:

  1. In the Admin Console, navigate to Users > Users, click , and Choose Add Users by CSV from the drop-down list.

  2. In the Add Users by CSV dialog box, click Download CSV Template, and choose Standard template.

    Add Users by CSV
  3. Open the downloaded CSV template in a spreadsheet editor like Microsoft Excel, and paste your users into the template like the screenshot below.

    For a description of the fields in the downloaded file, see CSV File format.

    For Enterprise IDs and Federated IDs, columns A to G are mandatory. 

    If you are using user groups to manage access to products, assign users to the appropriate groups using columns K and L. In this case, you can leave the other cells empty.

    Downloaded CSV template

    Notă:

    This feature does not support user names having special characters, such as the comma (,) and the semicolon (;).

  4. Drag the updated CSV on to the Add Users by CSV dialog box and click Upload.

    Click Upload

    Notă:

    You can upload a CSV file size of up to 10 MB.

    For more information on bulk operations, see Manage Users and Bulk Operations.

3.d. End-user experience

After you have successfully assigned product profiles or administrative rights to the users, they receive a welcome email.

Welcome Email

The users can click Get Started in the email, sign in, and start using the allocated services. 

To sign in to Adobe Spark, open the website for Adobe Spark, click Log In > Log In With School Account. Then, sign in using your email address and password.

Sign in to Adobe Spark

Troubleshoot

As a first step for any issues, see the Admin guide and search for articles on Enterprise Learn & Support page.

Troubleshoot SSO issues

If running into an error specifically with SSO, see Troubleshooting errors. And, for SSO issues related to your IdP, reach out to the support center for your identity provider.

Troubleshoot bulk upload

To troubleshoot issues related to bulk upload, see Troubleshoot bulk upload.

Contact Adobe Support

When contacting Adobe Support to report a suspected SSO issue, provide the following to ensure fast and effective service from Adobe Customer Support.

  • Number of affected user accounts
  • Adobe domain name
  • Affected login and email name (must be identical)
  • Full contact details of the user
  • Date and time range the issue occurred
  • Screenshots or video of the user experience workflow shown from a signed out user state then attempting to sign in via www.adobe.com
  • A SAML trace output captured during the demonstration workflow. SAML trace requires no special skills or permission to use (non admin is OK) and is available on many browsers. (For example, Firefox and Chrome)

To use the SAML trace add-on, do the following.

  1. Install SAML trace add-on in user browser.

  2. Ensure that the user is signed out of Adobe account.

  3. Locate and click the SAML Trace window from the SAML icon in the toolbar.

    A separate window displays. Move it out of the way and leave it open.

  4. Navigate to www.adobe.com, and click Sign In and proceed as far as possible through login.

  5. When the issue occurs, navigate to the SAML trace window as shown in the below screenshot.

    Locate and click the POST line in Orange with SAML tag that ends in ‘accauthlinktest’.

    SSO triage
  6. Click SAML (next to HTML and Parameters).

  7. Copy all contents to text file and include with new support case.

  8. To perform SSO triage, locate the 4 mandatory SAML 2.0 assertions:

    1. NameID
    2. FirstName
    3. LastName
    4. Email
    • Case must exactly match that shown in the list above.
    • Check the values next to each and validate that each is populated.
    • Check Email matches NameID and conversely.
    • Check Email and NameID format are both correct and complete.

    A mismatch between the network user account and the Adobe user account name causes SSO to fail.

    Another good place to check when problems arise is the Adobe Admin Console under Settings - Identity - <click domain> - Event Logs. These logs are provided from the SP (Okta) syslog. There can be a few minutes delay for the log to update.

Această lucrare este oferită sub licență Atribuire-Necomercial-FărăModificări 3.0 Ne-adaptată Creative Commons  Postările pe Twitter™ şi Facebook nu sunt acoperite de condiţiile de licenţiere Creative Commons.

Prevederi legale   |   Politică de confidențialitate online