This document is a step-by-step guide, but there is more detailed information on Adobe Admin Console and on each of the steps at the Enterprise page.
As the IT Administrator of your school, if you already have Adobe products, Spark with Premium Features is available on your Adobe Admin Console.
Identify the domain administrator in your school/district.
The school/district owns the named user licenses given to K-12 (Primary/Secondary) students (For Adobe Spark or All Apps). So, these licenses must be deployed using Enterprise or Federated IDs. As part of the setup, you have to prove that you own the domain, by updating the DNS records. If you do not have access, ensure that you let the domain admins know to make that update for you.
Plan the Identity system for your organization. Decide if you want to set up Enterprise ID users or Federated ID type users.
Adobe ID Not Supported. Only Enterprise and Federated IDs are permitted for K-12 (Primary/Secondary). Enterprise ID Your organization owns and manages the Enterprise IDs. End users sign in using the passwords they specify to sign in. Federated ID Federated IDs allow users to sign in using your organization's Single-Sign On (SSO). End users sign in using the same user name and password that they use for signing in to all other apps and services. For example, Google or Active Directory File System (ADFS).
If you want to set up single sign-on (SSO), identify the administrator for the school-provided IDs (login credentials).
If students have Google Suite IDs provided to them, and you want them to use these IDs to sign in to Adobe apps, use Federated IDs and set up SSO. If you do not want to set up single sign-on, use Enterprise IDs.
To use Federated ID authentication, you must have a SAML2-compatible Identity Provider.
The Adobe Admin Console allows a cloud-to-cloud integration with Google Federation ID and Azure Active Directory to turn the following into a simple authentication workflow:
- Domain claiming
- SSO setup
- Automated User Management
With Azure AD, you can even sync user groups.
(Federated ID only)
On Who is your identity provider screen, do one of the following:
To test your setup, you can add a user, and sign in using the new user account. You can choose an existing email address that you have access to or create one for this test.
To assign products to the user, navigate to Assign Products. Click a product, select a profile for the product, and save the changes.
The list of products that displays, is based on the purchase plan of your organization. For details on products and profiles, see Manage products and profiles.
To sign in as the user that you created, open the website for Adobe Spark, click Log In > Log In With School Account. Then, sign in using your email address and password.
If the email address has both, a personal Adobe ID (created by the end user) and a school ID (Enterprise ID or Federated ID created in the Adobe Admin Console), you see the account chooser screen. To sign in with your new enterprise account, choose Enterprise ID.
If you are using Federated IDs, you are redirected to the sign-in screen of your IdP (For example, Google). Enter the email address for the user, click Next, and follow the instructions on the screen.
Product Profiles let you enable all or a subset of Adobe services available in the plan you have purchased from Adobe. They let you customize settings associated with a given product and plan.
For a user to be entitled to use a product or a service, the user must be part of a Product Profile. You can assign licenses to a Product Profile by associating it with a plan that you have purchased. A user could belong to multiple product profiles, each conferring different licenses to the user. The final eligibility of a user is the union of all licenses conferred by each Product Profile to that user. To know more about Product Profiles, see Manage products and profiles.
Adobe recommends creating user groups to provide access to products and services. You can either create one group and add all users to it, or create separate groups for departments, programs, or roles (student, teacher, staff).
Creating multiple user groups is useful:
- If you are planning to give different products to certain groups of users. For example, Creative Cloud- All Apps to high school students, and Adobe Spark to all students.
- If you want to give limited administrative rights. For example, the department head can add or remove users from their department so that central IT does not have to.
To create a user group, do the following:
To add multiple users to your organization and provision them to product profiles, you can upload a comma-separated list with the details of all the users. Using the CSV upload, you can import up to 5,000 users at a time.
If you want to automate the user management process, you can use the User Sync tool. This method requires additional software be installed in your network to synchronize users between your Directory and Adobe. However, for large districts with sufficient IT resources, Adobe recommends using the User Sync tool. To learn more, see Set up the User Sync tool or enroll in our Self-paced User Automation course using a free Adobe Captivate Prime account.
Open the downloaded CSV template in a spreadsheet editor like Microsoft Excel, and paste your users into the template like the screenshot below.
For a description of the fields in the downloaded file, see CSV File format.
For Enterprise IDs and Federated IDs, columns A to G are mandatory.
If you are using user groups to manage access to products, assign users to the appropriate groups using columns K and L. In this case, you can leave the other cells empty.
This feature does not support user names having special characters, such as the comma (,) and the semicolon (;).
You can upload a CSV file size of up to 10 MB.
For more information on bulk operations, see Manage Users and Bulk Operations.
After you have successfully assigned product profiles or administrative rights to the users, they receive a welcome email.
To sign in to Adobe Spark with a Google Federated ID account, open Adobe Spark, click Log In > Continue With Google. Then, sign in using the email address and password.
If the users do not have a Google account, follow the steps described under Sign in as the new user.
As a first step for any issues, see the Admin guide and search for articles on Enterprise Learn & Support page.
When contacting Adobe Customer Care to report a suspected SSO issue, provide the following to ensure fast and effective service from Adobe Customer Support.
- Number of affected user accounts
- Adobe domain name
- Affected login and email name (must be identical)
- Full contact details of the user
- Date and time range the issue occurred
- Screenshots or video of the user experience workflow shown from a signed out user state then attempting to sign in via www.adobe.com
- A SAML trace output captured during the demonstration workflow. SAML trace requires no special skills or permission to use (non admin is OK) and is available on many browsers. (For example, Firefox and Chrome)
- Case must exactly match that shown in the list above.
- Check the values next to each and validate that each is populated.
- Check Email matches NameID and conversely.
- Check Email and NameID format are both correct and complete.
A mismatch between the network user account and the Adobe user account name causes SSO to fail.
Another good place to check when problems arise is the Adobe Admin Console under Settings - Identity - <click domain> - Event Logs. These logs are provided from the SP (Okta) syslog. There can be a few minutes delay for the log to update.