As an administrator of an Adobe product, you may have traditionally managed your users and controlled their access to various product capabilities through the product's administrative interface. Now you can achieve the same through Adobe's Admin Console. This document explains the benefits of doing so, and also guides you through the process.
The document provides an overview of the steps that are required to transition user management from your current in-product interface to the Adobe Admin Console. It links to other documents that cover the specific how-tos in full detail.
So as to provide benefits such as enterprise storage and other enterprise-level features, we are migrating all existing Adobe IDs to Business IDs. All new business customers will use Business IDs for their team members.
You'll receive advance communication when your organization is scheduled for this upgrade. For more information, see Introduction to Business IDs and new storage features. Until your organization is migrated, you will continue to use Adobe ID type to access the organization. Support for Adobe IDs will then be reserved for individual customers only.
This document is targeted at the following administrative roles.
The specific names for these roles can differ in the product you manage.
Administrators of the current product who are responsible for user management. This role involves tasks such as:
Administrators of the current product who are responsible for assigning product permissions to users for access to various product capabilities. This role involves tasks such as:
This document is not for the end users. Usually, the migration process is seamless to the end user and does not require their involvement. As a system administrator, you can inform your end users about what to expect from this migration process.
The Adobe Admin Console provides a centralized location to manage the administrators, users, user groups, product permissions, and product roles across all the Adobe products that your organization has purchased.
You can delegate system administrative tasks by creating other system administrators. You can also designate product-specific administrators to manage Adobe products that your organization has purchased. For details, see Administrative roles.
As Adobe introduces new products and services, you can quickly provide your users access to these products from within the Admin Console. You can also manage product-specific permissions and roles by using product profiles.
You can also create user groups to collectively manage product permissions and product roles. Simply create groups of users based on your needs and then assign these user groups to the product profiles that you define.
For more details, see the Admin Console.
If you are a system administrator, the Admin Console provides you with a single interface to manage all the users in your organization, irrespective of which Adobe products they use. You can add new users to the Admin Console using their Business ID or their enterprise credentials.
If you are a product administrator, the Admin Console provides you with a single interface to manage the product-specific permissions and roles for the users in your organization. When Adobe adds new capabilities to the products that your organization uses, you can manage any new permissions for your existing users from within the same interface. When your organization purchases new products from Adobe, you can use the same Admin Console to provide your users access to and manage their permissions and roles for these new products.
Your end users have one set of user credentials that they use across all existing and new Adobe products available to your organization.
You will receive an in-product notification to get you started with the migration.
If your organization is not already using the Admin Console, you will be designated the primary system administrator and will receive an email invitation from Adobe to the Admin Console. To log in, use your Adobe ID credentials.
Following is an overview of the steps to migrate your user management to the Admin Console.
The first step is to decide the identity type for your users. Adobe’s identity management system helps admins create and manage user access to applications and services. Adobe offers three varying types of identities or accounts to authenticate and authorize users. They use an email address as the user name. You can choose between any of the following identity types supported by the Admin Console.
Based on your organizational needs, you can select the most appropriate identity model to implement and use.
You can either choose to use Federated IDs or Enterprise IDs (and not both). However, you can choose only one of these identity types with the Business IDs. Like, if some of your users are logging into your product with your enterprise credentials (such as email@example.com) and some users are using emails that are from outside your enterprise (such as firstname.lastname@example.org).
If you need, read more about Adobe's supported identity types.
If you have chosen to use only Enterprise or Federated ID types, you can skip this step in the workflow.
As a system admin on the Admin Console, one of your first tasks is to define and set up an identity system against which your end users will be authenticated. As your organization purchases licenses for Adobe products and services, you will need to provision those licenses to your end users. And for this, you will need a way to authenticate these users.
Adobe provides you with the following identity types that you can use to authenticate your end users:
If you want to have separate accounts owned and controlled by your organization for users in your domain, you must use either Enterprise ID or Federated ID (for Single- Sign-On) identity types.
For details, see Set up identity.
Your end users are authenticated against domains that you set up in the Admin Console. If your email address is email@example.com, your domain is example.com. A claimed domain can be used either with Enterprise IDs or Federated IDs, but not both. You can however claim multiple domains.
Your organization must demonstrate its control over a domain to claim it. And, a domain can be claimed only once.
If the domain has already been claimed, like, by another department of the same company, one can request access to it by the domain claim process. The first department to claim the domain (owner) is responsible for approving any requests for access by other departments (trustees). For details, see Directory trusting.
If you’ve set up Federated IDs, Single Sign-On can be configured. When organizations configure and enable Single Sign-On (SSO), users in that organization are able to use their corporate credentials to access Adobe software.
Before you start the migration, one (or both) of the following must be completed:
After your users have created their Business IDs or you have claimed the domain for your enterprise, initiate the migration process from within your Adobe product.
All users that are set up to be managed via the Admin Console receive an email that explains what they have been given access to.
System and product administrators will be able to access to the Admin Console.
End users will be able to log into the product using their credentials.
After the migration is complete, the following changes take effect:
You no longer manage users in the product.
Use the Admin Console to manage users. For an introduction on how to use the Admin Console, see this article.
If you are the primary (or first) System administrator for your organization on the Admin Console, you can assign administrative roles to other users. These roles can include:
You no longer manage users, their permissions, or their roles in the product.
You are assigned administrative privileges to one or more products in your organization. You can create product profiles and assign administrators to the profiles that you create. You can also assign users and user groups to these product profiles. Optionally, you can then assign roles to these users and user groups.
Your end users will log into the existing product using their credentials. All user information is specific to the Business ID or as specified in your enterprise (if you choose Federated or Enterprise IDs).