Adobe-supported identity types

Adobe uses an underlying identity management system to authenticate and authorize users. If you're using named licensing or are planning to provide access to services, using identities is a requirement. Adobe supports three identity or account types; they use an email address as the user name.

enterprise-id

Enterprise ID is created, owned, and managed by an organization. Adobe hosts the Enterprise ID and performs authentication, but the organization maintains the Enterprise ID. End users cannot sign up and create an Enterprise ID, nor can they sign up for additional products and services from Adobe using an Enterprise ID.

Admins create an Enterprise ID and issue it to a user. Admins can revoke access to products and services by taking over the account, or deleting the Enterprise ID to permanently block access to associated data.

Adobe recommends Enterprise IDs for the following requirements:

  • To maintain strict control over apps and services available to a user.
  • For emergency access to files and data associated with an ID.
  • To have the ability to completely block or delete a user account.
  • In all K-12 user settings to ensure compliance with student privacy and other relevant laws.

federated-id

Federated ID is created and owned by an organization, and linked to the enterprise directory via federation. The organization manages credentials and processes Single Sign-On via a SAML2 Identity Provider (IdP).

Adobe recommends Federated IDs for the following requirements:

  • To provision users based on your organization's enterprise directory.
  • To manage authentication of users.
  • To maintain strict control over apps and services available to a user.
  • To allow users to use the same email address to sign up for an Adobe ID.
  • In all K-12 user settings to ensure compliance with student privacy and other relevant laws.

To set up an identity system, see Set up identity.

You can use Federated IDs, Enterprise IDs, and Adobe IDs in the same enterprise deployment. Remember, when you set up an account using Adobe ID, end users retain complete control over files and data associated with this account. When you use a Federated ID or an Enterprise ID, it is the enterprise that owns and controls this content.

Adobe recommends admins to migrate Adobe ID users to Federated and Enterprise IDs to provide organizations complete control over software usage, management, and deployment.

There can be users who already have Adobe IDs with email addresses from your domain. So, before you create Enterprise IDs or Federated IDs, consider the impact on the existing users.

Edit Identity Type

As a System Administrator, you can edit the identity type for users in your organization from Adobe ID to Enterprise ID or Federated ID. Alternatively, you can edit the identity type of Enterprise ID or Federated ID type users to Adobe ID. For details on user identity types, see Adobe-supported identity types.

Note:

Through the Admin Console, you can edit the identity type of users.

  • Adobe ID to Enterprise ID,
  • Enterprise ID to Adobe ID,
  • Adobe ID to Federated ID, or
  • Federated ID to Adobe ID.

However, to edit the identity type from Enterprise ID to Federated ID, or from Federated ID to Enterprise ID, contact Adobe Support.

Impact on Creative Cloud end users

If you edit the identity type of users from Adobe ID to Enterprise/Federated ID, these users continue to have access to their personally owned Adobe ID. However, they access the organization’s Adobe apps, services, and solutions through the new Enterprise ID or Federated ID assigned to them.

If your users already have Adobe IDs with assets linked to it, they can migrate assets from their Adobe ID accounts to their new enterprise account.

If existing Creative Cloud users were using services that are not included with Creative Cloud for enterprise, their memberships revert to free versions.

Edit Identity Type by CSV

The following procedure enables you to edit the identity type for users in bulk. You can also edit user details such as email addresses and names for users using the Admin Console, User Sync tool, or the User Management API.

  1. Sign in to the Admin Console and navigate to Users.

  2. Click , and select Edit Identity Type by CSV from the drop-down list.

    The Edit Identity Type by CSV dialog box displays.

    Edit Identity Type by CSV
  3. To include users to edit Identity type, download the Current User List or the CSV Standard Template, clicking Download CSV Template.

    The .csv file downloaded, contains the following data.

    • Identity Type - Adobe ID, Enterprise ID, or Federated ID.
    • Username
    • Domain
    • New Identity Type - Adobe ID, Enterprise ID, or Federated ID.
    • New Email
    • New Username
    • New Country Code
  4. Open the .csv file in Excel and edit the identity types, as required.

    Note:

    If you are editing the identity type from Adobe ID to Enterprise/Federated ID, the email address for Adobe ID must match the one for enterprise account.

    Adobe ID email Enterprise ID or Federated ID email Edit identity type
    janedoe@xyz.com janedoe@xyz.com Success
    johndoe@adobe.com johndoe.@xyz.com Fail
  5. Open the Edit Identity Type by CSV dialog box, and upload the updated .csv file.

    Once the process is complete, you receive a notification email.

This process migrates the permissions and provisioned products for all migrated users. The users whose identity has changed, receive a notification to use their new Enterprise/Federated ID account when working with the Adobe products they have been provisioned.

In addition, if your users were previously using Adobe IDs and have assets linked to it, these users will be requested to consent to the Asset Migration process. The Asset Migration process automatically moves the users' assets from their Adobe ID account to their Enterprise account.

Asset migration

When you edit the identity type of the users from Adobe ID to Enterprise ID/Federated ID, users can migrate the supported content from their existing company assigned Adobe ID account to their new enterprise account. The migration can be done in two ways:

To ensure that users can automatically migrate their content, users must be assigned access to storage for Creative Cloud and Document Cloud. For users to have access to storage for Creative Cloud and Document Cloud, do one of the following:

  • Assign a Product Profile which offers the Creative Cloud All Apps plan with storage, and has the PDF Services turned On.
  • Assign a Creative Cloud Product Profile with storage, and a Document Cloud Product Profile with storage (excludes desktop only offers) and PDF Services turned On.

After the Edit Identity Type process is complete, the end user receives an email notification with the details to migrate their assets.

As the IT Admin, you can download the Asset Migration completion status report for all the users that were part of the Edit Identity process. To download the report, do the following:

  1. Navigate to Admin Console > Users.

  2. Click  and select Export migration report to CSV from the drop-down list.

    The report is downloaded.

This report tells you who has granted consent, who has denied consent, and who hasn’t taken any action yet. To know about the type of content that the migration process supports, see Asset Migration FAQ.

Note:

Sometimes, the automatic Asset Migration process cannot be triggered for a few users. These users receive a notification to transfer their content manually, and are excluded from the migration report.

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License  Twitter™ and Facebook posts are not covered under the terms of Creative Commons.

Legal Notices   |   Online Privacy Policy