Steps to set up Adobe Single Sign on using Secure Auth as an Identity provider

Overview

The Adobe Admin Console allows a system administrator to configure domains which are used for login via Federated ID for Single Sign-On (SSO). The domain can be configured to allow users to log in to Creative Cloud using email addresses within that domain via an Identity Provider (IdP) once ownership of a domain is demonstrated by use of a DNS token - software installed on a server which is accessible from client workstations, or a cloud service hosted by a third party which allows for the verification of user login details via secure communication using the SAML protocol.

One such IdP is Secure Auth. To use Secure Auth, you need a server that is accessible from the Internet and has access to the directory services within the corporate network. This document describes the process to configure the Admin Console and a Secure Auth server to be able to log in to Adobe Creative Cloud applications and associated websites for Single Sign-On.

Environment

Secure Auth V8.0

Steps

  1. Upload the Secure Auth (IDP) certificate in Adobe Admin Console.

  2. Update IDP issuer and IDP login URL. The Secure Auth Admin has this information.

    rtaimage
  3. Set IDP binding to HTTP- REDIRECT and use email address as a User login Setting. (This setting varies depending upon the method that customer's IDP uses to transmit SAML protocols messages, in most of the cases, it is HTTP- REDIRECT)  

  4. Secure Auth Admin can also get this information from Post Authentication menu after selecting their relevant Secure Auth server. Refer to the screenshot below - 

    rtaimage_1_
  5. Once the settings are defined on the Adobe Admin portal, download the Metadata file to get the SAML audience and SAML recipient value - 

    rtaimage_2_
  6. In the Metadata file, the entity Id goes in the SAML audience option and Location value is used in SAML consumer URL and SAML Recipient option.

    rtaimage_3_
  7. Add on attributes for Email, FirstName, and LastName.

    rtaimage_4_
    rtaimage_5_
  8. Save changes and go to Workflow tab and ensure that SP start URL is specified - 

    rtaimage_6_
  9. Save changes again and test Single Sign On.

Additional information

If Secure auth admin has not created a realm group, then you can simply advise them to create one using the option 'Create custom realm groups'. 

rtaimage_7_

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License  Twitter™ and Facebook posts are not covered under the terms of Creative Commons.

Legal Notices   |   Online Privacy Policy