Overview

The Adobe Admin Console allows a system administrator to configure domains which are used for login via Federated ID for Single Sign-On (SSO). Once the ownership of a domain is demonstrated, the domain can be configured to allow users to log in to the Adobe Creative Cloud. Users can log in using email addresses within that domain via an Identity Provider (IdP). The process is provisioned either as a software service which runs within the company network and is accessible from the Internet, or a cloud service hosted by a third party which allows for the verification of user login details via secure communication using the SAML protocol.

One such IdP is Centrify, a cloud-based service which facilitates secure identity management.

Prerequisites

Before configuring a domain for single sign-on using Centrify as the IdP, the following requirements must be met.

  • Administrative access to both the Adobe Admin Console and the Centrify Portal.
  • An approved domain for your Adobe organization account. The status of the domain in the Adobe Admin Console must be Configuration Required.

Set up Centrify

To set up SSO with Centrify, follow the below steps:

  1. In the Centrify configuration, add SAML under the Custom tab.

    centrify-add-sso
  2. In the description, set the Application Name as desired, like Adobe SSO or your Adobe Solution Name.

    centrify-description
  3. Download the Signing Certificate to upload to the admin console.

    centrify-download-cert
  4. Save the Issuer string or copy/paste to the IdP Issuer field in the admin console.

    centrify-issuer
  5. Save the Sign In URL or copy/paste to IdP Login field in the admin console.

    centrify-signin-url

Configure Adobe Admin Console

To Configure Single Sign-On for your domain, perform the below steps:

  1. To enter the required information for your IdP, use the Set Up Domain wizard in the Adobe Admin Console.

    • Upload the certificate, and enter the IdP Issuer and IdP Login URL strings.
    • Set IdP Binding to Redirect.
    • For User Login Setting, choose Username if you are using LDAP, or choose Email address if you are using email.
    Set Up Domain
  2. Click Complete Configuration.

  3. To download the SAML XML Metadata file, click Download Metadata.

  4. Click Activate Domain.

    Your domain is now active.

Configure Centrify

To configure Centrify, follow the below steps:

  1. Return to Centrify and use the Upload SP Metadata button to upload the metadata you downloaded from the Admin Console.

    centrify-upload
  2. In the Centrify Account Mapping, set the Directory Service Field Name to email.

    centrify-mapping
  3. On the Advanced tab, set the name format to unspecified and add the parameters for first name, last name, and email address:

    setNameFormat('unspecified');

    setAttribute('FirstName', LoginUser.Get('givenname'));

    setAttribute('LastName', LoginUser.Get('sn'));

    setAttribute('Email', LoginUser.Get('mail'));

    centrify-custom-fields
  4. Grant the user access in Centrify and add the user in Adobe Admin Console.

    centrify-add-user

If you need assistance with the Centrify single sign-on configuration, navigate to Support in the Adobe Admin console, and open a ticket.

Licencia na používanie tohto diela sa poskytuje v súlade s podmienkami licencie Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License  Na príspevky v sociálnych sieťach Twitter™ a Facebook sa nevzťahujú podmienky licencií Creative Commons.

Právne upozornenia   |   Zásady ochrany osobných údajov online