Enhanced Authentication overview

IMPORTANT

The procedure described on this page applies only to organizations that are not yet onboarded to the Adobe Admin Console.

If your organization has been onboarded to the Adobe Admin Console, see Platform-based administration differences (Adobe Workfront/Adobe Business Platform).

Adobe Workfront is changing the system management of users and passwords. These changes will roll out in a phased release called Enhanced Authentication experience. Enhanced Authentication offers users a more consistent and secure sign-in experience across all Workfront products and services.

The following table provides details about current and future functionality:

IMPORTANT

Most customers are currently using Legacy Authentication and some are using Enhanced Authentication 1.0.

To verify which type of authentication you are currently using, go to your_domain.my.workfront.com/login. If you are redirected to /auth/login, then you are using Enhanced Authentication 1.0.

If you are redirected to https://login-a-xx.workfront.com/, where ‘xx’ could be US (United States), EU (Europe), or GCP (Google Cloud Platform) depending on your location/platform, then you are using Enhanced Authentication 2.0.

All customers will be moving to Enhanced Authentication 2.0 by the end of 2021.

Feature

Legacy Authentication Enhanced Authentication 1.0

Enhanced Authentication 2.0

Login options

Enable a single username to be used for all Workfront products and services, including training, support, and others

Not available

Not available

Allow using the same email address across Workfront instances

Available as of the 2019.3 release

Available as of the 2019.3 release

Available as of the 2019.3 release

Email addresses are case-insensitive

Available as of the 2019.3 release

Multiple users cannot have the same email address if the address differs only by case.

Multiple users cannot have the same email address if the address differs only by case.

Workfront administrators will be notified toward the end of 2019 to begin fixing duplicate email addresses.

Password management options

Instigate a password reset email for a user as the Workfront administrator

Not available

Set a temporary password for a user as the Workfront administrator

Not planned

This functionality is not a security best practice

Not planned

This functionality is not a security best practice

Password policy requirements

Require users to reset passwords after a certain timeframe

Not planned

Restrict users from using a previous password

Not planned

Safeguard against incorrect password entry attempts

Locks the account after 5 incorrect password entry attempts. The wait time required after lockout is configured by the Workfront administrator

Wait time is exponentially increased after each successive incorrect password based on industry best practices; the time required is not configurable by the Workfront administrator

Uses a lock-out algorithm that proactively blocks a variety of suspicious behavior.

Require a mix of lowercase, uppercase, numbers, and special characters

Enhanced flexibility in choosing specific requirements

Set a minimum password length

Not available

Single Sign-On Protocol support

 

Supports SSO integrations that are compliant with Active Directory and LDAP protocols

✓ 

Deprecated

Active Directory, Azure, and LDAP systems should use SAML 2.0

Deprecated

Active Directory, Azure, and LDAP systems can be configured with encrypted SAML 2.0 or OpenID Connect.

Supports SSO protocols that are compliant with SAML 2.0 

✓ 

Supports Open ID Connect protocols

Not available

Not available

Configure the Workfront login page to always redirect to the identity provider login page

Enabled by default and cannot be disabled

Workfront administrator can configure the login page to redirect to the identity provider login page, or can configure a login button or buttons.

Workfront administrators can configure the login page to redirect to the identity provider login page, or can configure a login button or buttons.

Allow each instance to enable multiple SSO providers

N/A

Not planned

Environment support

 

A single username and password for Preview environments

Not available

Not available

A single username and password for Sandbox environments

Not available

Not available

On this page