Set up identity and Single Sign-On

Applies to: Enterprise

Learn how to set up identity in the Adobe Admin Console. Compare Adobe ID, Enterprise ID, and Federated ID, and configure Single Sign-On (SSO) for secure access to Adobe apps.

Configure identity and set up Single Sign-On (SSO) so employees can log in with existing organizational credentials.

Here is the video tutorial of how to Set up identity and SSO (YouTube).

Key terms and concepts

Directory

A directory in the Admin Console is an entity that holds resources such as users and policies like authentication. These directories are similar to LDAP or Active Directories.

Identity provider (IdP)

An identity provider (IdP) is your organization’s identity provider, such as:

Personas involved

Adobe ID

Created, owned, and managed by the end user. Adobe performs the authentication, and the end user manages the identity. Depending upon the storage model, users or businesses retain control over files and data.

For organizations that have been updated to the Enterprise storage model, assets and data is controlled by the organization. For organizations that have not been updated, the individual owns and controls Adobe ID assets.

Enterprise ID

Created, owned, and managed by an organization. Adobe hosts the Enterprise ID and performs authentication, but the organization maintains the Enterprise ID. Admins create an Enterprise ID and issue it to a user. Admins can revoke access to products and services by taking over the account or deleting the Enterprise ID to permanently block access to associated data. To learn more, click here.

Federated ID

Created and owned by an organization, and linked to the enterprise directory via federation. The organization manages credentials and processes Single Sign-On via a SAML2 Identity Provider (IdP).

The following are a few requirements and scenarios where Federated IDs are recommended:

Set up identity without Single Sign-On

You may use Adobe ID or Enterprise ID if your organization is not currently using SSO on other applications.

Using Adobe ID

Adobe is updating all organizations to the Enterprise storage model. This gives your organization greater control over your users’ assets and data.

Get started with adding users to the Admin Console.

Set up identity with Enterprise ID

You can set up an Enterprise ID directory if you want more control over your users’ data without using SSO. Only admins create an Enterprise ID and issue it to a user.

See Set up organization with Enterprise ID for requirements and steps to create Enterprise ID directories.

Set up identity with Single Sign-On

You must set up user identity with Federated ID accounts to use SSO.

Federated IDs are recommended when:

Set up a new SSO integration

You can use popular identity providers such as Microsoft Azure AD, Google, or use other SAML-based IdP to set up SSO between your organization and Adobe products.

Azure AD (Recommended) - Set up SSO and user-sync with Azure AD Connector

Other SAML IdP - Set up SSO with other SAML-providers

Google (Recommended) - Set up SSO and user-sync using Google Connector

Manage existing SSO setup

After SSO is set up between your organization and Adobe, use the following to manage and change your setup.

Learn how to manage your domains and directories:

Learn how to change your identity provider:

Errors and common questions

Solutions for common questions and errors when setting up and managing SSO:

Azure AD - FAQs & Troubleshooting

FAQs

Troubleshooting

Other SAML IdP - FAQs & Troubleshooting

FAQs

SAML integration FAQs

Troubleshooting

Google - FAQs

Join the conversation

To collaborate, ask questions, and chat with other administrators, use the Enterprise and Teams Community.

Legal and privacy