DocumentationWorkfrontWorkfront Guide

Enhanced Authentication overview

Last update: Mon Aug 25 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

CREATED FOR:

  • Admin
IMPORTANT
The procedure described on this page applies only to organizations that are not yet onboarded to the Adobe Admin Console.
If your organization has been onboarded to the Adobe Admin Console, see Platform-based administration differences (Adobe Workfront/Adobe Business Platform).

Adobe Workfront is changing the system management of users and passwords. These changes will roll out in a phased release called Enhanced Authentication experience. Enhanced Authentication offers users a more consistent and secure sign-in experience across all Workfront products and services.

The following table provides details about current and future functionality:

Feature
Legacy Authentication
Enhanced Authentication 1.0
Enhanced Authentication 2.0
Login options
Enable a single username to be used for all Workfront products and services, including training, support, and others
Not available
Not available
Allow using the same email address across Workfront instances

Available as of the 2019.3 release

Available as of the 2019.3 release

Available as of the 2019.3 release

Email addresses are case-insensitive

Available as of the 2019.3 release

Multiple users cannot have the same email address if the address differs only by case.

Multiple users cannot have the same email address if the address differs only by case.

Workfront administrators will be notified toward the end of 2019 to begin fixing duplicate email addresses.

Password management options
Instigate a password reset email for a user as the Workfront administrator
Not available
Set a temporary password for a user as the Workfront administrator

Not planned

This functionality is not a security best practice

Not planned

This functionality is not a security best practice

Password policy requirements
Require users to reset passwords after a certain timeframe
Not planned
Restrict users from using a previous password
Not planned
Safeguard against incorrect password entry attempts

Locks the account after 5 incorrect password entry attempts. The wait time required after lockout is configured by the Workfront administrator

Wait time is exponentially increased after each successive incorrect password based on industry best practices; the time required is not configurable by the Workfront administrator

Uses a lock-out algorithm that proactively blocks a variety of suspicious behavior.

Require a mix of lowercase, uppercase, numbers, and special characters

Enhanced flexibility in choosing specific requirements

Set a minimum password length
Not available
Single Sign-On Protocol support
Supports SSO integrations that are compliant with Active Directory and LDAP protocols

Deprecated

Active Directory, Azure, and LDAP systems should use SAML 2.0

Deprecated

Active Directory, Azure, and LDAP systems can be configured with encrypted SAML 2.0 or OpenID Connect.

Supports SSO protocols that are compliant with SAML 2.0
Supports Open ID Connect protocols
Not available
Not available
Configure the Workfront login page to always redirect to the identity provider login page
Enabled by default and cannot be disabled

Workfront administrator can configure the login page to redirect to the identity provider login page, or can configure a login button or buttons.

Workfront administrators can configure the login page to redirect to the identity provider login page, or can configure a login button or buttons.

Allow each instance to enable multiple SSO providers
N/A
Not planned
Environment support
A single username and password for Preview environments
Not available
Not available
A single username and password for Sandbox environments
Not available
Not available
recommendation-more-help
5f00cc6b-2202-40d6-bcd0-3ee0c2316b43