- What is the User Sync Tool?
- Why the User Sync Tool?
- Origins of the User Sync Tool
- Prerequisites to Leverage the User Sync Tool
- Implementation Process
- How to Get Started
What is the User Sync Tool?
The User Sync Tool is a command-line tool that moves user and group information from an organization's Enterprise directory system to the Adobe Admin Console. The key goals of the User Sync Tool are to streamline the process of named user deployment and automate user management for all Enterprise customers.
The User Sync Tool communicates with an Enterprise directory through LDAP protocols (openLDAP), and with Adobe's Admin Console through the Adobe User Management API (UMAPI) in order to update the user account data for your organization. The operation of the tool is controlled by local configuration files and command invocation parameters that provide support for a variety of configurations. You can control, for example, which users are to be synced, how directory groups are to be mapped to Adobe groups and product configurations, and a variety of other options.
Illustrates data flow between Adobe Admin Console and Enterprise Directory
Why the User Sync Tool?
The User Sync Tool allows your organization to automate the management of your Adobe user base and Adobe product access. Implementation of the tool is a simple way to minimize redundant management tasks for your organization's IT department in the administration of identity, users, and product entitlements via directory services, such as Microsoft Active Directory. This is the first step in taking full advantage of great products, like Adobe Portfolio and XD, and leveraging an array of services via your Adobe Admin Console!
Key benefits of implementing the User Sync Tool include:
- Creation of new Adobe accounts when new users appear in the directory
- Update of account information when certain fields in the directory change
- Update of user group and Product Configuration (PC) membership to control allocation of licenses to users
- Deletion management of Adobe accounts when the user is removed from the enterprise directory
- Use of custom directory attributes to control values that map to the Adobe account
Origins of the User Sync Tool
The User Sync Tool was developed by Adobe in an effort to assist customers with the process of named user deployment, as well as to provide automation tools for ongoing user management. With the User Management API (UMAPI) released in 2015, each Enterprise customer was tasked with deploying named users manually to the Adobe Admin Console. The need arose to lower the initial barrier to entry, finding both a quicker deployment method of named users as well as a way to update product entitlements for groups and individual users as an enterprise evolves.
The tool was first released in late 2016 and continues to evolve to accommodate the needs of our enterprise customers. The latest version of the User Sync Tool is available publicly for download as an open-source application via GitHub.
Prerequisites to Leverage the User Sync Tool
The User Sync Tool runs on a command line or from a script, each time looking for differences between the user information in the Enterprise's directory system and the Admin Console. When differences are found, the tool updates the Adobe system to match the Enterprise directory.
There are key prerequisites that an Enterprise should validate prior to beginning the process of named user deployment with the User Sync Tool.
- You must have administrative access to your organization's user data in the Enterprise directory (note that the tool has been verified with both Microsoft Active Directory and OpenLDAP).
- You must be able to grant the tool Read-only directory access.
- You must register the tool as an API client by adding an integration in the Adobe I/O Console.
- You must have already defined User Groups and Product License Configurations in the Adobe Admin Console.
- You must be able to run the User Sync Tool on a server behind your own Enterprise firewall. The VM server must have Python 2.7.9 or higher installed.
Implementation of the User Sync Tool is supported by team members within your Enterprise, including:
- Project Sponsor - Primary Stakeholder with scope, resource allocation, conflict resolution authority
- Project Manager - Project Lead, responsible for task management, risk management
- Enterprise Server Administrator - Authority and knowledge to build VM server, install and run script on server
- Domain Claim - Knowledge and responsibility for managing Domains, DNS Records
- Single Sign-On - Maintains SSO authentication with 3rd party applications
- Enterprise Directory - Oversees centralized Global Directory Services
- Application Deployment - Desktop engineering/app deployment resource regularly distributing software to desktops
A multi-phase approach, the implementation process begins with a definition of your Enterprise's specific requirements, aligning with the provided step-by-step instruction from Adobe to complete deployment to end users. See below for a high-level view of key phases and activities.
User Sync Tool Implementation Workflow
Enterprises are encouraged to leverage the provided documentation to implement the User Sync Tool, with a rollout possible in the matter of weeks. Adobe is also offering assistance with onboarding to a select group of identified Enterprise customers through our Premium Onboarding Program. Working closely with the Adobe Account and Customer Success Managers, the Premium Onboarding Team will guide these customers through the process of named user deployment from beginning to end. The goal of this service is to more quickly align identified customers with the Admin Console and User Sync Tool, ensuring that end users are being exposed to all that Adobe products and services have to offer.
How to Get Started
Ready to get started with the integration and deployment of the User Sync Tool for your Enterprise? We're here to help! Refer to the helpful links below for additional information regarding the tool, setup, integration, and helpful tips and tricks. You can also verify if your Enterprise qualifies for the Premium Onboarding Program by reaching out to your Adobe Customer Success Manager or Account Executive.