Loading

Single Sign-on and Experience Cloud A Primer on Federated ID/SSO for Adobe Experience Cloud

Establishing an identity policy for your users is an important first step because it dictates how users will log in to access Experience Cloud products.

Q: Should my Experience Cloud users sign in through my company’s established Single Sign-on (SSO) provider ?

A: This is the preferred approach for many organizations as it uses an industry-standard protocol (SAML) which connects enterprise identity management systems to cloud service providers like Adobe.

Common SSO Experiences across different Identity Providers (IdP)

Ok! I want to leverage SSO, but I don’t know how to set this up with the Experience Cloud. Who can I work with?

A: SSO is usually setup and managed by a company’s Information Technology or Information Systems business unit. Involving these teams is required as there are specific integration settings needed to connect your company’s SSO provider to Admin Console.

Common IT Personas Responsible for SSO Setups

How will SSO work for my users?

A: Users that are added to Experience Cloud products through Admin Console as Federated ID users will be able to sign in to the Experience Cloud with the same Single Sign-on credentials they use for other applications/services inside your company (e.g., MS Office 365, Box, Workday, Concur, Etc.)

Sign in to Experience Cloud through SSO

My company has a really complicated organizational setup – will SSO still work for us?

A: Yes! SSO integrations through Adobe Federated ID will support multiple domains (email address types of your corporate users) and will work across multiple Admin Console setups, or organizations.

Multiple Domains work with one SSO setup, while many organizations can leverage one SSO setup.

What are the benefits of using SSO (Federated ID) for my Experience Cloud users?

  • SSO provides a common sign in workflow used by other enterprise apps within your company. When signing in, your end users are redirected to your organization's standard – and familiar – Single Sign-on experience. Because your end-users use your organization's standard identity system, IT doesn't have to manage a separate password management process.
Common SaaS applications that use SSO
  • SSO enables an extra layer of security by restricting ability to sign in from expired/disabled accounts (e.g., employee status is terminated) . When IT/HR removes a user from the enterprise directory, the user no longer has privileges to access the Experience Cloud.
Users who are no longer in the IT SSO directory will not be able to access Experience Cloud through Federated ID
  • SSO integrations enable additional security options available through SSO provider (e.g., IP Address restrictions or session timeout)
Common SSO Provider Settings for SaaS Apps (Azure Active Directory)
  • Multi-Factor Authentication is supported by most SSO providers, providing an extra layer of sign in security.
Common Multi-Factor Authentication Methods
  • Federated ID and SSO unlocks User Sync, which enables enterprise organizations to manage your Adobe user base and Adobe product access via Active Directory or openLDAP.
Illustrates data flow between Adobe Admin Console and Enterprise Directory

What are the steps and how long does this take?

A: Setting up Federated ID/SSO in the Admin Console involves a few key steps, and can be done over the course of a few days if the right personas are involved and ready to make the required steps in Admin Console and the Identity Provider/DNS systems within IT.

High Level Workflow for Federated ID Setup in Admin Console

Resources

Admin Console Identity Setup Documentation (Includes Domain setup, Directory Setup, and SSO Configuration)

Admin Console Identity Setup Tutorial (Video)

Configure Federated ID Tutorial (Video)

Single Sign-On common questions

Adobe-supported identity types

Created By
Ryan Monger
Appreciate