Establishing an identity policy for your users is an important first step because it dictates how users will log in to access Experience Cloud products.
Q: Should my Experience Cloud users sign in through my company’s established Single Sign-on (SSO) provider ?
A: This is the preferred approach for many organizations as it uses an industry-standard protocol (SAML) which connects enterprise identity management systems to cloud service providers like Adobe.
Ok! I want to leverage SSO, but I don’t know how to set this up with the Experience Cloud. Who can I work with?
A: SSO is usually setup and managed by a company’s Information Technology or Information Systems business unit. Involving these teams is required as there are specific integration settings needed to connect your company’s SSO provider to Admin Console.
How will SSO work for my users?
A: Users that are added to Experience Cloud products through Admin Console as Federated ID users will be able to sign in to the Experience Cloud with the same Single Sign-on credentials they use for other applications/services inside your company (e.g., MS Office 365, Box, Workday, Concur, Etc.)
My company has a really complicated organizational setup – will SSO still work for us?
What are the benefits of using SSO (Federated ID) for my Experience Cloud users?
- SSO provides a common sign in workflow used by other enterprise apps within your company. When signing in, your end users are redirected to your organization's standard – and familiar – Single Sign-on experience. Because your end-users use your organization's standard identity system, IT doesn't have to manage a separate password management process.
- SSO enables an extra layer of security by restricting ability to sign in from expired/disabled accounts (e.g., employee status is terminated) . When IT/HR removes a user from the enterprise directory, the user no longer has privileges to access the Experience Cloud.
- SSO integrations enable additional security options available through SSO provider (e.g., IP Address restrictions or session timeout)
- Multi-Factor Authentication is supported by most SSO providers, providing an extra layer of sign in security.