Establishing an identity policy for your users is an important first step because it dictates how users will log in to access Experience Cloud products.
Q: Should my Experience Cloud users sign in through my company’s established Single Sign-on (SSO) provider ?
A: This is the preferred approach for many organizations as it uses an industry-standard protocol (SAML) which connects enterprise identity management systems to cloud service providers like Adobe.
Ok! I want to leverage SSO, but I don’t know how to set this up with the Experience Cloud. Who can I work with?
A: SSO is usually setup and managed by a company’s Information Technology or Information Systems business unit. Involving these teams is required as there are specific integration settings needed to connect your company’s SSO provider to Admin Console.
How will SSO work for my users?
A: Users that are added to Experience Cloud products through Admin Console as Federated ID users will be able to sign in to the Experience Cloud with the same Single Sign-on credentials they use for other applications/services inside your company (e.g., MS Office 365, Box, Workday, Concur, Etc.)
My company has a really complicated organizational setup – will SSO still work for us?
A: Yes! SSO integrations through Adobe Federated ID will support multiple domains (email address types of your corporate users) and will work across multiple Admin Console setups, or organizations.
What are the benefits of using SSO (Federated ID) for my Experience Cloud users?
- SSO provides a common sign in workflow used by other enterprise apps within your company. When signing in, your end users are redirected to your organization's standard – and familiar – Single Sign-on experience. Because your end-users use your organization's standard identity system, IT doesn't have to manage a separate password management process.
- SSO enables an extra layer of security by restricting ability to sign in from expired/disabled accounts (e.g., employee status is terminated) . When IT/HR removes a user from the enterprise directory, the user no longer has privileges to access the Experience Cloud.
- SSO integrations enable additional security options available through SSO provider (e.g., IP Address restrictions or session timeout)
- Multi-Factor Authentication is supported by most SSO providers, providing an extra layer of sign in security.
- The Azure AD Connector integrates Microsoft Azure Active Directory (AD) with the Adobe Admin Console to simplify the SSO setup process for Azure Identity users. With Azure AD Connector, you can automate the user management and license provisioning workflows to set up SSO in just a few minutes.
- Federated ID and SSO unlocks User Sync, which enables enterprise organizations to manage your Adobe user base and Adobe product access via Active Directory or openLDAP.
What are the steps and how long does this take?
A: Setting up Federated ID/SSO in the Admin Console involves a few key steps, and can be done over the course of a few days if the right personas are involved and ready to make the required steps in Admin Console and the Identity Provider/DNS systems within IT.
Resources
Admin Console Identity Setup Documentation (Includes Domain setup, Directory Setup, and SSO Configuration)
Admin Console Identity Setup Tutorial (Video)
Authenticate your users with Microsoft Azure
Configure Microsoft AD FS for use with Adobe SSO