Connecting Adobe with AAD and G Suite

Did you know that Adobe has tools available to link their Creative Cloud suite with Azure Active Directory and with G Suite? The benefit of this is that it’ll provide Single Sign On (SSO) for your users as well as allowing you to automatically create user groups in Azure Active Directory / G Suite which will provide Creative Cloud access to users.

Azure Active Directory integration

You can configure SSO with Azure Active Directory to manage users and licensing for Adobe apps via the Adobe Admin Console and the Azure AD Connector.

Once the connector is set up, all users and groups are synced from Azure AD to Adobe Admin – users who are part of groups you choose to set up in Azure AD for Adobe licensing will have their licenses added or revoked depending on their membership status of the aforementioned groups. 

To set up integration between Adobe Admin Console and Azure Active Directory you will need the below pre-requisites:
            – Microsoft Azure AD will need to be the identity provider (IdP) in Adobe Admin
            – You’ll need Creative Cloud for Enterprise, Document Cloud for Enterprise or Experience Cloud

The Azure Active Directory connector which is used by Adobe will support both individual sites and Multi-Academy Trusts – it supports both single Azure AD tenancies and multiple Azure AD tenancies.

It’s recommended that when setting up the integration you create security groups in Azure Active Directory for the licenses or access levels you require – these can then be set up with rules once they sync into Adobe to automatically issue and revoke licenses. For example, you can create security groups titled ‘SEC-Adobe-FullSuite’ for those users you wish to have access to the full Creative Cloud suite.

To set up the connector, once your Azure AD console is ready, sign into the Adobe Admin Console and choose Settings – Identity – Create Directory. Select the Federated ID card and choose Microsoft Azure. At this point you should be prompted to log in to Microsoft – use credentials of an account with the Microsoft Global Administrator role. After signing in, you’ll be prompted for which domains you would like to sync. After choosing your domain(s) to sync, you are then prompted to choose which Groups within Azure you would like to sync as the final stage of setup.

For full instructions in setting up the Azure Active Directory connector for Adobe, please visit the below URL:
https://helpx.adobe.com/enterprise/using/sso-setup-azure.html

G-Suite integration

The Google federation will connect your Google Admin console to Adobe Admin Console to help with SSO setup. At this time the Google Connector with Adobe will only import all G-suite users – it can’t see security groups. As such, if you are using G Suite and looking for integration and also require different entitlements for different users you will need to upload CSVs in the usual manual way.

Due to the above, it’s recommended that the Google connector for Adobe is used for SSO only rather than SSO and licensing.

To set up integration between Adobe Admin Console and G-Suite you will need the below pre-requisites:
            – Google will need to be the identity provider (IdP) in Adobe Admin
            – You’ll need Creative Cloud for Enterprise, Document Cloud for Enterprise or Experience Cloud
            – You’ll need a super-admin account within Google Admin to use

The G Suite connector which is used by Adobe will support both individual sites and Multi-Academy Trusts – it supports both single and multiple Google tenancies.

To set up the connector, once your Google Admin console is ready, sign into the Adobe Admin Console and choose Settings – Identity – Create Directory. Select the Federated ID card and choose Google. At this point you should be prompted to log in to Google – use credentials of a super-admin account. After signing in, you’ll be prompted for which domains you would like to sync.

Note: you’ll be prompted to set up a SAML app to sync users between Google & Adobe. For more information on setting this up please visit the URL at the bottom of this blog post.

You will then need to return to the Google Admin Console to complete setup – within Apps – SAML Apps you will be able to change the service status and provisioning status for the newly created Adobe SAML app to ‘ON for everyone’.

For full instructions in setting up the Google connector for Adobe, please visit the below URL:
https://helpx.adobe.com/uk/enterprise/using/setup-sso-google.html