Skip to main content
Participant
November 6, 2025
Answered

Close / Migrate personal Accounts from claimed domain

  • November 6, 2025
  • 1 reply
  • 118 views

Hi,

 

our domain is claimed and we enabled the Azure/Entra User Sync for SSO.
Sometimes SSO does not properly because a person has two accounts for our domain.
A business account (created by the Azure Sync) and a personal account which they created themselves some time ago when the domain was not managed.

As a regulatory and legal requirement we need to get rid of those personal accounts.
Either migrate their data to the company account or force the user to change the e-mail address to their personal one. 

How can this be done ?

Correct answer Anshul_Nautiyal

So the personal Accounts dont get "deleted" automatically right ?
Even after 2monts, when the user tries to sign in, the e-mail addres must be changed first, correct ?

Is there a way to configure the creative cloud on windows / mac to only allow login from a certain domain ?
Using Azure Conditional Access etc.


Hi @Marius35702549mihi,

Thank you for reaching out and for your additional questions.

If the admin leaves the optional “Require email change” policy OFF:
• The legacy Adobe ID continues to function as before. Domain Enforcement (DE) blocks the creation of new Adobe IDs under the claimed domain but does not affect existing Adobe IDs.

If the admin turns the “Require email change” policy ON:

The first time a user signs in after the policy is enabled, they will be prompted to change their Adobe ID email to one outside the claimed domain.

A 30-day grace period begins at that first sign-in after the policy is enabled. During this time, the user can continue to access their account while updating the email address.

If the user has not changed the email address within 30 days, sign-in will be blocked until the update is completed. The account and its data remain intact but are inaccessible until the email address is changed.

Regarding your other question:

You can configure enterprise-level authentication settings for this. This allows organizations to define authentication mechanisms for Creative Cloud Desktop applications, including Acrobat Pro. The feature is designed to integrate with your company’s device deployment process and ensures that users signing in are automatically redirected to the organization’s identity provider (IdP) associated with the claimed domain.

For more information, please refer to this documentation: https://adobe.ly/47Rtw36

 

I hope this helps. Please let us know if you need further assistance or have additional questions.

Regards,
^AN

1 reply

Participant
November 6, 2025

Edit: And of cause prevent further creation of unmanaged accounts as this domain is claimed.
We are legally rewuired to prevent impersonation.

Bani Verma
Community Manager
Community Manager
November 6, 2025

Hi @Marius35702549mihi,

 

If users already had personal Adobe IDs under your org’s domain before it was claimed, here’s what you can do:

Migrate Existing Users, ask users to either:

  • Change their Adobe ID email to a personal one (like Gmail) so it’s no longer tied to your domain.
  • Or, migrate their assets to their new Enterprise/Federated ID. This keeps their work intact and aligns with your org’s identity setup.

Here’s Adobe’s guide: https://adobe.ly/47ISykC

 

Also, you can enforce Domain Restrictions to prevent new personal accounts from being created under your domain by enabling Domain Enforcement in the Admin Console. This ensures all users authenticate via your org’s SSO and keeps things secure. More info here: https://adobe.ly/47uL8ms

 

I hope this helps.

 

Thanks,
^BS

Participant
November 10, 2025

Thank you
I enabled these options
What happens after those 30 days grace period ?