Participating Frequently

Question

Federated ID: How can we tell Acrobat DC to sign users in automatically? (SSO)

Forum|Forum|7 years ago
December 6, 2018
2 replies
6263 views

We recently deployed Federated ID with ADFS for our enterprise Acrobat DC subscription. That part is working fine, but now that we're planning our deployment, we seem to be missing a step to get the seamless SSO experience we have with other software we use.

How can we tell Acrobat to automatically sign the user in? Right now, when the user opens Acrobat the first time, they're asked to sign in, click "sign in with an enterprise ID", type their email address, etc. before they can actually use the SSO piece.

Our users log on to their PCs with the same identity the federated ID will use. Is there a registry key or deployment option we can set that will attempt to sign in with the logged in user's identity? We're trying to make this as seamless as possible for our users.

This topic has been closed for replies.

3

3144213661yt

Participant

After much searching this week, I've also concluded that Seamless SSO is simply unsupported with Adobe Enterprise - SSO works fine as described above, but Seamless (no need to enter username) is not a thing yet. I did wonder whether anyone has tried with OIDC (rather than SAML) but without a test tenant I'd have to remove my live configuration to try it - if you've tried and can confirm it does (or doesn't) work that'd be greatly appreciated.
After four years of community requests, Adobe, might it be time to look at this one?

W

walkerm15352597

Participant

Did you ever get an answer to this question AndrewC88 ? We're facing the same.

alisterblack

Community Manager

Hi,

This can be done, although settings are on the IDP side not the Adobe side. For ADFS try the following.

Caveats are that users need to be logged in as a domain user. It does not work for non-domain joined machines and not when outside the network.

1. On your ADFS, verify the Authentication Policies. Set Form Based Authentication for Extranet and Windows Authentication for Intranet.

2. On your client, double check that you're logged in with a Windows Domain user. Also check the user has an Email address and the Email address has been added as a Federated ID to your Creative Cloud Console and has a product assigned to it.

3. On the client, open the "Internet Options" panel. Go to the Security tab and select Local Intranet and click Sites, then "advanced". Add your ADFS URL to the Sites list.

4. Still under "Local Intranet" and "Security Level for this zone", click "Custom Level" and scroll down to "User Authentication" and select "Automatic Login only in Intranet zone". Click Ok to close.

5. Under Internet Options, click the Advanced Tab and scroll down to "Security" and untick the box for "Enable Integrated Windows Authentication". Click ok and close all panels.

6. Close the browser and restart the client.

7. Log back in with your Domain user and browse to https://www.adobe.com or open the Creative Cloud Desktop application. Type in your Federated ID User's Email address and hit the tab key. The browser should now redirect to your ADFS URL and you should automatically be authenticated based on the domain user credentials. If you are attempting the login from a machine outside of your domain, you should be presented with the ADFS Login page.

W

walkerm15352597

Participant

Alister --

this is the behavior we already have.

I suppose the real question is: Can Adobe recognize the user's identity automatically? And if so, how is that configurable?

Thanks,

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded