Single Sign-On Questions

Forum|Forum|7 years ago
December 5, 2018
4 replies
810 views

I've got a few questions (hopefully basic questions) in regards to the AdobeID Federated option (using SSO SAML), particularly related to account maintenance.

1. Do we still have to populate the AdobeID directory with users using a flat file? OR is this taken care of using SSO when users try to sign in for the first time? IF they do get added automatically upon the initial sign-in, does the AdobeID account manager have to drop them into the correct product group, or is this done automatically?

2. When we delete users out of our Active Directory, does it also delete their AdobeID?

3. Other than having the same password as their Active Directory password for their AdobeID, is there any substantial benefits from using SSO?

Thanks for anyone's help with this.

This topic has been closed for replies.

Correct answer alisterblack

Hi,

1. You can use a CSV file to upload users to your Admin Console or you can set up the User Synch tool which synchs between your Active Directory and the Admin Console.

2. This only applies if you are using the User Sync tool.

3. Primary benefit of SSO is security. Password details are held on your side and not stored externally. You have control over the account - whereas with Adobe ID the end user has control (they can reset their password, purchase apps and services etc.)

alisterblackCorrect answer

Inspiring

Hi,

1. You can use a CSV file to upload users to your Admin Console or you can set up the User Synch tool which synchs between your Active Directory and the Admin Console.

2. This only applies if you are using the User Sync tool.

3. Primary benefit of SSO is security. Password details are held on your side and not stored externally. You have control over the account - whereas with Adobe ID the end user has control (they can reset their password, purchase apps and services etc.)

M

ManualF150Author

Participant

OK. That's what I thought!

Thank you for confirming this. The way Adobe tech explained it to us over the phone was that if we set up the SSO, that it would have a direct link to our AD environment through SSO and it would automatically sync users and this and that. They obviously were confused (or didn't really know how SSO really worked), even though they said they said (quote-on-quote) "I did thousands of these installations". I tried telling them that's not how SSO works -- it is simply a means of authentication, we'd still have to upload a CSV or use the User Sync Tool.

In any event, I wanted to get a confirmation on this to pass to my team.

I think the students can handle setting up an account and we can just move it around in the Admin console. We already verified our school's domain through the text record in DNS.

So in our case, there really is no point in the federated SSO option adding yet another confusing layer of complexity within our IT department. Instead of it being a end-user computer to Adobe, it would then incorporate Adobe, SSO (like ADFS/SAML), Active Directory, and the end-user computer if we were federated -- way too many wheels turning!!

The only thing I see it benefiting, is if the student changes their school password, it would also change that too if we were SSO federated.

The way we look at it -- eventually the students will be out in the real world, and they will need to remember a different password for the stuff at their job site. Plus we already do this with a number of applications on campus, like Visual Studio, MyITLab, Coursera, etc, etc.

In any event, I appreciate your help!!

I also hope this answer finds others with the same precarious question with an - actual answer.

Have a happy holidays!

M

ManualF150Author

Participant

Bump...

I'm getting desperate...

M

ManualF150Author

Participant

Bump...