Hi @michaelm12944181,
Thank you for reaching out. Based on your query, it seems that you are looking to enable SSO with Azure AD and sync users and groups to the Adobe Admin Console for automatic license assignment based on group membership. Please confirm if this is the case, and I will be happy to assist you further.
To address your question regarding "Automatic Account Creation" during the OIDC SSO setup with Azure Sync (SCIM):
It is recommended to keep "Automatic Account Creation" enabled. Here's why:
-
SCIM provisioning automatically creates and manages users and groups in the Adobe Admin Console based on their membership in Azure Active Directory.
-
OIDC SSO allows users to authenticate and sign in. If a user attempts to log in via SSO before they have been provisioned by SCIM, Automatic Account Creation ensures their account is created on the spot.
-
This serves as a fallback mechanism for users who may try to log in before SCIM has completed syncing their information, preventing login errors or delays in access.
-
Once the user is provisioned via SCIM, their account will be managed by Azure Sync, and automatic account creation will no longer apply. This ensures no conflict between the two systems.
Regarding the setup of SCIM: If you’ve already set up Azure AD SSO with OpenID Connect (OIDC), you should create a separate Adobe Identity Management application in Azure AD to configure the directory sync. This ensures the proper setup for SCIM. For more details, please refer to the "Notes prior to sync configuration" section in the following documentation: Add Azure Sync.
If you have any more questions or need further assistance during the setup process, please feel free to let us know. We are happy to help.
AdChoices