Azure AD SSO, Azure Sync, Automatic Account Creation

Report · Apr 18, 2025

Our goal: We would like to enable SSO with our Azure AD and then sync users and groups to the Adobe console so that we can automatically assign licenes based on group membership.

A couple question that I have as I have tried to walk through the documentation to setup the SSO and Sync:

During the process of setting up SSO using OIDC, it asks about the "Automatic account creation". Default is enabled. Should this be disabled if we are planning on setting up sync with Azure AD or do they have seperate functions?
During the process of setting up SSO using OIDC, it creates an Enterprise Application in Azure. When setting up the sync (SCIM), should I use this same Enterprise Application provisiong section or should I create a seperate one to use just for the SCIM sync?

Thanks in advance.

Report · Apr 18, 2025

Hi @michaelm12944181,

Thank you for reaching out. Based on your query, it seems that you are looking to enable SSO with Azure AD and sync users and groups to the Adobe Admin Console for automatic license assignment based on group membership. Please confirm if this is the case, and I will be happy to assist you further.

To address your question regarding "Automatic Account Creation" during the OIDC SSO setup with Azure Sync (SCIM):

It is recommended to keep "Automatic Account Creation" enabled. Here's why:

SCIM provisioning automatically creates and manages users and groups in the Adobe Admin Console based on their membership in Azure Active Directory.
OIDC SSO allows users to authenticate and sign in. If a user attempts to log in via SSO before they have been provisioned by SCIM, Automatic Account Creation ensures their account is created on the spot.
This serves as a fallback mechanism for users who may try to log in before SCIM has completed syncing their information, preventing login errors or delays in access.
Once the user is provisioned via SCIM, their account will be managed by Azure Sync, and automatic account creation will no longer apply. This ensures no conflict between the two systems.

Regarding the setup of SCIM: If you’ve already set up Azure AD SSO with OpenID Connect (OIDC), you should create a separate Adobe Identity Management application in Azure AD to configure the directory sync. This ensures the proper setup for SCIM. For more details, please refer to the "Notes prior to sync configuration" section in the following documentation: Add Azure Sync.

If you have any more questions or need further assistance during the setup process, please feel free to let us know. We are happy to help.

Regards,
^AN

Report · Apr 19, 2025

Thank you for your response. That is exactly what I needed to know. I missed that bullet point in the "Notes prior to sync configuration" section of that documentaion page.

Thanks for your help!

Report · Oct 06, 2025

Hi @Anshul_Nautiyal ,

We're also looking at implement Adobe SSO through Entra ID. After going through the your knowledgebase articles, i ran into couple of questions as below:

1. If we implement SSO using this method (Authenticate your users with Microsoft Azure), how can we move non-Federated ID users to Federated ID type without any impact on the User experience (considering our non federated users are approx ~3000 users, so we dont want to create a impact)?

2. Also, Does Automatic assignments rules (for licensing) work for Acrobat Pro DC product with only fonts service enabled?

Regards,

Niranjan

Report · Oct 06, 2025

Hi Niranjan,

Thank you for reaching out.

I appreciate your patience while we wait for Anshul to reply. I’ll do my best to address your questions in the meantime:

Adobe ID to Federated ID Migration
The migration process is automatic, including the transfer of assets. However, users will need to sign in again once the change is complete. You can find detailed guidance on how to proceed with the identity change in this help document:
https://adobe.ly/4gZvHWq
Automatic Assignment Rules
This feature is only available if your organization uses Adobe storage for business, which is being rolled out globally in a phased manner. The following document can help you understand more: https://adobe.ly/4mUkVlI

I hope this helps clarify things. Please feel free to reach out if you have any further questions.

Thanks,
^BS

Report · Oct 07, 2025

Hi @Bani Verma ,

Thanks for your reply and I'll wait for @Anshul_Nautiyal reply as well to have a better understanding.

RE: Automatic Assignment Rules:

For clarity, Our Organisation has Adobe Storage but none of the adobe licensed users use the Adobe storage, Can we still use Automatic Assignment Rules for automated license assignment?

Regards,

Niranjan

Report · Oct 08, 2025

Hi Niranjan,

Every Creative Cloud license includes storage to help users manage their creative assets. To enable the Automatic Assignment Rules feature, organizations must implement Adobe Storage for Business, a centrally managed, enterprise-grade storage solution available exclusively to users with Business IDs or Federated IDs.

Setting up this model involves migrating user accounts from Adobe IDs (personal accounts) to Business or Federated IDs through the Adobe Admin Console. This transition helps ensure that business assets are securely stored within the organization’s cloud environment, offering improved control, governance, and data management.

For more details, you may find these resources helpful:

I hope this helps.

Thanks,
^BS

Azure AD SSO, Azure Sync, Automatic Account Creation

1 Correct answer