Confused about sso federation

Question

Hey so i have a federeated domain attached to the admin console. We can currently single sign on. I believe this was set up through AD connect but not sure as it was done by a previous person.

The workflow was to create a user in admin console and then single sign on will work with their active directory login.

When i try to enable sync, it wants me to go to azure and set up a sync source. I can follow the instructions, but we already have an item in there called "adobe identity management". I can see users authenticating to this when i use the activity -> sign ins. This application has the id of 6aba272b-e383-44cd-8eda-34c66dfd9546

When i get to the provisioning part, the application says:

Out of the box automatic provisioning to Adobe Identity Management is not supported today. Ensure that Adobe Identity Management supports the SCIM standard for provisioning and request support for the application as described here.

But i can add another application with the same exact name (adobe identity management), but the ID is bc3b7bb4-c5f4-4ce0-9345-12a8fbd56c36 . This has a working provisioning section.

My end goal is to get a bunch of users to sync up to creative cloud so that they can log in using a shared device license. They still appear to need an adobe account, even though the computer has a shared device license. This is all different from the last time i did it and now i am super confused.

Can i set up a paralel sync with the new connector? What should I do here and why is this happening?

was following this guide:

https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/adobe-identity-management-provisioning-tutorial

Under authentication, it says "azure ad OIDC". The domains are there, but the sync section is blank.

I also read this article here: https://helpx.adobe.com/enterprise/using/azure-ad-connector-faq.html

Which says:

If you have a functioning Azure AD Connector in place, we recommend that you keep your current setup. A self-service migration feature will allow you to migrate to the new version of the Azure Sync.

We strongly recommend you to keep your Azure AD Connector setup until the self-serve migration is available. Migrating to the new Azure Sync now might disrupt services and result in loss of assets for your users.

So i need to add 60 users this week and i really dont want to do it manually. I assume they will work and be created as federated users, but again this is a manual process which sucks. Can i use two "adobe identity management" enterprise applications at the same time? or will it break everything?

We strongly recommend you to keep your Azure AD Connector setup until the self-serve migration is available. Migrating to the new Azure Sync now might disrupt services and result in loss of assets for your users.So i need to add 60 users this week and i really dont want to do it manually. I assume they will work and be created as federated users, but again this is a manual process which sucks. Can i use two "adobe identity management" enterprise applications at the same time? or will it break everything?

SuJoshi · Accepted Answer

Hello ,You need to set up a new SAML app with Adobe Identity management which will sync the users to the Adobe admin console. It seems that the setup is not configured properly and I would recommend contacting the support team who would be able to check the settings and will correct them for you. You can check this article for more details: https://helpx.adobe.com/enterprise/admin-guide.html/enterprise/using/add-azure-sync.ug.html

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded