So I have two ways I have our Adobe Express connected to our PK-8 teachers currently and am looking for some help. I want the users to be created when they are added into one of our OUs in Google. It looks like that can be achieved through SAML by selecting the Adobe SAML in Google Workspace Admin. However, that gives an error on logging in from the Google Waffle.
I selected Adobe Express and set up OIDC and that let's the users click from the Google Waffle and verify against Google for access. However, this method does not sync the users. It can only be set up to allow auto-creation, meaning that the users have to click on it first before they can be assigned into Adobe Express.
My goal is to have the users synced, so I can add them into the user group ahead of time in the Adobe Console, instead of having them click first then going back to add them after they were denied access into Adobe Express. I know I can upload the CSV file, but that kind of takes the automation out of it.
I currently have the Adobe SAML on for syncing the teachers/Staff ou into the Directory Users and the Adobe Express on for access from the Google Waffle. However, that creates two links in the Google Waffle. I made the Adobe SAML for sync with an X in front and changed the icon to say DO NOT CLICK when hovered over so that it is "hidden" at the bottom of the list.
Is there a better way to accomplish this so that it only has one Adobe link?
If the users are getting added to the Adobe admin console, then it is not a sync issue.
Is it possible to share the screenshot of the error users get when signing in to the federated ID after activating the SAML setup in the Adobe admin console?
If your organization has a Google SAML federation setup, you'll automatically get a Google OIDC federation configuration in the Authentication tab. If you Remove the OIDC configuration, the system automatically recreates the configuration as soon as a user from the associated directory signs in using Continue with Google option.
You can Disable the Google OIDC configuration to prevent the users from signing in using Continue with Google. Once disabled, the system won't create a new Google OIDC configuration.
I am having a somewhat simliar issue.
As we get ready for the start of the school year we have made some significant changes in our Google OU structure that seems to be causing problems with Adobe/Google syncing. Oddly the only error in the Adobe Admin Console is that the Sync failed with no details I can find. And, the Google Auto-Provisioning logs don’t show any problems.
I believe the cause is this: “Failed because OU depth is greater than 10: max depth limit reached” and I maybe need to eliminate the attempt to sync our lowest grade levels of students from the sync to get the OU depth under 10.
On one hand Adobe is encouraging us to deploy Adobe Express for Google to all of our students, but at the same time limiting us to 10 domains. Well, PK-12 = 13+.
I have been in a chat with two different adobe Techs and each of them says let me check with the team and then about five minutes later thank me for my patience, then at the 15 minute mark I get "While this conversation has ended, feel free to come balck anytime you ned help." and have to start over. It's a good thing I can multi-task and I am not desparate for a solution.