• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

SCIM with Azure

New Here ,
Jan 18, 2021 Jan 18, 2021

Copy link to clipboard

Copied

I would like to get some confirmation...I, perhaps missed it from some of the online documentation and for that I apologize.

 

I am planning the implementation of SCIM with AzureAD.  When setting up SCIM provisioning, I am using groups (not just one, but 5 to govern SSO access).

1.  If an account is being deleted (deprovision) from one of those groups, and that account does not belong to any other groups, will the cred in Adobe portal removed automatically (is this configurable?)?

2.  In terms of assigning license to individual user, this task remains manual under the current SCIM design (ie. our corporate Adobe Admin)?   For example, if a new user added to one of the groups, the user will get created in Adobe admin portal, and then our admin will assign license to that user through the portal?  

TOPICS
Admin console , Enterprise , Identity and SSO , Licensing , Manage account , Users and groups

Views

1.0K

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

Adobe Employee , Jan 28, 2021 Jan 28, 2021

Hello Vince, responses to your questions below:

 

  1. When a user is removed from an in-scope security AD group in Azure, upon the next sync that user will be removed from the synced user group in the Adobe Admin Console. If they do not belong to any other user groups or have any other licenses provisioned, their account will be removed from the Users list in the Users tab. Note that this process does not permanently delete the user’s federated account, which can still be found under Users> Directo
...

Votes

Translate

Translate
Adobe Employee ,
Jan 28, 2021 Jan 28, 2021

Copy link to clipboard

Copied

LATEST

Hello Vince, responses to your questions below:

 

  1. When a user is removed from an in-scope security AD group in Azure, upon the next sync that user will be removed from the synced user group in the Adobe Admin Console. If they do not belong to any other user groups or have any other licenses provisioned, their account will be removed from the Users list in the Users tab. Note that this process does not permanently delete the user’s federated account, which can still be found under Users> Directory Users. If the user was removed from the AD group mistakenly, they can simply be added back to the in-scope group and upon next sync, their account will be added back to the Users list as well as the synced user group. If the user account was meant to be removed from the AD group and their Adobe account is no longer required, a System Administrator can choose to permanently delete the user’s account in the Directory Users list. Read more about disabling users and groups with the Azure Sync under Disable users and groups.
  2. As a System or User Group Admin, you can assign a product profile to any user group within the Adobe Admin Console. When assigning a product profile to a user group, all users within that group will receive automatic access to the license of the assigned profile. As an example, you have a group in AD that contains all users who require access to Acrobat Pr. Once that group and the contained users are synced to the Adobe Admin Console, the System or User Group Admin of that group can assigned the default Acrobat Pro product profile to that group, and every user within the group will be provisioned a license for Acrobat Pro frorm the assigned profile. Going forward, any users added to the synced group from AD will also receive automatic access to the Acrobat Pro license. Read more about assigning product profiles to user groups under Assign Product Profiles to User Groups.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines