Highlighted

Federated ID: How can we tell Acrobat DC to sign users in automatically? (SSO)

Community Beginner ,
Dec 06, 2018

Copy link to clipboard

Copied

We recently deployed Federated ID with ADFS for our enterprise Acrobat DC subscription. That part is working fine, but now that we're planning our deployment, we seem to be missing a step to get the seamless SSO experience we have with other software we use.

How can we tell Acrobat to automatically sign the user in? Right now, when the user opens Acrobat the first time, they're asked to sign in, click "sign in with an enterprise ID", type their email address, etc. before they can actually use the SSO piece.

Our users log on to their PCs with the same identity the federated ID will use. Is there a registry key or deployment option we can set that will attempt to sign in with the logged in user's identity? We're trying to make this as seamless as possible for our users.

Views

1.2K

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

Federated ID: How can we tell Acrobat DC to sign users in automatically? (SSO)

Community Beginner ,
Dec 06, 2018

Copy link to clipboard

Copied

We recently deployed Federated ID with ADFS for our enterprise Acrobat DC subscription. That part is working fine, but now that we're planning our deployment, we seem to be missing a step to get the seamless SSO experience we have with other software we use.

How can we tell Acrobat to automatically sign the user in? Right now, when the user opens Acrobat the first time, they're asked to sign in, click "sign in with an enterprise ID", type their email address, etc. before they can actually use the SSO piece.

Our users log on to their PCs with the same identity the federated ID will use. Is there a registry key or deployment option we can set that will attempt to sign in with the logged in user's identity? We're trying to make this as seamless as possible for our users.

Views

1.2K

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Community Beginner ,
Jan 29, 2019

Copy link to clipboard

Copied

Did you ever get an answer to this question AndrewC88​ ? We're facing the same.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Adobe Employee ,
Jan 30, 2019

Copy link to clipboard

Copied

Hi,

This can be done, although settings are on the IDP side not the Adobe side. For ADFS try the following.

Caveats are that users need to be logged in as a domain user. It does not work for non-domain joined machines and not when outside the network.

1. On your ADFS, verify the Authentication Policies. Set Form Based Authentication for Extranet and Windows Authentication for Intranet.

2. On your client, double check that you're logged in with a Windows Domain user. Also check the user has an Email address and the Email address has been added as a Federated ID to your Creative Cloud Console and has a product assigned to it.

3. On the client, open the "Internet Options" panel. Go to the Security tab and select Local Intranet and click Sites, then "advanced".  Add your ADFS URL to the Sites list.

4. Still under "Local Intranet" and "Security Level for this zone", click "Custom Level" and scroll down to "User Authentication" and select "Automatic Login only in Intranet zone". Click Ok to close. 

5. Under Internet Options, click the Advanced Tab and scroll down to "Security" and untick the box for "Enable Integrated Windows Authentication". Click ok and close all panels.

6. Close the browser and restart the client.

7. Log back in with your Domain user and browse to https://www.adobe.com or open the Creative Cloud Desktop application. Type in your Federated ID User's Email address and hit the tab key. The browser should now redirect to your ADFS URL and you should automatically be authenticated based on the domain user credentials. If you are attempting the login from a machine outside of your domain, you should be presented with the ADFS Login page.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Community Beginner ,
Jan 30, 2019

Copy link to clipboard

Copied

Alister --

this is the behavior we already have.

I suppose the real question is: Can Adobe recognize the user's identity automatically? And if so, how is that configurable?

Thanks,

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Adobe Employee ,
Jan 31, 2019

Copy link to clipboard

Copied

Hi,

No this is purely handled on the IDP side not by the Adobe application.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Community Beginner ,
Feb 13, 2019

Copy link to clipboard

Copied

Hi alisterblack​,

As walkerm15352597​ said, the behavior you describe in your reply above is how it works currently. The IDP part of the process handles authentication as expected for us.

The part I'm trying to eliminate or automate is the part where the Adobe application wants users to click "sign in" and then enter their email address and click "Enterprise ID" to be passed off to the IDP.

There should be a way to detect that the logged in user has a federated ID and sign in that way without requiring user intervention. This is how it works for many of our other applications that support SSO (Microsoft Office, Zoom, ShareFile, etc.).

Some of the apps I've configured have a deployment, registry, or group policy setting to tell the application to log in using SSO automatically. I'm looking for something like that for our Adobe applications.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Community Beginner ,
Feb 13, 2019

Copy link to clipboard

Copied

Following up on this as I eventually opened a ticket with Enterprise support. For federated logins Adobe only allows SA initiated single sign on, not IDP. Apparently it is a highly requested feature and is ''in development".

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Community Beginner ,
Oct 04, 2019

Copy link to clipboard

Copied

This is disappointing. Has there been any progress on this ability?

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
New Here ,
Oct 28, 2019

Copy link to clipboard

Copied

Is there any update to this request?  We would like to provide a seamless SSO experience for our Acrobat users.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
New Here ,
May 05, 2020

Copy link to clipboard

Copied

any updates on this? we are looking to switch from classic to continous and this aspect is killing us. every other software we use lets us prepopulate users info and automate said process. i have even found a way to get current user first, last name, and email and can apply to registry but there are no keys to prepopulate said info and users still have to click enterprise id, type in email and then activate.

 

i plan to put a ticket into support also.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...