Difference between revisions of "Adobe Cloud"

From Studentnet Wiki
Jump to navigation Jump to search
 
(8 intermediate revisions by the same user not shown)
Line 6: Line 6:
  
 
#Login to Adobe Admin Console [https://adminconsole.adobe.com/ here]
 
#Login to Adobe Admin Console [https://adminconsole.adobe.com/ here]
#Navigate to Settings>Create Directory
+
#Navigate to '''Settings'''>'''Create Directory'''
 
#Enter a directory name
 
#Enter a directory name
 
#Select Federated ID
 
#Select Federated ID
 
#Adobe will provision the directory. This usually takes up to 48 hours.
 
#Adobe will provision the directory. This usually takes up to 48 hours.
 
+
#After you receive the email from Adobe confirming that your directory is provisioned, configure the SAML settings for the directory.
===SSO Setup with Cloudwork===
 
 
 
After you receive the email from Adobe confirming that your directory is provisioned, configure the SAML settings for the directory.
 
 
 
====SSO requirements====
 
 
 
To successfully set up SSO for Adobe software, IT Admins need the following:
 
 
 
*An understanding of SAML 2.0
 
*An Identity Provider (IdP) that supports SAML 2.0, and at a minimum must have:
 
**IDP Certificate
 
**IDP Login URL
 
**IDP Binding: HTTP-POST or HTTP-Redirect
 
**Assertion consumer service URL
 
*Access to your DNS configuration for the domain claim process
 
 
 
The login URL of the IdP does not need to be externally accessible for users to be able to access it for logging in. However, if it is only reachable within the organization's internal network, users can only log in to Adobe products when they are connected to the organization's internal network either directly, via wifi or via VPN. It is not necessary for the login page to be accessible only via HTTPS, but it is recommended for security reasons.
 
 
 
If your organization wants to test SSO integration, it is recommended that you claim a test domain that you own, as long as your organization has an Identity Provider with identities set up in that test domain. This allows you to test the integration before you claim the main domains, until you feel comfortable with the domain claim and configuration process.
 
  
 
===Verifying Domain with Adobe===
 
===Verifying Domain with Adobe===
Line 40: Line 21:
 
===Configure SAML Settings===
 
===Configure SAML Settings===
  
You can find this information in the Cloudwork Dashboard under Features > Single Sign On > Identity Provider:
+
Adobe will require your school's metadata file.
+
 
*IdP Certificate: Download it from your dashboard
+
Navigate to '''Cloudwork Dashboard'''>'''Single Sign On'''>'''Identity Provider'''>'''XML file'''>'''Download'''<br>[[File:Xml_download.PNG|300px|centre|frame|Location of XML File Download]]
*IdP Binding: Redirect
 
*IdP Issuer: Your Entity ID
 
*IdP Login URL: Your Sign On Endpoint
 
  
 +
===SSO setup with Cloudwork===
 
When prompted to download the metadata file, you can either email it to us and we will import it for you, or you can follow the instructions below:  
 
When prompted to download the metadata file, you can either email it to us and we will import it for you, or you can follow the instructions below:  
  
Line 71: Line 50:
 
8. Click '''Submit'''.
 
8. Click '''Submit'''.
  
9. Proceed with configuring Adobe.
 
 
 
==Migrating Adobe SSO from SHA1 to SHA256==
 
This step is only needed to be done if in the Adobe Admin Console, your directory is complaining of a deprecated IdP certificate.
 
  
'''Adobe Side:'''
 
#In Adobe Admin Console>Settings>Directories.
 
#Select the Edit action for the directory. Then click Details>“Select Add new IdP”
 
#Select Other SAML providers. Click Next.
 
#Save Adobe’s XML file from the Adobe Admin Console
 
#Login to Cloudwork Dashboard, navigate to Single Sign On>Identity Provider
 
#Under XML, Click download and save Cloudwork’s XML file.
 
#Upload Cloudwork’s XML file to the Adobe Admin Console. Then, click Save
 
 
'''Cloudwork Side:'''
 
#Login Cloudwork Dashboard, navigate to Single Sign On>Add New service
 
#Click Adobe Cloud
 
#Upload Adobe’s XML file and click Submit
 
#Go the service>SAML Config>Edit
 
#In Signature Algorithm, select SHA256
 
#Click Submit
 
 
'''Testing SSO Service:'''
 
#In the Adobe Admin Console>Directory details, choose the new authentication profile you just created.
 
#Click Test to verify whether the configuration is set up correctly.
 
#If Test passes, Click Activate to migrate to the new authentication profile. Once done, the new profile displays In use.
 
#After activating, make sure the value of the Subject field in the assertion from the new SAML configuration matches the existing users' username format in the Admin Console.
 
  
  
 
[[Category:Single Sign On Services]]
 
[[Category:Single Sign On Services]]

Latest revision as of 22:52, 23 November 2021

These instructions are for Adobe Single Sign On

SSO Setup with Adobe

To set up a directory:

  1. Login to Adobe Admin Console here
  2. Navigate to Settings>Create Directory
  3. Enter a directory name
  4. Select Federated ID
  5. Adobe will provision the directory. This usually takes up to 48 hours.
  6. After you receive the email from Adobe confirming that your directory is provisioned, configure the SAML settings for the directory.

Verifying Domain with Adobe

  1. Contact Adobe support with the following information:
    • Email address of your Adobe Sign Account Adminstrator
    • The domain that needs to be claimed. Eg. <schoolname>.nsw.edu.au
  2. Wait for a reply from Adobe giving a TXT record.
  3. Publish the TXT record in the domain you wished to claim(This will require you to contact the one in charge of your domain's zone file)

Configure SAML Settings

Adobe will require your school's metadata file.

Navigate to Cloudwork Dashboard>Single Sign On>Identity Provider>XML file>Download

Location of XML File Download

SSO setup with Cloudwork

When prompted to download the metadata file, you can either email it to us and we will import it for you, or you can follow the instructions below:

1. Go to your Cloudwork dashboard.

2. Click Add New Service.

3. Click Upload an XML File.

  • Give the service a recognisable name (eg, Adobe Enterprise), select the file, and click Submit.

4. Go back to the Services List and select the newly created service.

5. Edit the Attribute Map and update the "Maps to" values as follows:

  • First Name: FirstName
  • Last Name: LastName
  • Email: Email

6. Click Submit.

7. In the SAML Configuration section edit the newly created service and change NameID Value to Email or Username, depending on your chosen identifier (ie. the User login setting which you specified on the Adobe form).

8. Click Submit.

Retrieved from "https://wiki.studentnet.net/index.php?title=Adobe_Cloud&oldid=1657"