Configure Okta for use with Adobe SSO

Applies to enterprise.

Overview

The Adobe Admin Console allows a system administrator to configure domains which are used for login via Federated ID for Single Sign-On (SSO). Once the domain is verified, the directory containing the domain is configured to allow users to log in to Creative Cloud. Users can log in using email addresses within that domain via an Identity Provider (IdP). The process is provisioned either as a software service which runs within the company network and is accessible from the Internet or a cloud service hosted by a third party that allows for the verification of user login details via secure communication using the SAML protocol.

One such IdP is Okta, a cloud service which facilitates secure identity management.

Configure single sign-on using Okta

To configure single sign-on for your domain, do the following:

  1. Sign in to the Admin Console and start with creating a Federated ID directory, selecting Other SAML Providers as the identity provider. Copy the values for ACS URL and Entity ID from the Add SAML Profile screen.
  2. Configure Okta specifying the ACS URL and Entity ID, and download the Okta metadata file.
  3. Return to the Adobe Admin Console and upload the Okta metadata file in the Add SAML Profile window and click Done.

Configure Okta

Ensure that you have an Okta dashboard configured and accessible with administrative rights for the domain in question. To set up SSO with Okta, do the following:

  1. On the Okta dashboard, navigate to Applications > Add Application, and click Create New App.

  2. Fill-out the general settings as below, and click Next.

    • App name: Adobe Creative Cloud
    • App visibility:
      • Select Do not display application icon to users.
      • Select Do not display application icon in the Okta Mobile app.

  3. Click Show Advanced Settings.

  4. Modify the Attribute Statements as follows:

    • FirstName = user.firstName
    • LastName = user.lastName
    • Email = user.email

  5. Enter the Entity ID and ACS URL copied from the Adobe Admin Console.

  6. Click Finish and access the newly created Adobe Creative Cloud app.

  7. Download the metadata file from the Okta Dashboard to upload to the Adobe Admin Console.

Upload IdP metadata file to Adobe Admin Console

To update the latest certificate to the Adobe Admin Console, return to the Adobe Admin Console. Upload the certificate downloaded from Okta, to the Add SAML profile screen and click Done.

Test your setup

Check the user access for a user who you have defined in your own identity management system and in the Adobe Admin Console, by logging in to the Adobe website or the Creative Cloud desktop app.

If you encounter problems, see our troubleshooting document.

If you need assistance with your Okta single sign-on configuration, navigate to Adobe Admin Console > Support to contact us.

Get help faster and easier

New user?