User Guide Cancel

Education Deployment Setup Concepts

Search
Enterprise

Enterprise

Admin Console
  1. Adobe Enterprise & Teams: Administration guide
  2. Plan your deployment
    1. Basic concepts
      1. Licensing
      2. Identity
      3. User management
      4. App deployment
      5. Admin Console overview
      6. Admin roles
    2. Deployment Guides
      1. Named User deployment guide
      2. SDL deployment guide
      3. Deploy Adobe Acrobat 
    3. Deploy Creative Cloud for education
      1. Deployment home
      2. K-12 Onboarding Wizard
      3. Simple setup
      4. Syncing Users
      5. Roster Sync K-12 (US)
      6. Key licensing concepts
      7. Deployment options
      8. Quick tips
      9. Approve Adobe apps in Google Admin Console
      10. Enable Adobe Express in Google Classroom
      11. Integration with Canvas LMS
      12. Integration with Blackboard Learn
      13. Configuring SSO for District Portals and LMSs
      14. Add users through Roster Sync
      15. Kivuto FAQ
      16. Primary and Secondary institution eligibility guidelines
  3. Set up your organization
    1. Identity types | Overview
    2. Set up identity | Overview
    3. Set up organization with Enterprise ID
    4. Setup Azure AD federation and sync
      1. Set up SSO with Microsoft via Azure OIDC
      2. Add Azure Sync to your directory
      3. Role sync for Education
      4. Azure Connector FAQ
    5. Set up Google Federation and sync
      1. Set up SSO with Google Federation
      2. Add Google Sync to your directory
      3. Google federation FAQ
    6. Set up organization with Microsoft ADFS
    7. Set up organization for District Portals and LMS
    8. Set up organization with other Identity providers
      1. Create a directory
      2. Verify ownership of a domain
      3. Add domains to directories
    9. SSO common questions and troubleshooting
      1. SSO Common questions
      2. SSO Troubleshooting
      3. Education common questions
  4. Manage your organization setup
    1. Manage existing domains and directories
    2. Enable automatic account creation
    3. Set up organization via directory trust
    4. Migrate to a new authentication provider 
    5. Asset settings
    6. Authentication settings
    7. Privacy and security contacts
    8. Console settings
    9. Manage encryption  
  5. Manage users
    1. Overview
    2. Administrative roles
    3. User management strategies
      1. Manage users individually   
      2. Manage multiple users (Bulk CSV)
      3. User Sync tool (UST)
      4. Microsoft Azure Sync
      5. Google Federation Sync
    4. Assign licenses to a Teams user
    5. In-app user management for teams
      1. Manage your team in Adobe Express
      2. Manage your team in Adobe Acrobat
    6. Add users with matching email domains
    7. Change user's identity type
    8. Manage user groups
    9. Manage directory users
    10. Manage developers
    11. Migrate existing users to the Adobe Admin Console
    12. Migrate user management to the Adobe Admin Console
  6. Manage products and entitlements
    1. Manage products and product profiles
      1. Manage products
      2. Buy products and licenses
      3. Manage product profiles for enterprise users
      4. Manage automatic assignment rules
      5. Entitle users to train Firefly custom models
      6. Review product requests
      7. Manage self-service policies
      8. Manage app integrations
      9. Manage product permissions in the Admin Console  
      10. Enable/disable services for a product profile
      11. Single App | Creative Cloud for enterprise
      12. Optional services
    2. Manage Shared Device licenses
      1. What's new
      2. Deployment guide
      3. Create packages
      4. Recover licenses
      5. Manage profiles
      6. Licensing toolkit
      7. Shared Device Licensing FAQ
  7. Get started with Global Admin Console
    1. Adopt global administration
    2. Select your organization
    3. Manage organization hierarchy
    4. Manage product profiles
    5. Manage administrators
    6. Manage user groups
    7. Update organization policies
    8. Manage policy templates
    9. Allocate products to child organizations
    10. Execute pending jobs
    11. Explore insights
    12. Export or import organization structure
  8. Manage storage and assets
    1. Storage
      1. Manage enterprise storage
      2. Adobe Creative Cloud: Update to storage
      3. Manage Adobe storage
    2. Asset migration
      1. Automated Asset Migration
      2. Automated Asset Migration FAQ  
      3. Manage transferred assets
    3. Reclaim assets from a user
    4. Student asset migration | EDU only
      1. Automatic student asset migration
      2. Migrate your assets
  9. Manage services
    1. Adobe Stock
      1. Adobe Stock credit packs for teams
      2. Adobe Stock for enterprise
      3. Use Adobe Stock for enterprise
      4. Adobe Stock License Approval
    2. Custom fonts
    3. Adobe Asset Link
      1. Overview
      2. Create user group
      3. Configure Adobe Experience Manager Assets
      4. Configure and install Adobe Asset Link
      5. Manage assets
      6. Adobe Asset Link for XD
    4. Adobe Acrobat Sign
      1. Set up Adobe Acrobat Sign for enterprise or teams
      2. Adobe Acrobat Sign - Team feature Administrator
      3. Manage Adobe Acrobat Sign on the Admin Console
    5. Creative Cloud for enterprise - free membership
      1. Overview
  10. Deploy apps and updates
    1. Overview
      1. Deploy and deliver apps and updates
      2. Plan to deploy
      3. Prepare to deploy
    2. Create packages
      1. Package apps via the Admin Console
      2. Create Named User Licensing Packages
      3. Manage pre-generated packages
        1. Manage Adobe templates
        2. Manage Single-app packages
      4. Manage packages
      5. Manage device licenses
      6. Serial number licensing
    3. Customize packages
      1. Customize the Creative Cloud desktop app
      2. Include extensions in your package
    4. Deploy Packages 
      1. Deploy packages
      2. Deploy Adobe packages using Microsoft Intune
      3. Deploy Adobe packages with SCCM
      4. Deploy Adobe packages with ARD
      5. Install products in the Exceptions folder
      6. Uninstall Creative Cloud products
      7. Use Adobe provisioning toolkit enterprise edition
    5. Manage updates
      1. Change management for Adobe enterprise and teams customers
      2. Deploy updates
    6. Adobe Update Server Setup Tool (AUSST)
      1. AUSST Overview
      2. Set up the internal update server
      3. Maintain the internal update server
      4. Common use cases of AUSST   
      5. Troubleshoot the internal update server
    7. Adobe Remote Update Manager (RUM)
      1. Release notes
      2. Use Adobe Remote Update Manager
    8. Troubleshoot
      1. Troubleshoot Creative Cloud apps installation and uninstallation errors
      2. Query client machines to check if a package is deployed
  11. Manage your Teams account
    1. Overview
    2. Update payment details
    3. Manage invoices
    4. Change contract owner
    5. Change your plan
    6. Change reseller
    7. Cancel your plan
    8. Purchase Request compliance
  12. Renewals
    1. Teams membership: Renewals
    2. Enterprise in VIP: Renewals and compliance
  13. Manage contracts
    1. Automated expiration stages for ETLA contracts
    2. Switching contract types within an existing Adobe Admin Console
    3. Value Incentive Plan (VIP) in China
    4. VIP Select help
  14. Reports & logs
    1. Audit Log
    2. Assignment reports
    3. Content Logs
  15. Get help
    1. Contact Adobe Customer Care
    2. Support options for teams accounts
    3. Support options for enterprise accounts
    4. Support options for Experience Cloud

This page covers background information for user management and application deployment.

Key Areas Covered

Common Adobe Education Setup Scenarios

Single Sign-on

To configure Single Sign-on, your license type must be Enterprise Licenses.

The following are key components of an Adobe Single Sign-on Setup

Directory

A directory contains the authentication configuration for a specific domain group of domains. The admin console supports multiple directories.

Domains

A fully qualified domain, ownership is proven via a DNS token or logging in as a Microsoft or Google admin. Only one directory can own a specific domain.

Federated Directory

A directory connected to an identity provider using SAML or OIDC.

User Sync

Federated Directories enabled users to be synced via Google Workspace or Microsoft 365.

Microsoft Azure Sync allows users or groups, including dynamic groups, to be assigned to the enterprise application.
If syncing nested groups from Microsoft, you must include all the groups in the nest.

Google Workspace Sync doesn't support Groups; you can configure the sync to share Organizational Units (OU).

Roster Syncing is available for K-12 in the US.

The roster sync becomes your source of truth for automated user creation and management. If moving from Google or Microsoft sync to a Roster solution, please ensure all users are included in the sync scope of your roster tool.

Note:

Typically, only classroom staff and students are synced from the Roster; admins can manually add users outside the sync scope, and these users will require manual updating.

Alternative (Advanced) Sync Options

Organizations that are unable to use Azure, Google Workspace, Clever or Classlink can use the Adobe User Management API or the User Sync Tool to manage users from other sources.

Tip:

It is possible to set Google as the primary identity provider and sync from Microsoft Entra to the Adobe Directory, enabling Group sync functionality in situations where email addresses match on both systems.

Note:
  • A single Microsoft Entra tenant can sync to multiple Adobe Admin Console Directories.
  • Each directory must have a unique domain name
  • Each Adobe Directory sync will require a new Adobe Identity Management App instance.
  • Rename each instance to enable simple identification of the correct syncing application. Also, ensure that only users from the owned domain are synced to the correct Adobe Admin Directory.

For Google, when syncing users, we recommend syncing your Google OUs; this enables you to assign licenses or product profiles to a specific OU.

Only a single Google SAML App can be installed in a Google Workspace tenant, limiting the sync from Google Workspace to a single Adobe Directory.

Enterprise Directory

An enterprise directory requires the admin to have proven ownership of domains. Users are added to the Adobe Admin Console and will receive an invite link. They then must create a password.

To reset the password, the user must select the reset password option at any Adobe sign-in screen.

Tip:

We recommend using a Federated Directory with education users as this supports user sync and authentication from your existing Identity Provider.

Migrate users from Enterprise to Federated Directory guide.

Moving users and assets across admin consoles

Moving or merging users and their user-generated content from one Adobe Admin Console to another is not currently possible.

If your organization has an existing Adobe Admin Console, configure your deployment on this console.

How do I find the Free Licenses in my console?

K-12 (Primary and Secondary)

To access Adobe Express for free in your console, visit 

Adobe Admin Console > Products > Adobe Express for K-12 Get started

Higher Education 

If you purchased Shared Device Licenses for Higher Education deploy the unlimited Shared Device Access License to enable users logging in to a Shared Device Licence to use fonts, storage and Gen Ai in your console, visit 

Adobe Admin Console > Products > Shared Device Access License > Get started

Directory Structure Considerations

The structure of the organization’s productivity platform will influence the Adobe Admin console configuration.

For complex organizations Global Admin Console can support multiple console and license management. 

Productivity Configuration

Sync Source Azure

Sync Source Google

Single school
Single domain

A single Adobe Admin with a single Federated Directory

A single Adobe Admin with a single Federated Directory

Multiple schools
Single Domain

A single Adobe Admin with a single Federated Directory

A single Adobe Admin with a single Federated Directory

Multiple schools
Multiple domains
Multiple Azure/Google tenants

Single Adobe Admin console with multiple directories

Or

One Adobe Admin with a single Federated Directory per domain

Single Adobe Admin console with multiple directories

Or

One Adobe Admin with a single Federated Directory per domain

Multiple schools
Multiple domains
Single Google/Azure tenant

Single Adobe Admin console with a single directory

Or
Single Adobe Admin console with a directory for each domain

Or
One Adobe Admin console with one directory per domain

Single Adobe Admin console with a single directory

Creative Cloud All Apps Deployment Options

Shared device Licenses

These are managed packages linked to a Shared Device profile. When building deployment packages, create two separate packages for each application, e.g., Photoshop and Illustrator.

Tip:

For the Shared Device License, we recommend assigning Adobe Express for K-12 for K-12 users and Creative Cloud Shared Device Access license to Higher Education users, as this provides access to services including Firefly, Fonts, and Storage.

Deployment Packages are built in the Adobe Admin Console 

Adobe Admin Console > Packages

Adobe Packages Guide  

Named User

Home Access

Users with a Named User License can visit https://adobe.com/home and download Creative Cloud onto their own devices at home.

Self-Service

These packages install the Adobe Creative Cloud Desktop App with elevated privileges. Once the user signs in with their Adobe Account with an All Apps License, they can install and update the apps on their device without requiring an IT Admin to log in.

Managed

This type of package is limited to the applications selected by the admin when creating the package, this prevents the end-user from being able to install additional applications or upgrade the existing applications installed. It is recommended to create a separate package for each application e.g. Adobe Photoshop, Adobe Illustrator, Adobe InDesign as three separate packages.

Adobe Enterprise Device Authentication

For organization-owned devices, the admin can add a registry edit or plist file to force users to log in via the organization's primary identity provider removing social login options.

Enterprise Device Authentication Guide

 Adobe

Get help faster and easier

New user?

Quick links

View all your plans Manage your plans
View quick links
Hide quick links

Legal Notices    |    Online Privacy Policy