User Guide Cancel

Education Deployment Setup With User Sync

Search
Enterprise

Enterprise

Admin Console
  1. Adobe Enterprise & Teams: Administration guide
  2. Plan your deployment
    1. Basic concepts
      1. Licensing
      2. Identity
      3. User management
      4. App deployment
      5. Admin Console overview
      6. Admin roles
    2. Deployment Guides
      1. Named User deployment guide
      2. SDL deployment guide
      3. Deploy Adobe Acrobat 
    3. Deploy Creative Cloud for education
      1. Deployment home
      2. K-12 Onboarding Wizard
      3. Simple setup
      4. Syncing Users
      5. Roster Sync K-12 (US)
      6. Key licensing concepts
      7. Deployment options
      8. Quick tips
      9. Approve Adobe apps in Google Admin Console
      10. Enable Adobe Express in Google Classroom
      11. Integration with Canvas LMS
      12. Integration with Blackboard Learn
      13. Configuring SSO for District Portals and LMSs
      14. Add users through Roster Sync
      15. Kivuto FAQ
      16. Primary and Secondary institution eligibility guidelines
  3. Set up your organization
    1. Identity types | Overview
    2. Set up identity | Overview
    3. Set up organization with Enterprise ID
    4. Setup Azure AD federation and sync
      1. Set up SSO with Microsoft via Azure OIDC
      2. Add Azure Sync to your directory
      3. Role sync for Education
      4. Azure Connector FAQ
    5. Set up Google Federation and sync
      1. Set up SSO with Google Federation
      2. Add Google Sync to your directory
      3. Google federation FAQ
    6. Set up organization with Microsoft ADFS
    7. Set up organization for District Portals and LMS
    8. Set up organization with other Identity providers
      1. Create a directory
      2. Verify ownership of a domain
      3. Add domains to directories
    9. SSO common questions and troubleshooting
      1. SSO Common questions
      2. SSO Troubleshooting
      3. Education common questions
  4. Manage your organization setup
    1. Manage existing domains and directories
    2. Enable automatic account creation
    3. Set up organization via directory trust
    4. Migrate to a new authentication provider 
    5. Asset settings
    6. Authentication settings
    7. Privacy and security contacts
    8. Console settings
    9. Manage encryption  
  5. Manage users
    1. Overview
    2. Administrative roles
    3. User management strategies
      1. Manage users individually   
      2. Manage multiple users (Bulk CSV)
      3. User Sync tool (UST)
      4. Microsoft Azure Sync
      5. Google Federation Sync
    4. Assign licenses to a Teams user
    5. In-app user management for teams
      1. Manage your team in Adobe Express
      2. Manage your team in Adobe Acrobat
    6. Add users with matching email domains
    7. Change user's identity type
    8. Manage user groups
    9. Manage directory users
    10. Manage developers
    11. Migrate existing users to the Adobe Admin Console
    12. Migrate user management to the Adobe Admin Console
  6. Manage products and entitlements
    1. Manage products and product profiles
      1. Manage products
      2. Buy products and licenses
      3. Manage product profiles for enterprise users
      4. Manage automatic assignment rules
      5. Entitle users to train Firefly custom models
      6. Review product requests
      7. Manage self-service policies
      8. Manage app integrations
      9. Manage product permissions in the Admin Console  
      10. Enable/disable services for a product profile
      11. Single App | Creative Cloud for enterprise
      12. Optional services
    2. Manage Shared Device licenses
      1. What's new
      2. Deployment guide
      3. Create packages
      4. Recover licenses
      5. Manage profiles
      6. Licensing toolkit
      7. Shared Device Licensing FAQ
  7. Get started with Global Admin Console
    1. Adopt global administration
    2. Select your organization
    3. Manage organization hierarchy
    4. Manage product profiles
    5. Manage administrators
    6. Manage user groups
    7. Update organization policies
    8. Manage policy templates
    9. Allocate products to child organizations
    10. Execute pending jobs
    11. Explore insights
    12. Export or import organization structure
  8. Manage storage and assets
    1. Storage
      1. Manage enterprise storage
      2. Adobe Creative Cloud: Update to storage
      3. Manage Adobe storage
    2. Asset migration
      1. Automated Asset Migration
      2. Automated Asset Migration FAQ  
      3. Manage transferred assets
    3. Reclaim assets from a user
    4. Student asset migration | EDU only
      1. Automatic student asset migration
      2. Migrate your assets
  9. Manage services
    1. Adobe Stock
      1. Adobe Stock credit packs for teams
      2. Adobe Stock for enterprise
      3. Use Adobe Stock for enterprise
      4. Adobe Stock License Approval
    2. Custom fonts
    3. Adobe Asset Link
      1. Overview
      2. Create user group
      3. Configure Adobe Experience Manager Assets
      4. Configure and install Adobe Asset Link
      5. Manage assets
      6. Adobe Asset Link for XD
    4. Adobe Acrobat Sign
      1. Set up Adobe Acrobat Sign for enterprise or teams
      2. Adobe Acrobat Sign - Team feature Administrator
      3. Manage Adobe Acrobat Sign on the Admin Console
    5. Creative Cloud for enterprise - free membership
      1. Overview
  10. Deploy apps and updates
    1. Overview
      1. Deploy and deliver apps and updates
      2. Plan to deploy
      3. Prepare to deploy
    2. Create packages
      1. Package apps via the Admin Console
      2. Create Named User Licensing Packages
      3. Manage pre-generated packages
        1. Manage Adobe templates
        2. Manage Single-app packages
      4. Manage packages
      5. Manage device licenses
      6. Serial number licensing
    3. Customize packages
      1. Customize the Creative Cloud desktop app
      2. Include extensions in your package
    4. Deploy Packages 
      1. Deploy packages
      2. Deploy Adobe packages using Microsoft Intune
      3. Deploy Adobe packages with SCCM
      4. Deploy Adobe packages with ARD
      5. Install products in the Exceptions folder
      6. Uninstall Creative Cloud products
      7. Use Adobe provisioning toolkit enterprise edition
    5. Manage updates
      1. Change management for Adobe enterprise and teams customers
      2. Deploy updates
    6. Adobe Update Server Setup Tool (AUSST)
      1. AUSST Overview
      2. Set up the internal update server
      3. Maintain the internal update server
      4. Common use cases of AUSST   
      5. Troubleshoot the internal update server
    7. Adobe Remote Update Manager (RUM)
      1. Release notes
      2. Use Adobe Remote Update Manager
    8. Troubleshoot
      1. Troubleshoot Creative Cloud apps installation and uninstallation errors
      2. Query client machines to check if a package is deployed
  11. Manage your Teams account
    1. Overview
    2. Update payment details
    3. Manage invoices
    4. Change contract owner
    5. Change your plan
    6. Change reseller
    7. Cancel your plan
    8. Purchase Request compliance
  12. Renewals
    1. Teams membership: Renewals
    2. Enterprise in VIP: Renewals and compliance
  13. Manage contracts
    1. Automated expiration stages for ETLA contracts
    2. Switching contract types within an existing Adobe Admin Console
    3. Value Incentive Plan (VIP) in China
    4. VIP Select help
  14. Reports & logs
    1. Audit Log
    2. Assignment reports
    3. Content Logs
  15. Get help
    1. Contact Adobe Customer Care
    2. Support options for teams accounts
    3. Support options for enterprise accounts
    4. Support options for Experience Cloud

In this configuration, Federated users are added, updated, and removed using a sync, and the directory can be synced from Microsoft Entra or Google Workspace.  

Common Adobe Education Setup Scenarios

Video Demos 

These videos cover K-12 for Adobe Express. Syncing users and assigning licenses to groups is the same process for Higher Education just with different product names.

Education Setup – Syncing Users 

  1. Create a directory
  2. Configure a Federated Directory
  3. Claim Domain/s
  4. Configure Synchronization 
  5. Prepare product profiles
  6. Assing a Product profile to groups

This guide will cover syncing users from Microsoft Azure (Entra) and Google Workspace for Education.

Alternative syncing options are available, enabling users to sync from an on-premise directory using the User Sync Tool or directly via Adobe’s User Management API https://developer.adobe.com/UMAPI/

  1. Create a directory

    Adobe Admin console > Settings > Create Directory 

    Enter a name for the directory—this is an internal name and is not shared publicly—and select Federated Directory. 

    A screenshot of the Create Directory wizard with a text box for the name of the directory and two cards one for Federated ID and the other for Enterprise ID. The Federated ID card is selected.

  2. Configure a Federated Directory 

    Follow Azure/Entra, Google, or SAML steps to configure the federated directory with your identity provider.  

    On the confirmation screen, set auto account creation to Not enabled. In this setup, users are created and managed via sync.

    A screenshot of the create federated directory wizard displaying the options for Azure, Google and Other SAML

  3. Claim Domain/s

    Once the directory screen is completed, claim domains using a Microsoft Global Admin Account or a Google Super Admin; this will list all available Domain/s in your identity provider console. If your organization is not using Azure/Entra or Google, you can validate domain ownership by creating a DNS text record with your domain registrar. 

    Domain Claim Guide 

    A screenshot of an admin claiming domains in the adobe admin console

    Google Policy Enforced Preventing validating domains?

    If you are blocked during the domain claim process with Google due to an API add the following Client ID 880547366666-6dhr4mqsutv0a98arjksgflfh02kgp98.apps.googleusercontent.com with the following steps.

    1. Google Admin Console > Security > Access and Data Controls > API Controls > Manage Third-Party Apps
      https://admin.google.com/ac/owl/list?tab=configuredApps
      Add App > Search by name or Client ID
    2. Paste the above Client ID 
    3. Search
    4. Select the Adobe App
    5. Enable it for the entire org
    6. Select Trusted

    It can take up to 20 minutes for the Google API to update the permissions.

  4. Configure Synchronization 

    Select the Sync Tab
    From here you select Add sync

    Select sync from Microsoft or Google

    This will then open a configuration window for your selected sync provider.

    Microsoft Sync Setup

    If setting up a new directory, the Adobe Identity Management App is installed during the directory authentication stage. 

    To access the app visit

    Azure > Enterprise Applications > Adobe Identity Management

    Select Provisioning > Get Started

    Copy the values from the Adobe Admin Console sync configuration screen and paste them into the provisioning configuration screen in Azure.

    Test the connection

    You can select the users and groups to which you need to assign license.

    Tip > To test provisioning after selecting the users or groups, choose Provision on demand and identify a user to test the sync.

    After the sync, you can visit the Adobe Admin Console > Users > User Group to see the synced groups and users.

    After testing the sync, please enable it in Azure and confirm the setup on the Adobe Admin Console sync config screen.

    Tip:

    If syncing a large group of >100,000 users, sync a user on demand and then complete the license assignment stage 5.

    Once the license has been assigned to the group, enable the full sync to avoid being unable to assign the licence as the group is too large.

    Google Sync Setup

    If setting up a new directory, the Adobe (SAML) app is installed during the directory authentication stage. 

    To access the app, visit

    Google Admin Console  > AppsWeb and Mobile > Adobe web (SAML)

    Enable the App for everyone or specific OU's

    Select Configure Auto-Provisioning

    Copy the values from the Adobe Admin Console sync configuration screen and paste them into the provisioning configuration screen in Google.

    On the attribute mapping screen, enable the organizational Unit field to sync.

    urn:ietf:params:scim:schemas:extension:Adobe:2.0:User.organizationalUnit to map to Organization unit path

    After completing the wizard > Enable Sync

    Users can take up to 10 minutes to appear in the Adobe Admin Console. 

    A screen Edit autoprovisioning for Adobe selecting the Organizational unit.

    Tip:

    Adding the Organizational Unit Path mapping during the sync configuration will enable the assignment of licenses by group; otherwise, the users are just added to the org with no group membership. 

    Google Sync currently only supports OU’s and not Groups. 

    Google’s OU groups are hierarchical OUs, and they will contain all users in the sync scope. Your organizational Unit Structure in Google determines this. For Example,  

    • OU\ - Contain all users  
    • OU\Students – Contains all students from School A and School B 
    • OU\Students\School A  – Contains all students from School A 
    • OU\Student\School B  – Contains all students from School B
    • OU\Staff\ - Contains all students from School A and School B 
    • OU\Staff\School A  – Contains all Staff from School A 
    • OU\Staff\School B – Contains all staff from School B 

    If an existing Google Sync is configured, edit the auto-provision attribute mapping for the Organizational Unit to automatically trigger a full sync and sync the OU’s to the Adobe Admin Console.

  5. Configure Product Profiles

    For the products you plan to assign to users, select the product and the product profile. Every product will have a default configuration.  

    Adobe Admin Console > Products > Select a Product > Product Profile 

    A screen shot of a product profile with a highlight on the Details button

    The product profile provides the following controls

    • Control Services within the product - Firefly for K-12 
    • License Quota number of licenses that can be assigned from this profile
    • Email notification - Notify users if a license is assigned or removed
    Tip:

    If assigning licenese to multiple users you may choose to turn off email notifications to soft deploy the license to users.

    A screen showing the profile editor turning off email notifications.

  6. Assign a Product Profile to Groups

    Adobe Admin Console > Users > User Groups 

    Select a user group

    Select Assigned Product Profiles 

    A screen of assigning a product profile to a group.

    Here, you can select or change product profiles assigned to the group.

    When a user is synced and added to this group, they will receive the product profiles assigned to the group. If a user is removed from the sync group, for example, they have left the organization, their product assignment from this group will be removed, and the license will be re-assigned to another user.

    You can create multiple product profiles for each product with different settings. If you have more than one product profile for a product, you can select the specific profile when assigning it to the group.

Share Quick Login URL with users

For Adobe Express, share a specific URL with your users. This URL will trigger an SSO login to your primary IDP configured in the directory that owns the domain.

The URL format is 
https://new.express.adobe.com/a/domain.org 
Replace domain.org with a registered of the domains in the directory.

A computer screen shot of a colorful backgroundDescription automatically generated


Pin THE Adobe Express SSO Launch URL to the taskbar of a Chromebook

Google Workspace Admins Only

In the Google Admin Console > Apps & Extensions https://admin.google.com/ac/chrome/apps/user add the following as a URL:

https://new.express.adobe.com/chrome-tab/a/domain.org
Replace domain.org with a domain claimed in your Admin Console federated directory.

To pin to the taskbar, select Force install + Pin to ChromeOS taskbar.

  • If multiple domains are registered in your federated directory, use any one of the domains.
  • If you have multiple directories, you must create a link for each directory using any one of the domains owned by that directory.

User Sync Video Tutorials 

Adobe Express for K-12 User Sync with Microsoft Azure (Entra)

Adobe Express for K-12 User Sync with Google Workspace

 Adobe

Get help faster and easier

New user?

Quick links

View all your plans Manage your plans
View quick links
Hide quick links

Legal Notices    |    Online Privacy Policy