Enterprise Device Authentication Management for Creative Cloud Desktop Applications and Acrobat Pro

Search

Applies to:

  • Persona: System Administrator
  • OS: macOS and Windows
  • Device: Company-owned desktop machines
  • Surface: Latest Version of Creative Cloud & Acrobat Pro desktop applications

Currently does not support:

  • Web services (such as Adobe Sign, Adobe Assets, Adobe Libraries)
  • Mobile Applications
  • Acrobat Reader
  • Dreamweaver

Overview

Enterprise level configuration setting enables organizations to configure the authentication mechanism for Creative Cloud Desktop Applications including Acrobat Pro Desktop. The feature is intended to be combined with the company’s device deployment mechanism. Using this configuration, you can ensure that when your users sign in, they are automatically re-directed to the companies’ IDP with the claimed domain.

Note:

To enable this functionality, a company will need to claim the domain on the Adobe Admin Console. Also, a company may claim multiple domains, but a policy must resolve to a single claimed domain on a given machine. If you have claimed multiple domains, you may choose to redirect different users to different domains.

Benefits of customizing authentication choices

Configuring your organization's authentication settings can benefit you in the following ways:

 Automatically redirect users to companies’ identity provider at app launch for domains claimed in the Admin Console

 Restrict sign-in with Organizational IDs only

 Remove Social Sign-In options from the Authentication screen

Configure device for Enterprise Device Authentication Management

To configure Enterprise Device Authentication Management for a device in your organization perform the following steps (based on the OS of the device)

macOS

  1. Create a plist file that specifies the claimed domain to which the user is redirected.

    <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
    <dict>
        <key>AuthInfo</key>
        <dict>
            <key>login_domain</key>
            <string>@<your claimed domain>   </string>
        </dict>
    </dict>
</plist>

  2. Place the plist file in the following location on the device:

    /Library/Preferences/com.adobe.NGL.AuthInfo.plist

  3. Restart the Creative Cloud desktop app.

    To do this, we recommend that you restart the device.

Windows

  1. Open Windows Registry Editor.
    Press Windows + R, type regedit and press Enter.

  2. Navigate to the following location:

    Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\

  3. Add a key – NGL.

  4. Within NGL, add another key – AuthInfo.

  5. Within AuthInfo, create a string value:
    Name: login_domain
    Value: The name the claimed domain to which the user is redirected.

    Windows registry value

  6. Restart the Creative Cloud desktop app.

    To do this, we recommend that you restart the device.

Known issue

After you have configured a device, if a user signs out of the Creative Cloud desktop app, the user is unable to close the Sign-in modal.

Resolution

Adobe will release a fix for this issue in the next release of the Creative Cloud desktop app. For now, you can close the app, by choosing File > Close.

Common questions

No. This configuration does not impact trust relationships.

No. Users must authenticate with a Federated ID account.

No. Wildcards are not allowed when specifying a domain. You must specify an exact domain, without wildcards.

This configuration will not work if browser-based login is configured by the admin.

 Adobe

Get help faster and easier

New user?

Quick links

View all your plans Manage your plans
View quick links
Hide quick links

Legal Notices    |    Online Privacy Policy