Configuring SAML SSO with Adobe Creative Cloud and PingFederate
Learn how to enable Adobe Creative Cloud sign-on from the PingFederate console (IdP-initiated sign-on) and direct Adobe Creative Cloud sign-on using PingFederate (SP-initiated sign-on).
Before you begin
-
Configure PingFederate to authenticate against an identity provider (IdP) or datastore containing the users requiring application access.
-
You must have access to the Adobe Creative Cloud Admin Portal. For this, you must have an Enterprise/Business Plan.
-
Populate Adobe Creative Cloud with at least one user to test access.
-
You must have administrative access in PingFederate.
Create a directory within the Adobe admin portal
-
Sign on to the Adobe admin portal.
-
Click the Settings tab.
-
Select Identity and click Create Directory.
-
Enter a name for the Directory and select Federated ID.
-
Click Next.
-
Select Other SAML Providers.
-
Click Next.
-
Download the Copy and note the Entity ID and ACS URL values.
Create a PingFederate service provider (SP) connection for Adobe Creative Cloud
-
Sign on to the PingFederate administrative console.
-
Configure using Browser SSO profile SAML 2.0.
-
Set Partner’s Entity ID to the entity ID value that you copied previously.
-
Enable the following SAML Profiles:
-
IdP-Initiated SSO
-
SP-Initiated SSO
-
-
In Assertion Creation: Authentication Source Mapping: Attribute Contract Fulfillment, map the SAML_SUBJECT to your email attribute, map the FirstName to your first name attribute, and map the LastName to your last name attribute.
-
In Protocol Settings: Assertion Consumer Service URL, set Binding to POST and set Endpoint URL to the ACS URL value that you copied previously.
-
In Protocol Settings: Allowable SAML Bindings, enable POST.
-
In Credentials: Digital Signature Settings, select the PingFederate Signing Certificate.
-
Export the metadata file and certificate from PingFederate to upload to the Adobe Admin Console.