Support Center

Single Sign On (SSO) with Adobe Creative Cloud (Beta)

PREREQUISITES: In order to successfully complete the integration between JumpCloud and Adobe Creative Cloud, you must use an Adobe administrator account on an enterprise plan.


CONFIGURATION NOTES:

Note 1: Prior to configuring SSO for Adobe Creative Cloud, you must claim a domain in your Adobe Creative Cloud account and Adobe must approve your claim. The domain for which you wish to configure SSO must show as “Active” in the “Status” column prior to attempting SSO. See Adobe’s article on claiming a domain for more information.

Note 2: We assume the JumpCloud administrator performing the integrations will understand the process of generating private keys in addition to public certificates. As an example for generating signed certificates on Linux, see below. Please refer to other guidance for generating keys on other operating systems.


Create a private key: 

  • openssl genrsa -out private.pem 2048

Creating a public certificate for that private key: 

  • openssl req -new -x509 -key private.pem -out cert.pem -days 1095

Note 3: Adobe Creative Cloud requires that the IdP public certificate be a .cer file. If you used the above commands to generate a public certificate, rename the file with a .cer extension before uploading it to Adobe Creative Cloud.

Step 1 of 2: Configure Adobe Creative Cloud for JumpCloud SSO

  1. Log in to the Adobe Enterprise Dashboard as an administrator
  2. Click Identity
  3. Click Configuration Required for the appropriate domain (see Note 1 above)
  4. In the Single Sign On Configuration Required section, click Browse and upload your public certificate (see Note 2 and Note 3 above)
  5. In the IDP Issuer field, enter https://YOUR_DOMAIN.com (replace YOUR_DOMAIN with your company’s unique domain)
  6. In the IDP Login URL field, enter https://sso.jumpcloud.com/saml2/adobecreativecloud (this is the default IdP URL, but if you plan to change this value in JumpCloud in step 2, part 10 then provide your chosen value)
  7. Beside IdP Binding, select HTTP - Post from the drop-down menu
  8. Beside User Login Setting, select Email address from the drop-down menu
  9. Click Save
  10. Click Download metadata and open the metadata file that saves to your computer
  11. Click Activate Federated ID
Step 2 of 2: Configure JumpCloud SSO for Adobe Creative Cloud
  1. Log into the JumpCloud Admin UI at https://console.jumpcloud.com
  2. Click on the Applications link in the sidenav
  3. Click on the green + icon in the upper left corner and find Adobe Creative Cloud in the list
  4. Click configure
  5. In the IdP Entity ID field, enter https://YOUR_DOMAIN.com (replace YOUR_DOMAIN with your company’s unique domain, this should match the value you entered as the IDP Issuer on Adobe’s configuration page)
  6. Click Upload Private Key and upload your private key (see Note 2 above)
  7. Click Upload IdP Certificate and upload your public certificate (see Note 2 and Note 3above)
  8. From Adobe’s metadata file that you downloaded, copy the entityID attribute value of the EntityDescriptor element and paste this value in the SP Entity ID field in JumpCloud (this value should look something like: https://www.okta.com/saml2/service-provider/ID_NUMBER)
  9. From Adobe’s metadata file that you downloaded, copy the location attribute value of the AssertionConsumerService element and paste this value in BOTH the ACS URLAND the IdP-Initiated URL fields (this value should look something like: https://adbe-IDENTIFIER.okta.com/auth/saml20/accauthlinktest)
  10. In the field terminating the IdP URL, either leave the default value or enter a plaintext string unique to this connector. The value you enter here is relevant to restricting access to this application within JumpCloud (see Note on Tagging below).
  11. (Optional) In the Display Label field, enter a label that will appear beside the Adobe Creative Cloud logo within the JumpCloud console to guide administrators and users to the connection you have configured
  12. Click Activate
To test your single sign-on configuration:

(IdP-Initiated Flow)

  • Log into the JumpCloud User Console
  • Click on the Adobe Creative Cloud icon
  • You should automatically be logged in to Adobe Creative Cloud


Note on Tagging: To restrict access to a smaller group of users:

The value terminating the IdP URL (which the administrator sets during configuration) will also serve as part of the Tag name for this SSO connection. To restrict access, create a new Tag and name it SSO- followed by the value chosen to terminate the IdP URL.

EX: If the entire IdP URL is https://sso.jumpcloud.com/saml2/ServiceProvider1234, then create a Tag named SSO-ServiceProvider1234 to restrict access to this connection.

Add users to this Tag who should be given access to Adobe Creative Cloud (through this configuration only) via SSO. Any other users who are not in this tag will be denied access. If a Tag to explicitly grant access does not exist, all users in your organization will be authorized to access Adobe Creative Cloud through this connection.

 

Last Updated: Nov 18, 2016 04:46PM MST

Related Articles
31b11a79e2c94470a66430cfe6d3eecd@jumpcloud.desk-mail.com
https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete