Deploying Adobe IDs: Which ID Option Ticks all the Boxes?

Adobe’s license program, the Value Incentive Plan (VIP), applies user IDs to deploy the software and authenticate the user. For this purpose, many companies continue to use named Adobe ID. But a closer look quickly reveals that its actual suitability is limited. The Enterprise IDs or Federated IDs are options that are available as additional, secure options. In this article, our expert provides a detailed description of the differences between the individual ID forms and the steps that are necessary to switch to an enterprise-based ID system.

An article by Tobias Hübner, Business Development Manager Adobe at COMPAREX

Tobias Hübner, Business Development Manager Adobe at COMPAREX

Tobias Hübner

The system for product activation changed along with the rollout of Adobe Creative Cloud for Teams, a package of all Adobe creative products for the desktop and numerous services as a subscription model. Each user was required to create a named Adobe ID, which unfortunately made the administration of larger license volumes an extremely time-consuming affair. It is also lacking in flexible administration levels and permissions.

Available as an additional option since October 2016, the Creative Cloud for Enterprise offers solutions that address these issues. While remaining identical to Creative Cloud for Teams in regard to the applications and services tied into its features, this iteration nevertheless offers license administrators key advantages such as the additional ID forms for software deployment.

Administration, data protection and workload: Adobe ID and its problems

But let’s return to the Adobe ID for a moment: If you want to activate a software license for an end user, the person will need to have an Adobe ID. But who creates it? The users themselves or the IT manager in the company or organization?

This question notwithstanding, there is no doubt that the ID belongs to the user, as it is entirely personalized. And it will continue to be theirs, even if they leave the company. Accordingly – in the event that IT neglects to withdraw the end user licenses in good time – it is entirely conceivable that data protection authorities will come knocking on the organization’s door. And even if the license is withdrawn, the user will continue to enjoy access to the cloud storage – forever.

Enterprise ID or Federated ID – alternatives that are available in conjunction with Creative Cloud for Enterprise – offer an effective way of dealing with these issues.

Corporate ownership, security levels and blocking mechanism: The benefits of Enterprise ID
The Enterprise ID provides companies with their own dedicated ID for the first time. Like Adobe ID, it is hosted by Adobe, but 100 percent administrated by the organization’s IT department. The first thing to do if you want to use Enterprise ID is to claim your domains with Adobe. You are then required to confirm that you own controlling rights to these domains by adding a token to the DNS. You can, of course, claim all of the domains in the event that your organization owns several.

But that’s not all. Enterprise ID also supports several security levels and password policies in order to guarantee security. For instance, you can specify that the same password security level applies to all users in your organization. Adobe supports six security levels, whereby you define the minimum number of characters, symbols and numerals, capitals and small letters, validity and the “no previous passwords” feature. There is a blocking mechanism for all accounts, which prevents access to the user’s account if the system registers several failed log-on attempts in quick succession, thus preventing brute force attacks.

Single sign-on is a blessing, switching issues can be a curse: The pros and cons of Federated ID

Federated ID takes things a step further by supporting single sign-on (SSO) for the first time. SSO enables secure exchange of authentication information between two parties, namely the service provider (Adobe) and your identity provider (IdP). The service provider sends a request to your IdP, which attempts to authenticate the user. If this is successful, the IdP sends a response message to sign in the user.

What’s more, Adobe’s proprietary sync tool, which is included in this option, allows you to synchronize automatically with the Microsoft Active Directory, matching user groups, product deployments, permissions & co. with the Admin Console without any further ado.

You will also be able to draw on the security levels included in Enterprise ID. But whatever Adobe may be suggesting, it is still not 100 percent SSO. For instance, end users are still required to sign into the Creative Cloud products. That’s why I recommend that before switching to Federated IUD, you check whether this option actually meets your needs.

Once a domain has been registered as Federated, it takes quite a lot of effort to switch to the Enterprise ID. Let’s say your organization wants to give SSO integration a spin: In these cases I recommend that you claim a test domain that you own, provided your organization has an identity provider that includes the identities configured in this test domain. Proceeding in this way will allow you to test integration and familiarize yourself with the procedure of domain claiming and configuration. Another benefit of Federated ID is that home use permissions can be suppressed. Adobe ID allowed every end user to install for home use the applications made available by the employer for professional purposes. Although technically possible, the Adobe End User License Agreement (EULA) does not actually permit this kind of deployment, and the same applies to all other Adobe license programs as well.

If you delete a user in the Adobe Admin Console, the Enterprise ID and the Federated ID assigned to the end user’s ID will be automatically deleted as well after a few workdays, therefore preventing use of the Creative Cloud software and services.

Important things to consider when switching IDs

If you have worked with Adobe ID so far and are now keen to switch to one of the two new options, please take into account the following considerations: The first step if you wish to register as an Enterprise user is to sign up as a new user that is created by the administrator in your organization. A good way of imagining this system is as a separate account that is not the same as the one you are currently using.

The data are linked to a user, and because an enterprise user counts as a new user, the design libraries, fonts, app settings, Adobe color themes and Behance portfolios are not automatically transferred to the account of the Enterprise ID or Federated ID. The data remain in the account assigned to the Adobe ID. So you simply migrate the data between the accounts if you want to access them. As things stand, unfortunately, there is no way round named authentication of the user. All the same, there are technically mature and secure options available for the authentication process. Adobe plans to establish an additional authentication method in the future, which will be largely similar with anonymous deployment. I will certainly keep you up-to-date with developments.

Overview Adibe Creative Cloud for Enterprise

Still uncertain which Adobe ID is the right one?

Our experts are glad to guide you through the decision-making process. Feel free to contact us any time.

 Get in touch with us

Leipzig, 16.02.2018

Stay Up-to-date

For regular updates and articles from COMPAREX, click below to follow us:

 Follow us on LinkedIn

 Follow us on Twitter

Leave a Comment

Do you have a question or remark on this article you want to share with us?
 Post it here.

Related Articles

Understanding Your Customers with Adobe Analytics

How well do you know your customers? Being aware of their search requests and how they make decisions can help you to target your customers even more precisely. Read in today’s article how Adobe Analytics can help you to understand your customers

Archive

Get an overview of all published blog articles of the past months.

 Read more

Share this Article