Azure Sync Adobe for Microsoft Entra and Adobe Integration

Azure Sync Adobe for Microsoft Entra and Adobe Integration is a powerful tool that enables seamless collaboration between Microsoft Entra and Adobe Creative Cloud. This integration allows users to access their Adobe files directly from within Microsoft Entra, streamlining workflows and increasing productivity.

With Azure Sync Adobe, users can synchronize their Adobe files across multiple devices, ensuring that everyone has access to the latest versions of files. This feature is particularly useful for teams working on large-scale projects.

By integrating Microsoft Entra and Adobe Creative Cloud, organizations can reduce the risk of file duplication and version conflicts. This integration also enables single sign-on (SSO) capabilities, eliminating the need for users to remember multiple passwords.

Azure Sync Adobe supports a wide range of Adobe file types, including Photoshop, Illustrator, and InDesign files.

To get started with Azure Sync Adobe, you'll need to meet some prerequisites.

You'll need a Microsoft Entra tenant to proceed with the setup.

One of the following roles is required: Application Administrator, Cloud Application Administrator, or Application Owner.

A federated directory in the Adobe Admin Console with verified domains is also necessary.

You should review the Adobe documentation on user provisioning to ensure you're familiar with the process.

To avoid conflicts, pause any User Sync Tool or UMAPI integration if your organization uses one.

Once paused, add Microsoft Entra automatic provisioning to automate user management.

Once Microsoft Entra automatic provisioning is configured and running, you can completely remove the User Sync Tool or UMAPI integration.

Here's a summary of the prerequisites:

To configure Microsoft Entra for Azure sync with Adobe, you'll first need to configure Adobe Identity Management (SAML) to support provisioning with Microsoft Entra ID. This involves logging in to the Adobe Admin Console, navigating to Settings > Directory Details > Sync, and clicking Add Sync.

You'll then select Sync users from Microsoft Azure and copy the Tenant URL and Secret token, which you'll need to enter in the Tenant URL and Secret Token fields in the Provisioning tab of your Adobe Identity Management (SAML) application.

To add Adobe Identity Management (SAML) from the Microsoft Entra application gallery, sign in to the Microsoft Entra admin center as a Cloud Application Administrator and browse to Identity > Applications > Enterprise applications. Select Adobe Identity Management (SAML) from the list and click on the Provisioning tab.

Here are the steps to configure automatic user provisioning for Adobe Identity Management (SAML) in Microsoft Entra ID:

1. Set the Provisioning Mode to Automatic.

2. Input your Adobe Identity Management (SAML) Tenant URL and Secret Token retrieved earlier.

3. Click Test Connection to ensure Microsoft Entra ID can connect to Adobe Identity Management (SAML).

4. In the Notification Email field, enter the email address of a person or group who should receive the provisioning error notifications.

5. Select the Send an email notification when a failure occurs check box.

6. Under the Mappings section, select Synchronize Microsoft Entra users to Adobe Identity Management (SAML).

7. Review the user attributes that are synchronized from Microsoft Entra ID to Adobe Identity Management (SAML) in the Attribute-Mapping section.

8. Select the Save button to commit any changes.

The following attributes are synchronized from Microsoft Entra ID to Adobe Identity Management (SAML):

To configure scoping filters, refer to the Scoping filter tutorial. To enable the Microsoft Entra provisioning service for Adobe Identity Management (SAML), change the Provisioning Status to On in the Settings section.

Automatic user provisioning allows you to automatically create, update, and disable users and/or groups in Adobe Identity Management (SAML) based on user and/or group assignments in Microsoft Entra ID. This can be a huge time-saver and helps ensure that your user accounts are always up-to-date.

To enable automatic user provisioning, you need to configure the Microsoft Entra provisioning service to create, update, and disable users and/or groups in Adobe Identity Management (SAML). This involves setting up a connection between Microsoft Entra ID and Adobe Identity Management (SAML) using the Tenant URL and Secret Token.

The provisioning service can be configured to start the initial synchronization cycle of all users and groups defined in Scope, which takes longer to perform than subsequent cycles that occur approximately every 40 minutes. You can use the provisioning logs to determine which users have been provisioned successfully or unsuccessfully.

Here are the capabilities supported by automatic user provisioning:

Automatic user provisioning can be a game-changer for organizations looking to streamline their identity management processes.

The capabilities supported by this integration are impressive, and they include creating users in Adobe Identity Management (SAML).

You can also remove users in Adobe Identity Management (SAML) when they no longer require access, which is a huge time-saver.

This integration keeps user attributes synchronized between Microsoft Entra ID and Adobe Identity Management (SAML), ensuring that everyone has the right access and information.

The capabilities also include provisioning groups and group memberships in Adobe Identity Management (SAML).

Here are the capabilities supported by this integration in a quick rundown:

To configure automatic user provisioning for Adobe Identity Management (SAML), you'll need to sign in to the Microsoft Entra admin center as a Cloud Application Administrator. This is the first step in setting up automatic user provisioning.

You'll then need to browse to Identity > Applications > Enterprise applications and select Adobe Identity Management (SAML). From there, you'll need to select the Provisioning tab and set the Provisioning Mode to Automatic.

Next, you'll need to input your Adobe Identity Management (SAML) Tenant URL and Secret Token, which you can retrieve from the Adobe Admin Console. Be sure to click Test Connection to ensure Microsoft Entra ID can connect to Adobe Identity Management (SAML).

If the connection fails, check that your Adobe Identity Management (SAML) account has Admin permissions and try again. You'll also need to enter the email address of a person or group who should receive provisioning error notifications.

Here are the attributes that are synchronized from Microsoft Entra ID to Adobe Identity Management (SAML):

You can also synchronize Microsoft Entra groups to Adobe Identity Management (SAML), which requires selecting the Synchronize Microsoft Entra groups to Adobe Identity Management (SAML) option.

The provisioning logs can be used to determine which users have been provisioned successfully or unsuccessfully, and the progress bar can be used to see the status of the provisioning cycle.

To configure Microsoft Entra SSO with Adobe Creative Cloud, you need to establish a link relationship between a Microsoft Entra user and the related user in Adobe Creative Cloud.

You can test your Microsoft Entra single sign-on configuration with three options: clicking on Test this application, going to Adobe Creative Cloud Sign-on URL directly, or using Microsoft My Apps.

To test SSO, you can click on Test this application, which will redirect to Adobe Creative Cloud Sign-on URL where you can initiate the login flow.

You can also go to Adobe Creative Cloud Sign-on URL directly and initiate the login flow from there.

Microsoft My Apps is another option to test SSO; when you click the Adobe Creative Cloud tile in the My Apps, it will redirect to Adobe Creative Cloud Sign-on URL.

The provisioning logs can be used to determine which users have been provisioned successfully or unsuccessfully.

The initial synchronization cycle of users and groups defined in Scope in the Settings section takes longer to perform than subsequent cycles, which occur approximately every 40 minutes as long as the Microsoft Entra provisioning service is running.

The provisioning status can be changed to On in the Settings section to enable the Microsoft Entra provisioning service for Adobe Identity Management (SAML).

To connect Azure with Adobe, you'll need to sync your Azure Repo with Adobe's Git Pipeline.

This process involves adding an AEM code build pipeline in the Build Validation of that repo.

You'll also need to create a Pull Request, which will trigger a build that compiles your new code.

AEM Build pipeline for Code compile will be added to PR build validation, and it must get code from the develop-redesign branch.

Connecting AAD to G Suite is a straightforward process that requires a few key steps. First, you'll need to go to the G Suite Admin Console and navigate to the Security settings.

To set up the connection, you'll need to have an Azure Active Directory (AAD) tenant and a G Suite account. You can find the AAD tenant ID in the Azure portal, under Azure Active Directory.

In the G Suite Admin Console, select the organization you want to connect to AAD and click on the "Security" tab. From there, you can click on "Connected apps" and then "Add new".

You'll need to enter the AAD tenant ID and the client ID of your G Suite account to complete the setup. The client ID can be found in the G Suite Admin Console, under "Security" and "OAuth clients".

Once you've entered the necessary information, click "Save" to complete the setup process. This will allow you to sync your G Suite account with AAD.

Syncing a Git repository is a crucial step in connecting your code with Adobe's ecosystem. To start, you'll need to add an AEM code build pipeline in the Build Validation of your repository.

Syncing a Git repository involves linking it to Adobe's systems, which requires some technical setup. This process typically starts with adding a pipeline to validate builds.

To sync your Azure repository with Adobe's Git pipeline, you'll need to create a pull request that triggers a build. This build will run to compile the new code and validate it against the AEM build pipeline.

AEM build pipelines are essential for compiling code and must be added to the pull request build validation. This ensures that the code is properly compiled and meets Adobe's requirements.