Community Advisor and Adobe Champion

Solved

Is it possible to have federated accounts only?

Forum|Forum|1 year ago
July 9, 2024
2 replies
1269 views

I know this question has been asked in the past, but is it possible to enforce federated accounts only and disallow Adobe accounts?

Meaning, can this be achieved through a setting in the console or from support side?

Cheers

Analytics

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

Best answer by MandyGeorge

Yeah, we had federated accounts at one of my previous companies. I know that you can set it up to be integrated with your SSO providers and that they can create federated accounts with predefined settings/permissions. From what I recall though, I think you can still manually make non-federated accounts in the admin console.

The only way I can think of to restrict that is to limit who you give admin permissions to modify accounts. If you limit it to just 1 or 2 people (maybe even just your system admin), then no one else will have the option to manually make non-federated accounts. Then it just comes down to, like Jen said, create internal processes to say how new accounts will be set up.

Jennifer_Dungan

Community Advisor and Adobe Champion

That's a good question... I mean, I'm sure that you can enforce Federated Accounts through your internal processes (i.e. not create any non-federated accounts).. but I am not sure if it can be enforced by the Adobe Admin console.... (we are not using federated accounts because we have at least 50 different email domains, so it's just not worth it for us; but I know someone who I am pretty sure implemented federated accounts, so I will reach out to them and see if they can help)

MandyGeorge

Accepted solution

Community Advisor and Adobe Champion

Yeah, we had federated accounts at one of my previous companies. I know that you can set it up to be integrated with your SSO providers and that they can create federated accounts with predefined settings/permissions. From what I recall though, I think you can still manually make non-federated accounts in the admin console.

The only way I can think of to restrict that is to limit who you give admin permissions to modify accounts. If you limit it to just 1 or 2 people (maybe even just your system admin), then no one else will have the option to manually make non-federated accounts. Then it just comes down to, like Jen said, create internal processes to say how new accounts will be set up.

bjoern__koth

Author

Community Advisor and Adobe Champion

Hi @mandygeorge

thx for the response! Yeah, the requirement would really be ruling out any kind of manual account creation. But agree, the best way would probably be removing the ability to do so from as many users as possible and only keep that right for s handful of core users.

Cheers from Switzerland!

justinhess

Adobe Champion

Absolutely you can, but just remember that federated accounts have firewall restrictions that may limit use of certain Adobe solutions (ReportBuilder, ActivityMap, etc.). Limiting to federated has significant governance benefits, but logging in with an Adobe ID might be important to a few power users that do some of their work from home or locations external to your company's firewall. Thus, this likely should be taken into consideration when applying your governance policy.

Hope this helps and all the best,

Justin

bjoern__koth

Author

Community Advisor and Adobe Champion

Hi @justinhess

thx for the response! The question would be how this can be achieved?

as discussed above, we don't see a possibility in the admin console. Do you know of any way support can disallow the creation of of users with Adobe accounts?

Cheers from Switzerland

Cheers from Switzerland!

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded