Help with Federated ID Access for External Users in Workfront | Community
Skip to main content
KervinWelsch2
KervinWelsch2
Level 2
July 9, 2025
Solved

Help with Federated ID Access for External Users in Workfront

  • July 9, 2025
  • 2 replies
  • 909 views

Hi everyone,

 

I’m reaching out to see if anyone has experience dealing with external users accessing Workfront via Federated ID (SSO).

I’ve recently invited an external client to our Workfront instance using their corporate email. The user was automatically provisioned in the Adobe Admin Console as a Federated ID, since their domain is already registered under another organization in Adobe IMS (likely due to their use of Adobe Sign or Creative Cloud).

 

Although the user has been correctly assigned a Workfront license in our admin console, they are encountering the following error when attempting to log in:

"User is not assigned to this application."

 

I’ve confirmed:

  • The user appears as active in our Adobe Admin Console

  • The Workfront product profile has been assigned

  • Other external users with Federated IDs (from different companies) have successfully accessed our environment

I suspect the issue may be related to the SSO configuration on the client's side — possibly their organization is not allowing access to external Adobe tenants.

Has anyone experienced this before? Are there recommended workarounds for enabling access in this type of cross-organization federated setup? Should I ask the client to log in via https://experience.adobe.com instead of our direct Workfront URL?

 

Any insights or best practices would be greatly appreciated!

 

Thanks in advance

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by KervinWelsch2

Hi Kautuk,

 

I discovered how it works after solving my client's issue. Please advise the Adobe team to update the documentation or create a new one to reflect this behavior.

 

If the external client already has a Federated ID, the Adobe Console will automatically associate that ID with their account. It is not possible to create or switch to an Adobe ID, contrary to what the Adobe manual suggests.

External users with a Federated ID should follow these steps:

 

  1. Go to: https://experience.adobe.com/

  2. Enter the email and password they already use within their organization

  3. If they are registered under multiple companies, once they land on the Adobe Experience Cloud homepage, they will have the option to switch between different company instances

 

4 - They need to select the correct organization and then click on the Workfront icon.

 

Recommendations: Always check the Admin Console to verify whether the external user you created in Workfront is using an Adobe ID or a Federated ID.

 

Always prepare two separate user guides to send:

- One for users with a Federated ID

- Another for users with an Adobe ID

 

Thanks for the support!

 

 

 

 

 

 

2 replies

Richard_Carlson
Community Advisor
Richard_CarlsonCommunity Advisor
Community Advisor
July 9, 2025

We have some external vendors who have access to Workfront.  In Adobe Admin Console we have internal users set up with a Federated ID, all external users should be using an Adobe ID.

 

    KervinWelsch2
    KervinWelsch2Author
    Level 2
    July 10, 2025

    Hi Richard,

     

    Thank you for your reply.

     

    Yes, this is what Adobe states, but the issue arises when the external user is already associated with Adobe products within their own company. When I try to add them, they are automatically assigned a Federated ID.

    My company is still using Adobe ID, so when I add internal users, they are automatically created with Adobe ID. For external users, sometimes they are assigned Adobe ID — based on how my organization is configured — and other times they are assigned Federated ID. This likely happens because their company already has access to Adobe products configured with Federated ID. Since they are using the same corporate email, the Adobe Identity Management System (IMS) links the domain and prioritizes the domain configuration of their organization.

     

    At least, that’s the behavior I observed after extensive research.

     

    I’ve encountered this situation before — although in that case, the user was eventually able to access the system. That ticket was more preventive than corrective: I chose to open it after detecting this anomaly.

     

    Position by adobe: "Kervin, that is not going to cause any login issues for the user. This is happening because the user already has a Federated ID in the Adobe system and the system will always prioritize the Federated ID when they are added to a new Admin Console. Again, this will not cause any access issues for them. They will just choose their Federated ID (named "company/school" option) user at login rather than username and password route but, they will be able to access without any issues. Please don't hesitate to let me know if there is anything else I can help with or further clarify. Best, Syrus"

     

    Now, however, I’m facing a real issue. The user cannot access the system, and I haven't been able to find any official documentation or guidance to help external users log in under these conditions.

     

     

    skyehansen
    Community Advisor
    skyehansenCommunity Advisor
    July 10, 2025

    I'm wondering if you can have the user try to log in using an incognito browser (just making sure we get all the caching issues out of the way to start with)

      kautuk_sahni
      Community Manager
      kautuk_sahniCommunity Manager
      Community Manager
      July 16, 2025

      @kervinwelsch2 Just checking in — were you able to resolve your issue?
      We’d love to hear how things worked out. If the suggestions above helped, marking a response as correct can guide others with similar questions. And if you found another solution, feel free to share it — your insights could really benefit the community. Thanks again for being part of the conversation!

      Kautuk Sahni
        KervinWelsch2
        KervinWelsch2AuthorAccepted solution
        Level 2
        July 25, 2025

        Hi Kautuk,

         

        I discovered how it works after solving my client's issue. Please advise the Adobe team to update the documentation or create a new one to reflect this behavior.

         

        If the external client already has a Federated ID, the Adobe Console will automatically associate that ID with their account. It is not possible to create or switch to an Adobe ID, contrary to what the Adobe manual suggests.

        External users with a Federated ID should follow these steps:

         

        1. Go to: https://experience.adobe.com/

        2. Enter the email and password they already use within their organization

        3. If they are registered under multiple companies, once they land on the Adobe Experience Cloud homepage, they will have the option to switch between different company instances

         

        4 - They need to select the correct organization and then click on the Workfront icon.

         

        Recommendations: Always check the Admin Console to verify whether the external user you created in Workfront is using an Adobe ID or a Federated ID.

         

        Always prepare two separate user guides to send:

        - One for users with a Federated ID

        - Another for users with an Adobe ID

         

        Thanks for the support!

         

         

         

         

         

         

          Terms & ConditionsAccessibility statement

          Loading footer...