Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

Enhanced Security - just in time user provisioning access to Adobe tools

Avatar

Avatar
Ignite 1
Level 1
MarkAbel1
Level 1

Likes

0 likes

Total Posts

4 posts

Correct reply

0 solutions
Top badges earned
Ignite 1
Shape 1
View profile

Avatar
Ignite 1
Level 1
MarkAbel1
Level 1

Likes

0 likes

Total Posts

4 posts

Correct reply

0 solutions
Top badges earned
Ignite 1
Shape 1
View profile
MarkAbel1
Level 1

09-12-2020

Description - "Enhanced Security - just in time user provisioning access to Adobe tools".  When an employee from a customer company connects to Adobe via SSO, Adobe uses the authentication and authorization information from the customer company to create a secured session with just those permissions the user has been granted, user does their work, then at time of user exiting Adobe tools, the secured session is destroyed.  No individual user account information would be stored on Adobe end, only group permission information.  Customer company sends the user's group information in SSO handshake.

Why is this feature important to you - Financial Services clients are always needing more and  better user authentication and authorization methods to reduce risk of cyber crime from external sources.  Removing Financial Services employee information from Adobe servers reduces risk exposure.

How would you like the feature to work - When an employee from a customer company connects to Adobe via SSO, Adobe uses the authentication and authorization information from the customer company SSO handshake to create a secured session with just those permissions the user has been granted (via user's Active Directory/LDAP group access on customer company side), user does their work, then at time of user exiting Adobe tools, the secured session is destroyed.  No individual user account information would be stored on Adobe end, only group permission information.  Customer company sends the user's group information in SSO handshake.

Current Behavior - user accounts are created on Adobe, provisioned by Adobe groups, and stored on Adobe servers.  Customer companies use SSO to authenticate a user, but access and authorization is checked against an individual user account on Adobe-side.