Expand my Community achievements bar.

Enhanced Security - just in time user provisioning access to Adobe tools

Avatar

Level 2

12/9/20

Description - "Enhanced Security - just in time user provisioning access to Adobe tools".  When an employee from a customer company connects to Adobe via SSO, Adobe uses the authentication and authorization information from the customer company to create a secured session with just those permissions the user has been granted, user does their work, then at time of user exiting Adobe tools, the secured session is destroyed.  No individual user account information would be stored on Adobe end, only group permission information.  Customer company sends the user's group information in SSO handshake.

Why is this feature important to you - Financial Services clients are always needing more and  better user authentication and authorization methods to reduce risk of cyber crime from external sources.  Removing Financial Services employee information from Adobe servers reduces risk exposure.

How would you like the feature to work - When an employee from a customer company connects to Adobe via SSO, Adobe uses the authentication and authorization information from the customer company SSO handshake to create a secured session with just those permissions the user has been granted (via user's Active Directory/LDAP group access on customer company side), user does their work, then at time of user exiting Adobe tools, the secured session is destroyed.  No individual user account information would be stored on Adobe end, only group permission information.  Customer company sends the user's group information in SSO handshake.

Current Behavior - user accounts are created on Adobe, provisioned by Adobe groups, and stored on Adobe servers.  Customer companies use SSO to authenticate a user, but access and authorization is checked against an individual user account on Adobe-side.