I know this question has been asked in the past, but is it possible to enforce federated accounts only and disallow Adobe accounts?
Meaning, can this be achieved through a setting in the console or from support side?
Cheers
Solved! Go to Solution.
Views
Replies
Total Likes
Yeah, we had federated accounts at one of my previous companies. I know that you can set it up to be integrated with your SSO providers and that they can create federated accounts with predefined settings/permissions. From what I recall though, I think you can still manually make non-federated accounts in the admin console.
The only way I can think of to restrict that is to limit who you give admin permissions to modify accounts. If you limit it to just 1 or 2 people (maybe even just your system admin), then no one else will have the option to manually make non-federated accounts. Then it just comes down to, like Jen said, create internal processes to say how new accounts will be set up.
That's a good question... I mean, I'm sure that you can enforce Federated Accounts through your internal processes (i.e. not create any non-federated accounts).. but I am not sure if it can be enforced by the Adobe Admin console.... (we are not using federated accounts because we have at least 50 different email domains, so it's just not worth it for us; but I know someone who I am pretty sure implemented federated accounts, so I will reach out to them and see if they can help)
Thx! I mean every once in a while you will still need to give access to a support admin from Adobe, which would also get complicated or require exceptions I guess
Views
Replies
Total Likes
Yeah, we had federated accounts at one of my previous companies. I know that you can set it up to be integrated with your SSO providers and that they can create federated accounts with predefined settings/permissions. From what I recall though, I think you can still manually make non-federated accounts in the admin console.
The only way I can think of to restrict that is to limit who you give admin permissions to modify accounts. If you limit it to just 1 or 2 people (maybe even just your system admin), then no one else will have the option to manually make non-federated accounts. Then it just comes down to, like Jen said, create internal processes to say how new accounts will be set up.
Hi @MandyGeorge
thx for the response! Yeah, the requirement would really be ruling out any kind of manual account creation. But agree, the best way would probably be removing the ability to do so from as many users as possible and only keep that right for s handful of core users.
Absolutely you can, but just remember that federated accounts have firewall restrictions that may limit use of certain Adobe solutions (ReportBuilder, ActivityMap, etc.). Limiting to federated has significant governance benefits, but logging in with an Adobe ID might be important to a few power users that do some of their work from home or locations external to your company's firewall. Thus, this likely should be taken into consideration when applying your governance policy.
Hope this helps and all the best,
Justin
Hi @justinhess
thx for the response! The question would be how this can be achieved?
as discussed above, we don't see a possibility in the admin console. Do you know of any way support can disallow the creation of of users with Adobe accounts?
Cheers from Switzerland
Views
Replies
Total Likes