Description:
Our organization manages user permissions centrally through groups in Azure Active Directory (Azure AD). These groups are synchronized with Adobe Experience Cloud, allowing us to efficiently allocate product and profile permissions based on group membership. However, currently, administrative roles such as Product Administrator, Profile Administrator, Support Administrator, and System Administrator can only be assigned to individual users, not to groups. This creates a challenge for organizations that rely on group-based permission management and automation.
Why is this feature important to you:
Managing permissions at the group level ensures consistency, security, and scalability, especially in large organizations. Assigning admin roles to groups means that when a user is added to or removed from a group in Azure AD, their corresponding admin permissions in Adobe are automatically updated. This reduces manual intervention, minimizes human error, and helps maintain compliance with internal access management policies. Without this capability, we are forced to manually update admin roles for each user, which is inefficient and error-prone.
How would you like the feature to work:
We would like to be able to assign all administrative roles (Product Admin, Profile Admin, Support Admin, System Admin, etc.) to groups, not just individuals, within the Adobe Admin Console. When a user is added to or removed from a group in Azure AD, and that group is synced with Adobe, the user should automatically inherit or lose the corresponding admin rights based on their group membership. This approach should mirror how product/profile permissions are currently managed via groups.
Current Behaviour:
At present, administrative roles in Adobe Experience Cloud can only be assigned directly to individual users. Group-based assignment of these roles is not supported, which complicates permission management for organizations using directory group synchronization.
