Expand my Community achievements bar.

Workfront Fusion Service Accounts in Adobe Admin Console

Avatar

Level 2

We are migrating to Admin Console early next year. We have accounts in Workfront with admin access level that we use as Fusion connections because we can manage the logins in locally.

 

However, once we transition to Admin Console we will need actual email addresses (external or federated through my company) so that we can leverage them as service accounts in Fusion. I see three options:

  1. Create email addresses (e.g., gmail) outside my company's network and add to Admin Console as Adobe IDs and use as connections - this goes against my company's security policy
  2. Create federated email addresses that can log in via SSO and represent a service account (e.g., workfront@[companydomain].com
  3. Create OAuth2 Connections between Fusion and my Workfront instance

Does anyone have any experience with this, and a recommended approach?

5 Replies

Avatar

Level 10

We set up a service account this past year and were already moved to the admin console. When I collaborated with my IT team on this, they recommended setting up a federated email address to be added to the admin console.

 

When I was ready to use this email for my scenarios, I had to set up an OAuth 2 connection. Getting OAuth 2 to sync with the email address took some time. I ended up working in an incognito window and needed the SSO credentials for the email address from IT to make it work. Check out this community post:

https://experienceleaguecommunities.adobe.com/t5/workfront-questions/having-trouble-using-oauth2-con...

 

Overall, we have been using our service account without any issues for the last 7 months with this setup.

Avatar

Level 2

Thanks Kiersten! When you used the OAuth2 connection are you still able to use the Workfront modules with drag and drop mapping or did you have to do customized HTTPs modules for everything?

Avatar

Level 10

I want to yes because a majority of our scenarios do not have an HTTPs module in them. I attempted to look for documentation but could not find a clear answer. I would recommend checking with support to validate. 

Avatar

Community Advisor

I would recommend going with 2, this is what I typically recommend. You do need to actually be able to authenticate as that user, and once you get the connections setup it's no different than how it works today. You just have to actually be able to log in as the user to create the connection.

Avatar

Community Advisor

we use no2 as already mentioned by few.
and to reiterate, you need to be able to login using service accounts, so password is required and in our case this follows with MFA and someone has to set this up and own that.