We are migrating to Admin Console early next year. We have accounts in Workfront with admin access level that we use as Fusion connections because we can manage the logins in locally. However, once we transition to Admin Console we will need actual email addresses (external or federated through my company) so that we can leverage them as service accounts in Fusion. I see three options:Create email addresses (e.g., gmail) outside my company's network and add to Admin Console as Adobe IDs and use as connections - this goes against my company's security policyCreate federated email addresses that can log in via SSO and represent a service account (e.g., workfront@[companydomain].comCreate OAuth2 Connections between Fusion and my Workfront instanceDoes anyone have any experience with this, and a recommended approach?

Level 2

Beantwortet

Workfront Fusion Service Accounts in Adobe Admin Console

Forum|Forum|1 year ago
November 26, 2024
5 Antworten
2317 Ansichten

We are migrating to Admin Console early next year. We have accounts in Workfront with admin access level that we use as Fusion connections because we can manage the logins in locally.

However, once we transition to Admin Console we will need actual email addresses (external or federated through my company) so that we can leverage them as service accounts in Fusion. I see three options:

Create email addresses (e.g., gmail) outside my company's network and add to Admin Console as Adobe IDs and use as connections - this goes against my company's security policy
Create federated email addresses that can log in via SSO and represent a service account (e.g., workfront@[companydomain].com
Create OAuth2 Connections between Fusion and my Workfront instance

Does anyone have any experience with this, and a recommended approach?

Workfront

Beste Antwort von KierstenKollins

We set up a service account this past year and were already moved to the admin console. When I collaborated with my IT team on this, they recommended setting up a federated email address to be added to the admin console.

When I was ready to use this email for my scenarios, I had to set up an OAuth 2 connection. Getting OAuth 2 to sync with the email address took some time. I ended up working in an incognito window and needed the SSO credentials for the email address from IT to make it work. Check out this community post:

https://experienceleaguecommunities.adobe.com/t5/workfront-questions/having-trouble-using-oauth2-configuration-to-establish-fusion/m-p/658811#M59603

Overall, we have been using our service account without any issues for the last 7 months with this setup.

KierstenKollins

Antwort

Community Advisor

We set up a service account this past year and were already moved to the admin console. When I collaborated with my IT team on this, they recommended setting up a federated email address to be added to the admin console.

When I was ready to use this email for my scenarios, I had to set up an OAuth 2 connection. Getting OAuth 2 to sync with the email address took some time. I ended up working in an incognito window and needed the SSO credentials for the email address from IT to make it work. Check out this community post:

https://experienceleaguecommunities.adobe.com/t5/workfront-questions/having-trouble-using-oauth2-configuration-to-establish-fusion/m-p/658811#M59603

Overall, we have been using our service account without any issues for the last 7 months with this setup.

MikeMcGovernC1Autor

Level 2

Thanks Kiersten! When you used the OAuth2 connection are you still able to use the Workfront modules with drag and drop mapping or did you have to do customized HTTPs modules for everything?

KierstenKollins

Community Advisor

I want to yes because a majority of our scenarios do not have an HTTPs module in them. I attempted to look for documentation but could not find a clear answer. I would recommend checking with support to validate.

ChrisStephens

Community Advisor

I would recommend going with 2, this is what I typically recommend. You do need to actually be able to authenticate as that user, and once you get the connections setup it's no different than how it works today. You just have to actually be able to log in as the user to create the connection.

Rafal_Bainie

Community Advisor

we use no2 as already mentioned by few.
and to reiterate, you need to be able to login using service accounts, so password is required and in our case this follows with MFA and someone has to set this up and own that.

JohnJOSullivan

Level 5

We had a similar issue but had to go a different route. We've used a shared vanity email mailbox for our main service account. This isn't a separate SSO-and-MFA-verified account. Because of this, we couldn't use the standard FedID setup. Nor did we want to change this up; we've used this service account since we started with WF about four years ago.

When we went to AAC, we had the misfortune of not being able to log into this account to create new connections for new Fusion teams. What we ended up doing was temporarily removing the account from AAC. We then changed the account from FedID to AdobeID. We created a new Adobe ID account for the service account, which linked back up to the existing WF account. That way, we can log in as our service account to create these new connections.

This is an older thread, but figured I'd spread what we did in case it's useful for others. 🙂

-j

M

MarianaTu

@johnjosullivan I am battling the same problem 😞 for months.

After you setup Service account as a Adobe ID, what profile access did you set in the Adobe console? Did you have to provide Systems admin access to the Service account?

RAshley

Level 3

We use option #2.

Hint, when setting up your connections in Fusion use an incognito tab to prevent your browser from auto-logging in as you.

Also, your service account will need to be a system admin, which means you'll have to budget for a standard license for it.

kautuk_sahni

Community Manager

@mikemcgovernc1 just checking in! Were you able to get this resolved? If one of the replies above helped—whether it completely solved the issue or simply pointed you in the right direction—marking it as accepted can make it much easier for others with the same question to find a solution. And if you found a different way to fix it, sharing your approach would be a great contribution to the community. Your follow-up not only helps close the loop but also ensures others benefit from your experience. Thanks so much for being part of the conversation!

Kautuk Sahni

Anmelden

Login über soziales Netzwerk

Willkommen

Login über soziales Netzwerk

Scanne Datei nach Viren

Diese Datei kann nicht heruntergeladen werden