User Guide Cancel

Manage authentication settings

  1. Adobe Enterprise & Teams: Administration guide
  2. Plan your deployment
    1. Basic concepts
      1. Licensing
      2. Identity
      3. User management
      4. App deployment
      5. Admin Console overview
      6. Admin roles
    2. Deployment Guides
      1. Named User deployment guide
      2. SDL deployment guide
      3. Deploy Adobe Acrobat 
    3. Deploy Creative Cloud for education
      1. Deployment home
      2. K-12 Onboarding Wizard
      3. Simple setup
      4. Syncing Users
      5. Roster Sync K-12 (US)
      6. Key licensing concepts
      7. Deployment options
      8. Quick tips
      9. Approve Adobe apps in Google Admin Console
      10. Enable Adobe Express in Google Classroom
      11. Integration with Canvas LMS
      12. Integration with Blackboard Learn
      13. Configuring SSO for District Portals and LMSs
      14. Add users through Roster Sync
      15. Kivuto FAQ
      16. Primary and Secondary institution eligibility guidelines
  3. Set up your organization
    1. Identity types | Overview
    2. Set up identity | Overview
    3. Set up organization with Enterprise ID
    4. Setup Azure AD federation and sync
      1. Set up SSO with Microsoft via Azure OIDC
      2. Add Azure Sync to your directory
      3. Role sync for Education
      4. Azure Connector FAQ
    5. Set up Google Federation and sync
      1. Set up SSO with Google Federation
      2. Add Google Sync to your directory
      3. Google federation FAQ
    6. Set up organization with Microsoft ADFS
    7. Set up organization for District Portals and LMS
    8. Set up organization with other Identity providers
      1. Create a directory
      2. Verify ownership of a domain
      3. Add domains to directories
    9. SSO common questions and troubleshooting
      1. SSO Common questions
      2. SSO Troubleshooting
      3. Education common questions
  4. Manage your organization setup
    1. Manage existing domains and directories
    2. Enable automatic account creation
    3. Set up organization via directory trust
    4. Migrate to a new authentication provider 
    5. Asset settings
    6. Authentication settings
    7. Privacy and security contacts
    8. Console settings
    9. Manage encryption  
  5. Manage users
    1. Overview
    2. Administrative roles
    3. User management strategies
      1. Manage users individually   
      2. Manage multiple users (Bulk CSV)
      3. User Sync tool (UST)
      4. Microsoft Azure Sync
      5. Google Federation Sync
    4. Assign licenses to a Teams user
    5. In-app user management for teams
      1. Manage your team in Adobe Express
      2. Manage your team in Adobe Acrobat
    6. Add users with matching email domains
    7. Change user's identity type
    8. Manage user groups
    9. Manage directory users
    10. Manage developers
    11. Migrate existing users to the Adobe Admin Console
    12. Migrate user management to the Adobe Admin Console
  6. Manage products and entitlements
    1. Manage products and product profiles
      1. Manage products
      2. Buy products and licenses
      3. Manage product profiles for enterprise users
      4. Manage automatic assignment rules
      5. Entitle users to train Firefly custom models
      6. Review product requests
      7. Manage self-service policies
      8. Manage app integrations
      9. Manage product permissions in the Admin Console  
      10. Enable/disable services for a product profile
      11. Single App | Creative Cloud for enterprise
      12. Optional services
    2. Manage Shared Device licenses
      1. What's new
      2. Deployment guide
      3. Create packages
      4. Recover licenses
      5. Manage profiles
      6. Licensing toolkit
      7. Shared Device Licensing FAQ
  7. Get started with Global Admin Console
    1. Adopt global administration
    2. Select your organization
    3. Manage organization hierarchy
    4. Manage product profiles
    5. Manage administrators
    6. Manage user groups
    7. Update organization policies
    8. Manage policy templates
    9. Allocate products to child organizations
    10. Execute pending jobs
    11. Explore insights
    12. Export or import organization structure
  8. Manage storage and assets
    1. Storage
      1. Manage enterprise storage
      2. Adobe Creative Cloud: Update to storage
      3. Manage Adobe storage
    2. Manage projects
    3. Asset migration
      1. Automated Asset Migration
      2. Automated Asset Migration FAQ  
      3. Manage transferred assets
    4. Reclaim assets from a user
    5. Student asset migration | EDU only
      1. Automatic student asset migration
      2. Migrate your assets
  9. Manage services
    1. Adobe Stock
      1. Adobe Stock credit packs for teams
      2. Adobe Stock for enterprise
      3. Use Adobe Stock for enterprise
      4. Adobe Stock License Approval
    2. Custom fonts
    3. Adobe Asset Link
      1. Overview
      2. Create user group
      3. Configure Adobe Experience Manager Assets
      4. Configure and install Adobe Asset Link
      5. Manage assets
      6. Adobe Asset Link for XD
    4. Adobe Acrobat Sign
      1. Set up Adobe Acrobat Sign for enterprise or teams
      2. Adobe Acrobat Sign - Team feature Administrator
      3. Manage Adobe Acrobat Sign on the Admin Console
    5. Creative Cloud for enterprise - free membership
      1. Overview
  10. Deploy apps and updates
    1. Overview
      1. Deploy and deliver apps and updates
      2. Plan to deploy
      3. Prepare to deploy
    2. Create packages
      1. Package apps via the Admin Console
      2. Create Named User Licensing Packages
      3. Manage pre-generated packages
        1. Manage Adobe templates
        2. Manage Single-app packages
      4. Manage packages
      5. Manage device licenses
      6. Serial number licensing
    3. Customize packages
      1. Customize the Creative Cloud desktop app
      2. Include extensions in your package
    4. Deploy Packages 
      1. Deploy packages
      2. Deploy Adobe packages using Microsoft Intune
      3. Deploy Adobe packages with SCCM
      4. Deploy Adobe packages with ARD
      5. Install products in the Exceptions folder
      6. Uninstall Creative Cloud products
      7. Use Adobe provisioning toolkit enterprise edition
    5. Manage updates
      1. Change management for Adobe enterprise and teams customers
      2. Deploy updates
    6. Adobe Update Server Setup Tool (AUSST)
      1. AUSST Overview
      2. Set up the internal update server
      3. Maintain the internal update server
      4. Common use cases of AUSST   
      5. Troubleshoot the internal update server
    7. Adobe Remote Update Manager (RUM)
      1. Release notes
      2. Use Adobe Remote Update Manager
    8. Troubleshoot
      1. Troubleshoot Creative Cloud apps installation and uninstallation errors
      2. Query client machines to check if a package is deployed
  11. Manage your Teams account
    1. Overview
    2. Update payment details
    3. Manage invoices
    4. Change contract owner
    5. Change your plan
    6. Change reseller
    7. Cancel your plan
    8. Purchase Request compliance
  12. Renewals
    1. Teams membership: Renewals
    2. Enterprise in VIP: Renewals and compliance
  13. Manage contracts
    1. Automated expiration stages for ETLA contracts
    2. Switching contract types within an existing Adobe Admin Console
    3. Value Incentive Plan (VIP) in China
    4. VIP Select help
  14. Reports & logs
    1. Audit Log
    2. Assignment reports
    3. Content Logs
  15. Get help
    1. Contact Adobe Customer Care
    2. Support options for teams accounts
    3. Support options for enterprise accounts
    4. Support options for Experience Cloud

Applies to enterprise.

Manage your organization's security in the Adobe Admin Console. Select appropriate authentication policies, enable 2FA, and set location-based access for your users.

Select authentication levels

Note:

Password policies apply to all identity types supported on the Adobe admin console except the Federated ID type.

All accounts include a lockout mechanism. If the system detects a quick succession of multiple failed login attempts, the user account is temporarily unavailable to prevent brute force attacks.

To specify a password policy, do the following:

  1. In the Admin Console, navigate to Settings Privacy and SecurityAuthentication Settings.

  2. Choose a level of authentication for your users based on your ease of use and security requirements.

    Selecting an option automatically selects and saves it.

    Levels of authentication

Enable 2-step verification

To strengthen the security in their Adobe accounts, your users can set up 2-step verificationOnce set up, your users require a verification code to sign in to their Adobe accounts before they enter their Adobe account passwords. This setup is done by each user in their Adobe account. Adobe users can normally turn 2-step verification on and off on depending on their security preferences.

As an admin, you have the option to enforce two-step verification. This ensures that users then do not have the options to turn it off.

Alert:

Adobe highly recommends that you, as the admin, enforce two-step verification in your organization, and don’t leave this as optional for your users.

Note:

2-step verification (or 2FA) is available for Enterprise ID and Adobe ID users only. Note: 2FA may take up to 24 hours to apply to all the users in your organization.

This method does not apply to Federated ID users. However, you can enforce 2-step verification for Federated ID users from your identity provider.

When you turn on 2-step verification, the users in your organization will receive an email.

  • After you've set up 2-step verification, the first time a user signs in, Adobe requires the collection of their phone number. This ensures that the user can recover their account in case they've lost the password.
  • This policy will prevent users who have already set up 2-step verification from taking any action but from un-enrolling.
  • Users who have not set up 2-step verification will be required to enroll in this service the next time they sign into their Adobe account. For details on how your users must enroll, see this article.

Manage social login policy

As a teams or enterprise admin, select the social login providers you want to allow for users in your organization. Existing Adobe ID users who log in with a disabled social provider will be forced to set a password on their next login. When disabled, we'll notify all your users via email.

Go to Admin Console Authentication settings and select the social options you want to allow for your users. Then Save.

If a user attempts to sign-in via a social login that you've disabled, we notify the user about its unavailability. We then prompt the user to create a password for their Adobe ID or Enterprise ID. Then, the user will sign in using these credentials.

Note:

This option is not available if you've set up Federated ID users. Federated ID users always use the configured single sign on provider.

Manage location-based access

You can enable or restrict your users' use of specific Adobe account profiles and their associated apps based on their IP address. This allows your organization to prevent users from accessing apps outside designated areas such as offices or institutes.

When you set specific IP addresses to the Allowed IP addresses list, it restricts users from:

  • using an IP-restricted account profile
  • switching profiles on web apps outside the set IP address range
Image displays Authentication settings window in Admin Console focusing on the location-based access section. Displays an Add IP address button.

Follow the steps below to enable location-based access in your Adobe Admin Console:

  1. Select and expand Privacy and security in the selection menu and select Authentication setttings.

  2. In the IP address restriction section, select Add IP address.

  3. In the Add IP address window, enter the IP addresses you want to allow and Save. Use a comma to separate multiple IP addresses. Example: 192.168.0.0/16.

    Add admin's IP address first

    We recommend that you start with adding your own IP address as an admin to avoid being blocked from the Adobe Admin Console.

Your IP addresses are added in a few minutes after entering and associated users will see the restriction when they try to sign in the next time.

You can also remove the IP addresses from the allow-list by selecting one or more IP addresses.

Note:
  • If you're locked out of the Admin Console because you entered an invalid IP address, contact Adobe customer care.
  • When location-based access is enabled, no forced logout occurs. Users are only impacted when they try to choose the restricted profile when signing in.

Manage advanced settings

To control how long your users remain authenticated in Adobe apps, use the following Advanced settings:

  • Max session life: Users need to reauthenticate after the duration you specify. The session life is effective on all user sessions of Adobe apps across devices.
  • Max idle time: Adobe will automatically sign out users who do not interact with the account for a period more than the idle time that you specify. The idle time affects the following Adobe Web Applications:
    • Creative Cloud Web
    • Adobe Express
    • Adobe Stock
    • Adobe Color
    • Adobe Font
    • Creative Cloud Assets
    • Behance/Portofolio
    • Acrobat.com
Note:

If a user is a member of multiple organizations with advanced authentication policies, the most restrictive policies will apply to that user. For example, if one policy defines a Maximum session life as 12 days and another defines this setting as 9 days, the user is reauthenticated every 9 days.

Tip:

We recommend that you do not set short session policies unless you require stricter security measures. Short session policies will require users to sign in more frequently. Leaving these policies at their default state is the right choice for most Adobe customers.

Get help faster and easier

New user?