Adobe Creative Cloud agreements support several methods of identifying and licensing users. These identity types define ownership and control of user accounts, data, and enterprise features. When a school makes the transition to offering named-user licenses for Adobe Creative Cloud through the Adobe Admin Console, one of the first things they need to consider is which ID type will best fit their organization’s needs. But what is the best identity type for schools?
To answer this question, let’s look at each of the three identity types Adobe offers. Then we’ll discuss why schools that offer Adobe Creative Cloud through the Adobe Admin Console generally benefit more from one than the others.
Adobe Identity Types
As established, Adobe supports three identity types in the Adobe Admin Console – Adobe IDs, Enterprise IDs, and Federated IDs. The core distinctions between them relate to who creates, owns, and manages the licenses assigned to end users, and to how the authentication is performed.
Let’s take a closer look at each of these ID types.
Adobe IDs are created and managed by end users – the individuals who will actually make use of the accounts. Schools that rely on this identity type have no control over or visibility into student, faculty, and staff accounts, including any data or user-generated content associated with them.
Adobe IDs can be described as Adobe Creative Cloud’s ‘self-serve’ option for identity provisioning. These ID types are convenient for individuals, and they work fine in environments where no central oversight or management of accounts is required. However, Adobe IDs are less ideal in enterprise environments that may include thousands of users – particularly when each user has distinct usage rights and eligibility restrictions, as is often the case in education. For K-12 schools, this ID type isn’t even an option, as underage users aren’t eligible.
Enterprise IDs are a more business-tailored identity type than Adobe IDs. These IDs are created by organizations rather than by individuals within an organization. Adobe hosts the IDs, but they’re managed by school staff. This makes for a more hands-off experience for end users, as it removes the need for them to actively manage their own accounts.
One downside to Enterprise IDs is that they don’t support multi-factor authentication. This limits users’ options for keeping their accounts secure. In the face of tightening privacy laws and increasing emphasis on cybersecurity, this limitation is not ideal for schools or users.
Like Enterprise IDs, Federated IDs are managed at the organizational level and are better suited for business use than Adobe IDs. However, there are a few key distinctions between these ID types.
Federated IDs are linked directly to an organization’s enterprise directory via federation. User info is passed from the directory to the Admin Console via SAML, eliminating the need to manually import users. Authentication is facilitated by any SAML 2.0-based single sign-on (SSO) user authentication method, such as Shibboleth, ADFS, Okta, or Ping.
Which Should Schools Pick?
Though every ID type has its uses and drawbacks, Federated IDs are generally the best suited for institutions that need to maintain strict control over the apps and services available to users
Additionally, by integrating with an organization’s existing SSO mechanism, Federated IDs allow users to access Adobe Creative Cloud using the same user ID and password they’re already using to access other school resources. This means less password fatigue for students and fewer support requests for school IT staff. It also makes for a more seamless end-user experience, as students and faculty can move from Adobe Creative Cloud to their school’s Learning Management System (LMS) to their school email account and more without having to sign in multiple times.
The Kivuto Cloud platform supports all three Adobe ID types, but we generally advise customers to go with Federated IDs. However, if you’d like to learn more about the available ID types and discuss which would work best for your school, you can reach out to us at firstname.lastname@example.org.