Adobe Creative Cloud agreements support several methods of identifying and licensing users. These identity types define ownership and control of user accounts, data, and enterprise features. When a school makes the transition to offering named-user licenses for Adobe Creative Cloud through the Adobe Admin Console, one of the first things they need to consider is which ID type will best fit their organization’s needs. But what is the best identity type for schools?
To answer this question, let’s look at each of the three identity types Adobe offers. Then we’ll discuss why schools that offer Adobe Creative Cloud through the Adobe Admin Console generally benefit more from one than the others.
Adobe Identity Types
As established, Adobe supports three identity types in the Adobe Admin Console – Adobe IDs, Enterprise IDs, and Federated IDs. The core distinctions between them relate to who creates, owns, and manages the licenses assigned to end users, and to how the authentication is performed.
Let’s take a closer look at each of these ID types.
Adobe IDs are created and managed by end users – the individuals who will actually make use of the accounts. Schools that rely on this identity type have no control over or visibility into student, faculty, and staff accounts, including any data or user-generated content associated with them.
Adobe IDs can be described as Adobe Creative Cloud’s ‘self-serve’ option for identity provisioning. These ID types are convenient for individuals, and they work fine in environments where no central oversight or management of accounts is required. However, Adobe IDs are less ideal in enterprise environments that may include thousands of users – particularly when each user has distinct usage rights and eligibility restrictions, as is often the case in education. For K-12 schools, this ID type isn’t even an option, as underage users aren’t eligible.
Users with Adobe IDs also retain indefinite access to their work and files. Because schools often make Adobe Creative Cloud available at discounts reserved for students, faculty, or school staff, they have an obligation to ensure that those users do not retain access after they graduate, drop out, retire, or otherwise lose their academic status. To accomplish this with Adobe IDs, schools need to manually de-provision users as their eligibility expires. This creates an unacceptable administrative burden for many IT teams, and even deprovisioning users does not remove their access to files created while they were eligible.
Enterprise IDs are a more business-tailored identity type than Adobe IDs. These IDs are created by organizations rather than by individuals within an organization. Adobe hosts the IDs, but they’re managed by school staff. This makes for a more hands-off experience for end users, as it removes the need for them to actively manage their own accounts.
The main challenge with Enterprise IDs is that user passwords are managed by Adobe. This can be confusing to end users who forget or want to reset their password, as they often aren’t aware that this has to be done through Adobe. Because students sign in with their school-issued email addresses, they tend to assume that their school is responsible for providing support. This can result in already-overworked IT teams being inundated with password-reset requests that they can’t do anything about.
they’re within higher education is that they can be quite restrictive. Since account management is out of their hands, users don’t have the option to use their personal email address or set a password of their own choosing to sign in. Having to remember an extra set of sign-in credentials can be frustrating for end users and generate large quantities of support requests for already-overworked IT staff.
Like Enterprise IDs, Federated IDs are managed at the organizational level and are better suited for business use than Adobe IDs. However, there are a few key distinctions between these ID types.
Federated IDs are linked directly to an organization’s enterprise directory via federation. User info is passed from the directory to the Admin Console via SAML, eliminating the need to manually import users. Authentication is facilitated by any SAML 2.0-based single sign-on (SSO) user authentication method, such as Shibboleth, ADFS, Okta, or Ping.
Which Should Schools Pick?
Though every ID type has its uses and drawbacks, Federated IDs are generally the best suited for use by higher-education institutions.
By integrating with an organization’s existing SSO mechanism, Federated IDs allow users to access Adobe Creative Cloud using the same user ID and password they’re already using to access other school resources. This means less password fatigue for students and fewer support requests for school IT staff. It also makes for a more seamless end-user experience, as students and faculty can move from Adobe Creative Cloud to their school’s Learning Management System (LMS) to their school email account and more without having to sign in multiple times.
The Kivuto Cloud platform supports all three Adobe ID types, but we generally advise customers to go with Federated IDs. However, if you’d like to learn more about the available ID types and discuss which would work best for your school, you can reach out to us at email@example.com.
* * * *
Meet us at EDUCAUSE!
Kivuto will be at the EDUCAUSE Annual Conference this October, and we’d love to see you there. Book a meeting with us today to discuss how we help institutions simply, securely, and centrally manage digital licenses and entitlements.