🎉 1Kosmos named an Overall Leader in KuppingerCole enterprise passwordless authentication

Read the report

🎉 1Kosmos named an Overall Leader in KuppingerCole enterprise passwordless authentication

Read the report

🎉 1Kosmos named an Overall Leader in KuppingerCole enterprise passwordless authentication

Read the report

Integrations

/

Adobe Creative Cloud

Adobe Creative Cloud

1Kosmos integrates with Adobe Creative Cloud as a SAML 2.0 identity provider, enabling creative teams to access Creative Cloud applications using biometric authentication.

Integration type

SSO

Added

Overview

1Kosmos integrates with Adobe Creative Cloud as a SAML 2.0 identity provider, enabling creative teams to access Creative Cloud applications using biometric authentication.

This integration is configured through the Adobe Admin Console, which manages Federated ID directories and SAML SSO for Creative Cloud. Adobe uses Federated IDs for SSO-enabled access, meaning users in a claimed domain authenticate through the configured identity provider rather than directly through Adobe. 1Kosmos is configured as the third-party SAML identity provider for that Federated ID directory.

The configuration requires downloading the Adobe federation metadata, uploading it to the 1Kosmos AdminX portal, and then uploading the 1Kosmos signing certificate back to the Adobe Admin Console to complete the trust relationship.


Prerequisites

  • Active 1Kosmos tenant: Community administrator access to the AdminX portal. Contact 1kosmos.com/contact if your tenant is not yet provisioned.

  • Adobe Admin Console access: System Administrator rights to the Adobe Admin Console, including the ability to create directories, claim domains, and configure SSO.

  • Claimed and verified domain: The email domain used by your organization must be claimed and verified in the Adobe Admin Console before SSO can be configured. Users will be provisioned as Federated IDs under this domain.

  • Creative Cloud for enterprise subscription: SSO with Federated IDs requires an Adobe Creative Cloud for enterprise or teams plan that supports external identity providers.

  • 1Kosmos mobile app installed: Users must have the app on iOS or Android with biometrics enrolled before testing.


Configuration values

Values to collect from the Adobe Admin Console (SP) for AdminX:

Field

Where to find it

Entity ID (Audience URI)

Adobe Admin Console → Settings → Identity → [your directory] → Download Metadata → EntityDescriptor entityID attribute

ACS URL (Assertion Consumer Service URL)

Adobe Admin Console → Settings → Identity → [your directory] → Download Metadata → AssertionConsumerService Location attribute

Adobe Metadata XML file

Downloaded from the Adobe Admin Console during Federated ID directory setup

Values to collect from 1Kosmos AdminX (IdP) for Adobe:

Field

Where to find it

IdP SSO URL

AdminX → Settings → IdP Configuration → Single SignOn Service URL

IdP Entity ID

AdminX → Settings → IdP Configuration → Core Configuration → IdP Name

Signing Certificate (.cert file)

AdminX → Settings → IdP Configuration → Signing Certificate → copy and save as .cert


Integration steps

Step 1: Create a Federated ID directory in Adobe Admin Console

  • Log in to the Adobe Admin Console and navigate to Settings → Identity → Directories.

  • Click Create Directory, enter a name, select Federated ID, and click Next.

  • When prompted to choose an identity provider, select Other SAML Providers and click Next.

  • Download the Adobe Metadata file from this screen. You will upload this to AdminX in the next step.

  • Note the Entity ID and ACS URL values displayed on this screen before proceeding.

Step 2: Add Adobe Creative Cloud as a SAML application in AdminX

  • Log in to the AdminX portal and navigate to Applications → Add Application.

  • Scroll to the Custom App section, select SAML 2.0 Generic, and click Add integration. Click Add Application to proceed.

  • Enter "Adobe Creative Cloud" as the Application Name, set Instance to Production, and enter https://adminconsole.adobe.com as the Application Access URL. Click Next.

  • On the SAML Settings screen, click Upload and select the Adobe Metadata XML file downloaded from the Admin Console. The fields will auto-populate from the metadata.

  • Confirm the NameID Format is set to urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress and the NameID Value is set to email.

  • Add a claims mapping for email with Format set to Username. Click Next.

  • On Advanced Options, confirm the Entity ID and ACS URL match what was shown in the Adobe Admin Console. Enable Assertion signing. Click Save.

Step 3: Export the 1Kosmos signing certificate

  • In the AdminX portal, navigate to Settings → IdP Configuration.

  • In the Signing Certificate section, click View Certificate and copy the certificate content.

  • Save the content as a file with a .cert extension (e.g., 1kosmos.cert).

Step 4: Complete the SAML configuration in Adobe Admin Console

  • Return to the Adobe Admin Console and navigate to the Federated ID directory you created.

  • In the SAML SSO profile section, click Upload Certificate and select the .cert file exported from AdminX.

  • Enter the 1Kosmos IdP SSO URL in the IdP Login URL field.

  • Enter the 1Kosmos IdP Entity ID in the Issuer field.

  • Click Save.

Step 5: Add users to the Federated ID directory

  • In the Adobe Admin Console, navigate to Users and add or migrate users to the Federated ID directory.

  • Users must be assigned to the directory using email addresses within the claimed domain. Their login experience will now route through 1Kosmos.

Step 6: Test the integration

  • Navigate to creativecloud.adobe.com or open the Creative Cloud desktop app.

  • Enter a Federated ID user's email address and click Next.

  • You will be redirected to the 1Kosmos login screen. Open the 1Kosmos mobile app, tap Scan QR, scan the code, and complete biometric authentication.

  • Confirm you are signed into Creative Cloud after successful authentication.

  • Test with a single user before migrating the full user base to Federated IDs.


Attribute mappings

Source (1Kosmos)

Target (Adobe)

Description

user.email

NameID (emailAddress)

Primary SSO identifier; must match the Federated ID email in the Adobe Admin Console


Integration notes

Adobe's SSO implementation requires users to be provisioned as Federated IDs under the claimed domain directory. Users with existing Adobe IDs using email addresses in the claimed domain are not automatically migrated to Federated IDs.

Adobe provides an Asset Migration tool to transfer content from Adobe ID accounts to Federated ID accounts before migration. Keep at least one System Administrator account accessible through direct Adobe credentials during the SSO rollout.

If the SAML configuration is incorrect, Adobe provides a fallback login URL for administrators in the format https://adminconsole.adobe.com.

Transform how you verify and authenticate

Secure onboarding, eliminate passwords, and stop fraud on one platform. Schedule a demo and see it in action.

Request a demo

Talk to sales

Transform how you verify and authenticate

Secure onboarding, eliminate passwords, and stop fraud on one platform. Schedule a demo and see it in action.

Request a demo

Talk to sales

Transform how you verify and authenticate

Secure onboarding, eliminate passwords, and stop fraud on one platform. Schedule a demo and see it in action.

Request a demo

Talk to sales