Federated ID takes things a step further by supporting single sign-on (SSO) for the first time. SSO enables secure exchange of authentication information between two parties, namely the service provider (Adobe) and your identity provider (IdP). The service provider sends a request to your IdP, which attempts to authenticate the user. If this is successful, the IdP sends a response message to sign in the user.
What’s more, Adobe’s proprietary sync tool, which is included in this option, allows you to synchronize automatically with the Microsoft Active Directory, matching user groups, product deployments, permissions & co. with the Admin Console without any further ado.
You will also be able to draw on the security levels included in Enterprise ID. But whatever Adobe may be suggesting, it is still not 100 percent SSO. For instance, end users are still required to sign into the Creative Cloud products. That’s why I recommend that before switching to Federated IUD, you check whether this option actually meets your needs.
Once a domain has been registered as Federated, it takes quite a lot of effort to switch to the Enterprise ID. Let’s say your organization wants to give SSO integration a spin: In these cases I recommend that you claim a test domain that you own, provided your organization has an identity provider that includes the identities configured in this test domain. Proceeding in this way will allow you to test integration and familiarize yourself with the procedure of domain claiming and configuration. Another benefit of Federated ID is that home use permissions can be suppressed. Adobe ID allowed every end user to install for home use the applications made available by the employer for professional purposes. Although technically possible, the Adobe End User License Agreement (EULA) does not actually permit this kind of deployment, and the same applies to all other Adobe license programs as well.
If you delete a user in the Adobe Admin Console, the Enterprise ID and the Federated ID assigned to the end user’s ID will be automatically deleted as well after a few workdays, therefore preventing use of the Creative Cloud software and services.