1. Active Directory (AD) On-Premises
The Active Directory is used to manage users, applications, devices, file services and other resources in the local Windows network. However, the AD was not designed to manage web-based services. To perform SSO with the AD, two components are required: the Adobe User Sync Tool and an identity provider. The Adobe User Sync Tool connects the AD with the Adobe directory service and synchronizes the two automatically. In this way, Adobe user management can also be integrated into existing user lifecycle processes.
If, for example, a new employee comes into the company who needs an Adobe license, this is configured in an identity management system (IDM) and the license is provided automatically.
The identity provider (IDP) is responsible for the actual SSO. It is a service that is either installed locally or can be used as a cloud service. The IDP is connected between the user systems and the Adobe Cloud and takes over the authentication. To do this, a server must be configured that has access to the local AD and on which the users can log in via their systems.
2. Azure Active Directory (AAD)
The Azure Active Directory was specially developed for web-based services and is used for user management of all Microsoft Cloud Services. Anyone who uses Office 365, SharePoint or Exchange Online therefore uses the AAD anyway. With the AAD, SSO is much easier to implement than with the AD. Customers do not need a sync tool, nor do they need to install an additional IDP.
Because the AAD is usually already automatically synchronized with the local AD via the Microsoft Azure AD Connect it also takes on the role of the IDP itself. The AAD can communicate directly from cloud to cloud with the Adobe Cloud directory service. To establish the connection, all you have to do is set up the Azure AD Connector that Adobe provides. The connection is configured in a few minutes using an assistant.