Home  ›  How to Find Out Who Created a Domain_6 Account

How to Find Out Who Created a Domain_6 Account

Written By Sunday, November 28, 2021 Add Comment Edit

Set up directories: To use Enterprise IDs or Federated IDs, start by setting up a directory to which you can link one or more domains. Learn more >

Set up domains: Your end users are authenticated against domains that you need to set up in the Admin Console.Learn more >

Link domains to directories: After you have set up your directories and domains, group the domains by linking them to directories.
Learn more >

Directory trusting: Use directory trusting to trust system admins of other organizations.
Learn more >

Migrate SHA-1 directories to SHA-2: Update old SHA-1 authenticated directories to the SHA-2 profile.
Learn more >

Move domains across directories: Structure directories by moving domains across directories within the Admin Console.
Learn More >

As a system admin on the Admin Console, one of your first tasks is to define and set up an identity system against which your end users will be authenticated. As your organization purchases licenses for Adobe products and services, you will need to provision those licenses to your end users. And for this, you will need a way to authenticate these users.

Adobe provides you with the following identity types that you can use to authenticate your end users:

  • Business ID
  • Enterprise ID
  • Federated ID
  • Adobe ID

If you want to have separate accounts owned and controlled by your organization for users in your domain, you must use either Enterprise ID or Federated ID (for Single- Sign-On) identity types.

So as to provide benefits such as enterprise storage and other enterprise-level features, we are migrating all existing Adobe IDs to Business IDs. All new business customers will use Business IDs for their team members.

You'll receive advance communication when your organization is scheduled for this upgrade. For more information, see Introduction to Business IDs and new storage features. Until your organization is migrated, you will continue to use Adobe ID type to access the organization. Support for Adobe IDs will then be reserved for individual customers only.

This article provides the details required to set up the identity system that you will need if you plan to use Enterprise ID or Federated ID to authenticate your end users.

The set up directory and set up domain procedures described in this document are completely decoupled. This means that you can do these procedures in any order or in parallel. However, the procedure to link email domains to directories will be done only after you have completed both these procedures.

Key terms and concepts

Before we get into the procedures, these are some concepts and terms that you need to be aware of:

A directory in the Admin Console is an entity that holds resources such as users and policies like authentication. These directories are similar to LDAP or Active Directories.

Organization identity provider such as Active Directory, Microsoft Azure, Ping, Okta, InCommon, or Shibboleth.

To know more about setting up SSO for Creative Cloud with some of the commonly used IdPs, see More like this at the end of the article.

Created and owned by a business. Managed by the end user. A Business ID (and all assets contained associated with this ID) is owned by the business. End users cannot sign up and create a personal Business ID, nor can they sign up for additional products and services from Adobe using a Business ID.

No setup is necessary before you can start using Business IDs. Admins invite users to join the organization, and can remove them. Admins can delete or take over the accounts. Admins create a Business ID and issue it to a user. Admins can revoke access to products and services by taking over the account, or deleting the Business ID to permanently block access to associated data.

The following are a few requirements and scenarios where Business IDs are recommended:

  • If you want admin to create and own the users' identities.
  • If users are expected to use other Adobe services, which do not currently support Enterprise or Federated IDs
  • If users already have Adobe IDs, and business-associated data such as files, fonts, or settings.
  • In educational setups, where students can retain their Adobe ID after they graduate.
  • If you want the admin to create and manage the accounts of contractors and freelancers.
  • If you have an Adobe teams contract
  • If you need emergency access to user's files and data.
  • If you need the ability to completely block or delete a user's account.

So as to provide benefits such as enterprise storage and other enterprise-level features, we are migrating all existing Adobe IDs to Business IDs. All new business customers will use Business IDs for their team members.

You'll receive advance communication when your organization is scheduled for this upgrade. For more information, see Introduction to Business IDs and new storage features. Until your organization is migrated, you will continue to use Adobe ID type to access the organization. Support for Adobe IDs will then be reserved for individual customers only.

Created, owned, and managed by an organization. Adobe hosts the Enterprise ID and performs authentication, but the organization maintains the Enterprise ID. End users cannot sign up and create an Enterprise ID, nor can they sign up for additional products and services from Adobe using an Enterprise ID.

Admins create an Enterprise ID and issue it to a user. Admins can revoke access to products and services by taking over the account, or deleting the Enterprise ID to permanently block access to associated data.

The following are a few requirements and scenarios where Enterprise IDs are recommended:

  • If you need to maintain strict control over apps and services available to a user.
  • If you need emergency access to files and data associated with an ID.
  • If you need the ability to completely block or delete a user account.

Created and owned by an organization, and linked to the enterprise directory via federation. The organization manages credentials and processes Single Sign-On via a SAML2 Identity Provider (IdP).

The following are a few requirements and scenarios where Federated IDs are recommended:

  • If you want to provision users based on your organization's enterprise directory.
  • If you want to manage authentication of users.
  • If you need to maintain strict control over apps and services available to a user.

The Identity Provider must be TLS 1.2 compliant.

Created, owned, and managed by the end user. Adobe performs the authentication and the end user manages the identity. Users retain complete control over files and data associated with their ID. Users can purchase additional products and services from Adobe. Admins invite users to join the organization, and can remove them. However, users cannot be locked out from their Adobe ID accounts. The admin can't delete or take over the accounts. No setup is necessary before you can start using Adobe IDs.

The following are a few requirements and scenarios, where Adobe IDs are recommended:

  • If you want to enable users to create, own, and manage their identities.
  • If you want to allow users to purchase or sign up for other Adobe products and services.
  • If users are expected to use other Adobe services, which do not currently support Enterprise or Federated IDs.
  • If users already have Adobe IDs, and associated data such as files, fonts, or settings.
  • In educational setups, where students can retain their Adobe ID after they graduate.
  • If you have contractors and freelancers who do not use email addresses on domains you control.
  • If you have an Adobe teams contract, you will need to use this identity type

The portion of an email address after the @ symbol. To use a domain with Enterprise or Federated ID, you must first validate your ownership of that domain.

For example, if an organization owns multiple domains (geometrixx.com, support.geometrixx.com, contact.geometrixx.com) but their employees are authenticated againstgeometrixx.com. In this case, the organization will use thegeometrixx.com domain to set up their identity on the Admin Console.

System admin

  • Works with IdP directory managers and DNS managers to set up identity in the Admin Console. This document is targeted at System admins who will have access to the Admin Console. The persona is expected to work with the other personas who (usually) will not have access to the Admin Console.

DNS manager

  • Updates DNS tokens to validate domain ownership

Identity Provider (IdP) directory manager

  • Creates connectors in the IdP

User identities are verified against an authentication source. To use Enterprise ID or Federated ID, set up your own authentication source by adding a domain. For example, if your email address is john@example.com, example.com is your domain. Adding a domain permits the creation of Enterprise IDs or Federated IDs with email addresses on the domain. A domain can be used either with Enterprise IDs or Federated IDs, but not both. You can however add multiple domains.

An organization must validate their control over a domain. An organization can also add multiple domains. However, a domain can be added only once. Known public and generic domains, such as gmail.com or yahoo.com cannot be added at all.

To know more about the Identity types, see Manage identity types.

SHA-1 and SHA-2 are certificate models responsible for the security of your directory's authentication profiles. As SHA-2 offers better security than the older SHA-1 certificates, all new and migrated authentication profiles use the SHA-2 certificate.

Create directories

To use Enterprise IDs or Federated IDs, start by creating a directory to which you can link one or more domains. By default, your organization has a Business ID directory that does not require any set up.

Adobe currently does not support IdP-initiated workflows.

If your organization has (or plans to) setup Microsoft Azure as your SSO provider, we recommend that you use our Azure connector. And, follow the steps detailed in Set up Azure Connector: Create a directory section.

If your organization has (or plans to) setup Google federationas your SSO provider, we recommend that you use our Google connector. And, follow the steps detailed in theSet up Google Federation: Create a directory in the Adobe Admin Console section.

Use the below procedure if your organization is using one or more among the following:

  • Enterprise IDs
  • A SAML provider other than besides Azure or Google
  • Microsoft Azure or Google federation via SCIM.

  1. Sign in to the Admin Console and navigate toSettings > Identity.

  2. Navigate to Directories tab, click Create Directory.

  3. In the Create a Directory screen, enter a name for the directory.

  4. Choose Federated ID and clickNext and proceed to step 5.

    Choose Enterprise ID and click Create Directory.

    If you create anEnterprise ID directory, you're done with this directory procedure.

    Go ahead and set up your domains.

  5. (Federated ID only) ChooseOther SAML Providers clickNext.

  6. Use theAdd SAMLprofilescreen to get the set up information for your identity provider.

    Some Identity Providers (IdP) accept a metadata file that you can upload, while others may require the ACS URL and the Entity ID. For example:

    • For Azure Active Directory: Upload themetadata file.
    • For Google: Copy theACS URL andEntity ID and use these in theGoogle IdP software.
    • For SalesForce: Download themetadata file, extract the certificate information from the file and use that certificate information inSalesForce IdP software.

    The Azure and Google options above are required if you've chosen not to use our Azure and Google connectors, respectively.

    • If you're using the Azure connector, follow the steps detailed in Set up Microsoft Azure AD Con nector article.
    • If you're using the Google connector, follow the steps detailed in Set up Google Federation article.

    Choose one of the methods given below options.

    Method 1:

    Click Download Adobe Metadata file.

    The metadata file is downloaded to your local disk. Use this file to configure your SAML integration with the Identity Provider.

    Method 2:

    Copy the ACS URL and the Entity ID.

    Add SAML profile

  7. Switch to your IdP application window and either upload the metadata file or specify the ACS URL and Entity ID. Once done, download the IdP metadata file.

  8. Return to the Adobe Admin Console and upload the IdP metadata file in the Add SAML Profile window and click Done.

Set up domains

You do not need to manually add domains if your organization's directory is set up via Microsoft Azure AD Connector or Google Federation. Selected domains validated within your identity provider's setup are automatically synced to the Adobe Admin Console.

Your end users are authenticated against domains that you need to set up in the Admin Console.

To set up domains:

  1. Add domains to the Admin Console
  2. Prepare to validate domain ownership by adding a special DNS record
  3. Validate the domains

The domains that you add to the Admin Console do not need to be registered with the same IdP. However, when you link these domains to a directory, you need to link domains from different IdPs to different directories.

You cannot add a domain to the Admin Console if it has already been added to another organization's Admin Console. You can, however, request access to that domain.

  1. Sign in to the Admin Console and navigate toSettings > Identity.

  2. In the Domains tab, click Add Domains.

  3. On the Add Domains screen, enter one or more domains, and click Add Domains. You can only claim and validate 15 domains at a time and add remaining domains subsequently.

  4. In the Add Domains screen, verify that the list of domains and click Add Domains.

Your domains are now added to the Admin Console. Now, demonstrate ownership of these domains.

An organization must demonstrate their ownership of a domain. An organization can add as many domains to the Admin Console as required.

The Admin Console allows one organization to use a single DNS token to demonstrate ownership of all its domains. Also, the Admin Console does not require DNS validation for subdomains. This means that when you use the DNS token and demonstrate ownership of a domain, all subdomains of that domain are validated instantly as they are added to the Admin Console.

  1. Sign in to the Admin Console, navigate toSettings > Identity, and go to the Domains tab.

  2. Click and chooseAccess DNS Token from the drop-down list.

  3. Work with your DNS manager to add a special DNS record for the domains that you have added.

  4. To verify that you own the domain, you must add a TXT record with the generated DNS token. The exact instructions depend on your domain host. For generic guidelines, see verify ownership of a domain.

  5. Add information to your DNS servers to complete this step. Let your DNS manager know in advance so that this step can be completed in a timely manner.

    Adobe periodically checks the DNS records for your domain. If the DNS records are correct, the domain is validated automatically. If you want to validate the domain immediately, you can sign into the Admin Console and validate it manually. Next, you need to validate domains.

The Admin Console attempts to validate domains you have added several times a day, so you need not take any action to validate a domain once the DNS records are properly configured.

Manually validate domains

If you need to validate your domain immediately, you can do this on the Admin Console. To manually validate your domains:

  1. Sign in to the Admin Console.

  2. Navigate to Settings > Identity and go to the Domains tab.

  4. In the Validate Domain Ownership screen, click Validate Now.

You might receive error messages when trying to validate as it can take up to 72 hours for DNS changes to go into effect. To know more, see common questions related to DNS record.

After verifying your domain's ownership, link the validated domains to the required directories in the Admin Console.

After you have set up your directories and domains in the Admin Console, you need to link the domains to the directories.

You can link multiple domains to the same directory. However, all the domains that you link to a single directory must share identical SSO settings.

  1. Sign in to the Admin Console and navigate to Settings > Identity.

  2. Click the check box to the left of the domain name and click Link to Directory.

    If you want to link multiple domains to the same directory, multi-select the check boxes for these domains.

  3. In the Link to directory screen, choose the directory from the dropdown and click Link.

Manage users

After you've completed your Enterprise ID or Federated ID setup, you're ready to provide the purchased Adobe products and services to your users.

Read an introduction to users on the Admin Console. Or jump right in and add users to the Admin Console, using one of these methods:

  • If you've set up the Azure connector, learn how to Set up users and groups in the Azure AD.
  • If you've set up the Google connector, learn how to Authorize and set up user provisioning in the Google Admin console.
  • Else, add individual users, use CSV bulk upload, the User Sync tool, or the User Management REST API

Once users are added to the Admin Console, provision users by assigning them to Product Profiles.

Directory trusting

The ownership of a domain can only be claimed by a single organization. So consider the following scenario:

A company, Geometrixx, has multiple departments, each of which has their own unique Admin Console. Also, each department wants to use Federated user IDs, all using the geometrixx.com domain.  In this case, the system administrator for each of these departments would want to claim this domain for authentication. The Admin Console prevents a domain from being added to more than one organization's Admin Console. However, once added by a single department, other departments can request access to the directory to which that domain is linked on behalf of their organization's Admin Console.

Directory trusting allows a directory owner to trust other system admins (trustees). After this, trustee organizations in the Admin Console can add users to any domain within the trusted directory.

To summarize, you must add a domain if you plan to use Enterprise ID or Federated ID on your Admin Console. If another organization has already added this domain, you have to request trustee access to the directory containing this domain. However, when the trustee organization adds users to the trusted domains, they are added as Business ID users. Even though they are configured as Business ID users, they will be authenticated by the authentication framework of the owning organization.

To request access to a directory, see the steps in the Add domains procedure in Set up domains.

  • As an owner of a directory, if you approve an access request for a directory, the trustee organization will have access to all domains linked to the directory, as well as any domains linked to that directory in the future. So planning the domain-to-directory linking is essential as you set up the identity system in your organization.
  • Before adding, requesting, revoking, or withdrawing a trust request, westrongly recommend that you export a user list from the Admin Console or Consoles involved prior to making changes. This list will provide a snapshot of all user data, including name, email, assigned product profiles, and assigned admin roles in case you need to rollback.
  • There are specific steps to follow to migrate a domain that includes a trust relationship. You should not revoke a trust relationship when migrating a trusted domain to prevent loss of user account and product access in the trustee's organization.
  • Directory trust can't be set up between organizations that are under different storage models (user storage model and enterprise storage model). See this article for Issues due to user access to both enterprise storage and legacy user-based storage.

Domain trustee

If you add existing domains to the Admin Console, you are prompted with the following message:

If you request access to this domain, your name, email, and organization name is shared with the request to the system administrators of the owning organization.

The new directory type is Business ID and user authentication depends on how it was set up by the owning organization.

Since the domain has already been set up by the owner (see Demonstrate ownership of the domains in the Set up domains for details), as the trustee, you do not need to take any additional action. When the access request is accepted by the owner, your organization can access the directory and all its domains, as configured by the owning organization.

  1. Sign in to the Admin Console and navigate to Settings > Identity.

  2. Go to the Access Requests tab and check the status against each directory for which you have requested access.

  3. You can also click the row item in the list of access requests and click Resend Request or Cancel Request.

If your request access to the directory is accepted by the owning organization, you receive an email notification. Your trust request disappears and instead the trusted directory and its domains appear with the status Active (trusted) in your Directories and Domains listings.

Go ahead and add users and user groups and assign them to product profiles.

As the trustee organization, if you no longer have a need to access the trusted directory, you may withdraw your trustee status at any time.

  1. Sign in to the Admin Console and navigate to Settings > Identity.

  2. In the Directories tab, click the shared directory to withdraw your access from.

  3. In the directory details drawer, click Withdraw.

If you withdraw your access to a trusted directory, any users associated with the domains in that directory are removed from your organization. However, these users could still access their assigned apps, services, and storage.

To stop users from using the software, remove them from Admin Console > Users> Remove users. Then, you can reclaim the deleted users' assets since your organization owns these assets.

Domain owner

As a system administrator of an owning organization, you can choose to accept or reject the requests for access to the directories that you own.

When you get an email request for access to a directory you own, you can either choose to accept or reject the request from within the email itself. You can also go to the Access Requests tab to manage the claim requests.

  1. Sign in to the Admin Console and navigate to Settings > Identity.

  2. Go to the Access Request tab.

  3. To accept all the requests, click Accept All.

    Or to accept requests for specific claims, click the check box to the left of each row and click Accept.

  4. In the Accept Access Request screen, click Accept.

An email notification is sent to the System admins of the trustee organizations.

You can also choose to reject the request for access to a directory that you own.

  1. Sign in to the Admin Console and navigate to Settings > Identity.

  2. Go to the Access Request tab.

  3. Click the check box to the left of each row and click Reject.

  4. In the Reject Access Request screen, enter a reason for the rejecting the request and click Reject.

The reason that you provide, is shared with the requesting organization via email. However, your email, name, and organizational information are withheld.

You can revoke the access of a trustee organization for which you have previously given access.

  1. Sign in to the Admin Console and navigate to Settings > Identity.

  2. Click the check box to the left of each row and click Revoke.

  3. In the Revoke Trustee screen, click Revoke.

If you revoke access to a trusted directory, any users associated with the domains in that directory are removed from the trusted directory. However, these users could still access their assigned apps, services, and storage.

To stop users from using the software, trustee admins can remove them fromAdmin Console >Users>Remove users. Then, they can reclaim the deleted users' assets since the trustee organization owns these assets.

Manage encryption keys

Using Creative Cloud or Document Cloud for enterprise, end users can store files safely and securely. Also, users can share files and collaborate with others. Files are accessible to users via the Creative Cloud website, Creative Cloud desktop app, and Creative Cloud mobile app. Storage is available with Creative Cloud or Document Cloud for enterprise only if it is a part of your organization's agreement with Adobe.

While all data on Creative Cloud and Document Cloud is encrypted, for extra layers of control and security, you can choose to have Adobe generate a dedicated encryption key for your organization. Content is then encrypted using standard encryption with a dedicated encryption key. If necessary, you can revoke the encryption key from the Admin Console.

Dedicated encryption keys are available only with the Creative Cloud or Document Cloud for enterprise shared services plans that include storage and services.

For more details, see how to manage key encryption on the Admin Console.

Migrate to new authentication provider

A self-service option is available to migrate established directories to a new authentication provider within the Adobe Admin Console.

Do not remove the existing setup on your IdP until you have confirmed that the new configuration is successful with 2 to 3 active accounts of the directory.

If removed prior to verification, you lose the ability to roll back to the former configuration and incur downtime while issues are resolved. To learn more, follow migration procedure.

Access requirements

To migrate to a new authentication provider, you need to meet the following requirements:

  • Access to your organization's Admin Console with System Administrator credentials
  • Must have an existing directory configured for federation in Admin Console
  • Access to configure your organization's identity provider (for example, Microsoft Azure Portal, Google Admin console, etc.)

Additional information can be found in Implementation Considerations.

Migration procedure

After you've ensured the access requirements and implementation considerations are met, follow the procedure below to edit your authentication profile and migrate your directory:

  1. In your Adobe Admin Console, go to Settings > Directories.

  2. Select the Edit action for the directory. Then, Select Add new IdP in the directory Details.

  3. Select the identity provider to set up the new authentication profile. Choose the identity provider (IdP) that your organization uses to authenticate users. Click Next.

  4. Based on your choice of Identity provider, follow the steps below:

    • ForAzure:
      Log In to Azure with your Microsoft Azure Active Directory Global Admin credentials andAccept the permission prompt. You're taken back to the Directory details in the Admin Console.

      • The Microsoft Global Admin login is only required to create an application in the organization's Azure Portal. The Global Admin's login information is not stored, and only used for the one-time permission to create the application.
      • When selecting the identity provider for Step 3 above, the Microsoft Azure option should not be used if the Username field in the Adobe Admin Console does not match the UPN field in Azure Portal.
        If the existing directory is configured to pass Username as the User Login Setting, the new IdP should be established under the Other SAML Providers' option. The login setting can be confirmed by selecting Edit option in the current directory under User Login Setting.
      • Choosing the Microsoft Azure' option in Step 3 only configures the identity provider and does not include directory sync services at this time.
      1. Copy theACS URL andEntity Id from theEdit SAML Configuration screen displays.
      2. In a separate window, log in to the Google Admin Console with Google Admin credentials and navigate toApps >SAML Apps.
      3. Use the+ sign to add new App and selectAdobe app. Then, download the IDP metadata under Option 2 and upload it to theEdit SAML Configuration in the Adobe Admin Console. Then, clickSave.
      4. Confirm theBasic Information for Adobe. Enter the previously copied ACS URL and Entity ID in theService Provider Details to finish. Note that there is no need to set up User Provisioning as this is not currently supported for existing directories.
      5. Last, go to Apps > SAML apps > Settings for Adobe > Service Status. Turn Service Status asON for everyone andSave.

      Sevice status

    • ForOther SAML Providers:

      1. Log in to your identity provider's application in a different window and create a new SAML app. (Do not edit the existing SAML app to prevent down-time for migration).
      2. Based on your identity provider's settings, copy the Metadata file or ACS URL and Entity ID from the Adobe Admin Console to the identity provider's settings.
      3. Upload metadata file from the identity provider setup to the Adobe Admin Console. Then, clickSave.

  5. In the Adobe Admin Console > Directory details, the new authentication profile is created. Use theTest to verify whether the configuration is set up correctly to ensure all end users have access to SAML apps.

    The Test feature ensures that the username format for the new authentication profile in their IdP matches the user information for the existing profile for user login.

  6. ClickActivate to migrate to the new authentication profile. Once done, the new profile displaysIn use.

    Before activating, go to Directory users in the Adobe Admin Console > check that the identity provider usernames match Admin Console usernames.

    For SAML, make sure that Subject field in the assertion from the new configuration matches the existing users' username format in the Admin Console.

After you've updated your directory setup, you can move domains from other SHA-1 directories to the new directory using domain migration. Note that users of the migrated domains must be in the identity provider that is configured to work with the new target directory.

To know more about limitations and avoid errors that you might encounter while configuring, see Common questions.

Move domains across directories

Organizations can structure directories by moving domains from source directories to target directories within the Admin Console. You can reorganize domain-to-directory linking based on your organization's needs without end users losing access to their products, services, or stored assets. Consolidating domains configured for the same identity provider into a single directory streamlines management for your IT teams.

If you plan to migrate domains from a directory to another one that contains a new identity provider (Azure, Google or other SAML) with SHA-2 authentication, you need to replicate the new IdP setup in both the directories. The new IdP setup enables test login for users of all domains within the directory. Do the following based on your new identity provider:

  • For Microsoft Azure: Add a new Azure IdP to your directory and log into the same Azure tenant.
  • For Other SAML providers (including Google): Upload the same metadata file which will point to the same SAML app on your IdP.

After the domain migration is complete, users, who are part of the new directory, will still have the ability to log in. This will eliminate downtime and ensure immediate access to their assigned Adobe apps and services.

  • Users are logged out of their accounts and cannot log into a new session during domain transfer. It's recommended to edit directories in off-peak hours to minimize end user disruption.
  • There are specific steps to follow to migrate a domain that includes a trust relationship.  You should not revoke a trust relationship when migrating a trusted domain to prevent loss of user account and product access in the trustee's organization.
  • Before any domain migration, westrongly recommendthat you export a user list from the Admin Console or Consoles involved prior to making changes. This list will provide a snapshot of all user data, including name, email, assigned product profiles and assigned admin roles in the case a rollback needs to be performed.
  • Currently, you can only move domains across directories where both the source and destination directories reside on Adobe's user storage model.

Why move domains

You can benefit from this feature in the following scenarios:

  • You have domains in old SHA-1 supported directories and you want to move to SHA-2 supported directories.
  • You want to migrate an existing directory to another identity provider with a SHA-2 authentication profile.
  • You have directories in a trust relationship or want to share directories for trusting, without allowing access to all domains within the trusted directory.
  • You have to group directories based on organization teams and departments.
  • You have a number of directories that are linked to single domains and want to consolidate.
  • You accidentally linked a domain to an incorrect directory.
  • You want to self-serve move a domain from Enterprise ID to Federated ID or Federated ID to Enterprise ID.

Handling encrypted or trusted directories

If the source or target directories are encrypted or are in a trust relationship, you are unable to move domains directly. Follow the given instructions to move domains in these cases:

Use case

Example

Suggested approach

To move domains between directories that are in the same trust relationship

Directory 1 and Directory 2 are configured in Console A and both have a trust relationship established with Console B.

Follow the move domain process.

To move domains between directories that are in trust relationships

* See Figure A for process diagrams

Directory 1 is configured in Console A and has a trust relationship established with Console B.

Within Console A, a domain in Directory 1 (Domain X) needs to move to Directory 2.

  1. Export a user list from the Console that owns the trust and all trustee Consoles prior to making changes.
  2. Establish a trust between all trustees and the destination directory (Directory 2) in Console A.
  3. Move domains from current directory (Directory 1) to destination directory (Directory 2) in Console A.
  4. Revoke a trust relationship from trustees in Directory 1 in Console A.
  5. Trustee removes revoked domain from Console B (repeat this step for additional trustees).
  6. When Directory 1 is in an empty state with no domains or trusts, you can delete the empty directory.

To move a domain or directory containing multiple domains to another Admin Console in your organization

Directory 1 is configured in Console A. But Directory 1 and its claimed domains need to move to Console B for ownership.

Reach out to Adobe Customer Care.

To move domains to or from an encrypted directory within the same Admin Console.

Directory 1 has encryption turned ON, and a domain from Directory 2 in the same Admin Console requires migration to Directory 1.

Moving domains to or from an encrypted directory is currently not supported.

Original state

Original state

Trusting State

Trusting state

Migrated State

Migrated State

Move domains

Follow the process below to transfer domains from a source directory to a target directory:

  1. Navigate to Domains and select the domains you want to move to the target directory. Then, click Edit Directory.

    Edit directory

  2. Select a directory from the dropdown on the Edit Directory screen. Use the toggle at the bottom to switch completion notifications on or off. Then, click Save.

    Select directory

You are sent to the Domains section under Settings > Identity. All the domains with their status are listed.

Once the domains have been transferred successfully, the system admins receive an email about the domain transfer. Next, you can edit directory names and delete empty directories as required.

Delete directories and remove domains

You can delete directory and domains from the Admin Console that are no longer in use.

You cannot delete a directory that has:

  • Active users
  • Linked domains
  • Trustees
  • Default Business ID directories

  1. Sign in to the Admin Console and navigate to Settings > Identity.

  2. Go to the Directories tab.

  3. Click the check box to the left of one or more directory names and click Delete Directories.

  4. In the delete directories screen, click Delete.

You cannot remove a domain if there are users with that domain in the Admin Console or if the domain is linked to one or more directories.

  1. Sign in to the Admin Console and navigate to Settings > Identity.

  2. Click the check box to the left of one or more domain names and click Delete.

  3. In the Remove Domains screen, click Remove.

How to Find Out Who Created a Domain_6 Account

Source: https://helpx.adobe.com/enterprise/using/set-up-identity.html

0 Response to "How to Find Out Who Created a Domain_6 Account"

Post a Comment

Subscribe to: Post Comments (Atom)

Iklan Atas Artikel

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel