Okta

Creative revolution

Adobe undertakes a monumental business and technological shift, turning Creative Suite into Creative Cloud.

Identity challenges

Adobe recognizes the need to scale how they create federated connections between Creative Cloud and their enterprise customers' identity systems.

Internal identity management

Adobe selects Okta Enterprise Edition to enable internal single sign-on for 20,500 employees worldwide.

A meeting of minds

Building on the success of Okta-enabled enterprise SSO, Adobe engages Okta to deliver a comprehensive authentication layer across Adobe Creative Cloud for enterprise.

Expansion

Adobe Creative Cloud hits the 5.3 million subscriber mark in 2015, and extends the Okta authentication layer to Adobe Marketing Cloud and Adobe Document Cloud.

A More Connected Creative Cloud

Adobe's IT and product leaders explain how the company used Okta as an authentication layer for both internal employees and for Adobe Creative Cloud.

Watch the full video

Using Okta at Adobe has allowed my organization to focus on the key differentiators in our product, building value for our customers and investing our time and efforts in the things that make our customers successful.

Scott Castle, Director Product Management, Digital Media, Adobe

A bold move to the cloud

In 2012 Adobe launched Creative Cloud and changed the creative world forever. The pivot moved all of its famed Creative Suite products to the cloud. A Creative Cloud membership would provide users with access to download and install every Adobe Creative Suite application.

Placing the whole creative workflow in the cloud changed Adobe’s business cycle fundamentally. Almost overnight they transitioned from perpetual product licenses and 18-month release cycles to monthly and yearly subscriptions and regular product updates.

It also changed their identity and access needs. The first release of Creative Cloud wasn’t able to connect with the corporate identity systems that many of Adobe’s enterprise customers already have in use. IT admins were having to set up and manage an entirely new set of user credentials within Adobe Creative Cloud, which created redundancies and inefficiencies down the road when users forgot a password or updated any of their credentials.

It did not make sense for Adobe to build in-house, a scalable way to create federated connections between Creative Cloud and enterprise customers’ identity systems. Engineering resources are better deployed to think up the next creative feature in Photoshop Creative Cloud or bring new connected creative mobile apps to market. “I don't want to reinvent the wheel in our identity stack. I want to use what's best in class in the market and then apply the Adobe-specific requirements to that stack to get something out to our customers really quickly," says Scott Castle, product manager for Creative Cloud.

Dual cloud challenges

Adobe’s product team wasn’t alone in dealing with authentication issues. By late 2014, the small internal IT team at Adobe was supporting some 300 cloud applications with an open-source single-sign-on solution they built themselves. That year, the company decided to deploy Microsoft Office 365 to all 13,500 Adobe employees—moving email, calendaring, and Sharepoint tools to the cloud. The old identity management platform, with its occasional quirks and outages, wasn’t going to cut it.

Fortunately, says Den Jones, senior manager of IT services, it was around this time that the team was introduced to Okta. Working with an outside vendor made sense—one focused on securing and authenticating apps in the cloud, rather than on building brilliant expressive design tools.

After reviewing their options and Okta’s record in the industry, Adobe IT decided to sunset the internal single-sign-on system and deploy Office 365 with Okta authentication. After that roll-out, they began moving the rest of their cloud apps to the Okta platform. Because maintenance for the old platform was up for renewal, they were working on a fairly tight deadline: Three months to migrate 300 apps.

The timeline turned out to be perfectly reasonable, much to the delight of Jones and his team. It took about four weeks to get through the first 200+, he says. Today, most apps take minutes to provision, rather than the weeks or months it had taken before. Today, most apps take minutes to provision, rather than the weeks or months it had taken before. Since then, Adobe has deployed multiple products from the Okta Identity Cloud across its growing employee base, securing and managing its workforce of 20,500 employees.

Identity for everyone

After working with Okta to secure employee access to cloud apps, Adobe IT was pretty clear about who the product team needed to work with to build enterprise identity into Creative Cloud for enterprise. Soon, Adobe engaged Okta to put the same powerful identity services into the hands of Adobe’s product engineers.

Today, Adobe uses Okta to offer a comprehensive identity management layer to all its enterprise customers, including Adobe Marketing Cloud and Adobe Document Cloud, as well as Creative Cloud. The connected solution secures Adobe Cloud apps and lets users access Adobe’s innovative tools with their existing corporate credentials—safely, quickly, and cost-effectively.

To make Creative Cloud users successful (and keep their customers’ IT departments happy), Adobe’s enterprise identity platform does a few very important things:

  • Connects with customers’ corporate identity systems—such as AD or LDAP—so IT admins don’t have double the management activities
  • Integrates Okta functionality into Adobe Creative Cloud’s existing code
  • Stands up with Adobe’s branding on top
  • Federates individual user identities with individual accounts, as well as multiple enterprise and agency accounts

A new kind of internal IT

What was remarkable about Adobe’s journey with Okta was how closely Adobe’s internal IT and product development teams worked to make identity management seamless for Creative Cloud’s enterprise customers.

Initially, Castle’s team consulted with Adobe IT to discover how Okta was working internally. Then, once the decision was made to go with Okta, people on the IT team helped document and whiteboard potential Creative Cloud solutions.

Jones explains, "It wasn't just Okta trying to advise the Creative Cloud team how they think it should work based on their experience deploying this kind of thing to enterprises. We also had Adobe's own IT team who were saying, you know, we've done this before, and we could share and add value that way."

When the solution was ready to roll out, Adobe employees were customer zero. While the process was underpinned by various teams within Adobe, IT held key pieces of the puzzle.

Today, Adobe’s IT team is more embedded in product development than ever before.

About Adobe

Adobe is the global leader in digital marketing and digital media solutions. Their tools and services allow customers to create groundbreaking digital content, deploy it across media and devices, and measure and optimize it over time.