This documentation has been tested and approved by Kelvin Zero's team

This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Adobe using Multi-Pass. SSO simplifies user authentication by allowing access to multiple applications with a single set of credentials. This integration enhances security and improves user experience across your organization.

To configure Multi-Pass SSO with Adobe, ensure you meet the following requirements:
- Adobe Administrator access
- MPAS Admin rights
- All users intended to use SSO in Adobe must be registered in your IdP and have the necessary permissions.
Important: Custom elements in URLs (like tenant names or unique strings) are case sensitive. Match the exact casing from your environment.

Adobe - SSO Configuration

Step 1 - Obtain Tenant XML Metadata from Multi-Pass (IdP)

• Open Multi-Pass Dashboard
• Select the correct tenant and go to Integrations, click on Applications.
• Select SAML in the custom integration section.
  

• Select Download under Tenant XML data and save the file locally.
  

Step 2 - Configure Adobe as the Service Provider (SP)

• Log into the Adobe Admin Console as an Administrator.
• Select Settings from the top bar.
• Select Create directory on the Identity Settings screen.
  

• Set the Directory Name to KZero Passwordless.
• Select Federated ID as the directory type.
  

• Select Other SAML Providers.
  

• Click Download Adobe metadata and save the file locally.
  

• Select Upload IdP Metadata under Step 2 and upload the metadata file obtained in Step 1.
  

• Click Next.
• Select Enabled beside Enable auto-account creation for this identity provider.
• Select your Default Country.
• Set Update user information in Admin Console when users sign in to Don’t Update.
  

• Click Next.
• In your newly created Directory, go to the Domains tab.
• Click Add domain.
  

• Select Add domains via DNS proof.
  

• Type in the domains you want to configure for SSO and select Next.
• Adobe will provide you with a TXT Record for each domain. Log into your DNS Manager and configure the TXT Record(s).
• In the Domains tab in Adobe, click Validate beside the domain. It should change to an Active status.
  

Step 3 - Configure Multi-Pass as the Identity Provider (IdP)

• Open Multi-Pass Dashboard
• Select the correct tenant and go to Integrations, click on Applications.
• Select SAML in the custom integration section.
  

• Select Upload File and upload the Adobe Service Provider Metadata you obtained in Step 2.
  

• Confirm/Complete the remaining fields based on the table below:
  

• Click Add Integration (if you have not already saved the client).
• Browse to the Advanced Console by clicking on the left side of your screen.
  

• Click Clients and use the search bar to look for adobe.
• Make sure all the fields are populated as shown below.
  

• Move to the tab Keys and ensure that both parameters are set to OFF.
  

• Go to the Advanced tab and set Assertion Consumer Service POST Binding URL (should be the same value as Valid Redirect URIs (ACS)) to: https://federatedid-na1.services.adobe.com/federated/saml/SSO/alias/<UNIQUE_STRING>.
• Go to the Client Scopes tab and select the first scope in the list.
  

• Select Add Mapper by Configuration → User Property and create the three mappers below.