Admin Console Password Protection Levels

Adobe Admin Console supports several password protection levels and policies to ensure safety and security. You can specify to use a password protection level to apply to all users across your organization. Adobe supports three levels of security.

Password protection levels

Note:

Password policies apply to all identity types supported on the Adobe admin console except the Federated ID type.

All accounts include a lockout mechanism. If the system detects a quick succession of multiple failed login attempts, the user account is temporarily unavailable to prevent brute force attacks.

To specify a password policy, do the following:

In the Admin Console, navigate to Settings > Privacy and Security > Authentication Settings.

Choose a level of authentication for your users.

Clicking an option automatically selects and saves it.

Two-step verification

To strengthen the security in their Adobe accounts, your users can set up two-step verification. Once set up, your users require a verification code to sign in to their Adobe accounts before they enter their Adobe account passwords. This setup is done by each user in their Adobe account. Adobe users can normally turn two-step verification on and off on depending on their security preferences.

As an admin, you have the option to enforce two-step verification. This ensures that users then do not have the options to turn it off.

Adobe highly recommends that you, as the admin, enforce two-step verification in your organization, and do not leave this as optional for your users.

Note:

Two-step verification is available for Business ID, Enterprise ID, and Adobe ID users. The method does not apply to Federated ID users. For these users, we recommend that you enforce the two-step verification from your identity provider.

When you turn on two-step verification, the users in your organization will receive an email.

After you've set up two-step verification, the first time a user signs in, Adobe requires the collection of their phone number. This ensures that the user can recover their account in case they've lost the password.
Users who have already set up two-step verification, will not be required to take any action, but will be prevented from un-enrolling from two-step verification, by this policy.
Users who have not set up two-step verification, will be required to enroll in this service the next time they sign into their Adobe account. For details how your users must enroll for this service, see this article.

Advanced settings

To control how long your users remain authenticated in Adobe web applications, use the following Advanced settings:

Max session life: Users need to reauthenticate after the duration you specify.
Max idle time: Adobe will automatically sign out users who do not interact with the account for a period more than the idle time that you specify.

Note:

If a user is a member of multiple organizations with advanced authentication policies, the most restrictive policies will apply to that user. For example, if one policy defines a Maximum session life as 12 days and another defines this setting as 9 days, the user is reauthenticated every 9 days.

We recommend that you do not set short session policies unless you require stricter security measures. Short session policies will require users to sign in more frequently. Leaving these policies at their default state is the right choice for most Adobe customers.