# Adobe Enterprise

### Overview

The Adobe Enterprise integration enables Veza to discover and analyze users, groups, and administrative roles within your Adobe environment. This integration uses Adobe's User Management API (v2) to provide visibility into user access, group memberships, and product license assignments across your Adobe organization.

The integration supports:

* Discovery of Adobe Enterprise users and their properties
* Mapping of user groups and product profiles
* Analysis of group types and license quotas
* Adobe admin role assignments

### Prerequisites

The integration uses OAuth 2.0 client credentials flow. You will need:

* An Adobe Enterprise account
* Adobe Organization ID (format: `xxxxx@AdobeOrg`)
* API credentials from Adobe Developer Console (Client ID and Client Secret)
* Veza platform access with permissions to add new integrations

The integration uses Adobe's User Management API v2 to collect:

* Users: `/v2/usermanagement/users/{org_id}`
* Groups: `/v2/usermanagement/groups/{org_id}`

#### Finding Your Organization ID

The Organization ID is a unique identifier in the format `{hex_number}@AdobeOrg` (e.g., `A495E53@AdobeOrg`). You can find this value:

1. In the Adobe Admin Console URL path when logged in
2. In the Adobe IO Console under your User Management integration settings

#### Generating Adobe Credentials

Follow the instructions in [Setting up the OAuth Server-to-Server credential](https://developer.adobe.com/developer-console/docs/guides/authentication/ServerToServerAuthentication/implementation/) to create a new Project and credentials.

Select the "User Management API" when configuring the Products & services for the Project.

Note the API Key (Client ID) and generated access token (Client Secret).

### Configuring Adobe Enterprise on the Veza Platform

1. In Veza, use the main menu to open the **Integrations** page.
2. Click **Add Integration** and search for Adobe Enterprise.
3. Click on Adobe Enterprise and to open the configuration form.
4. Enter the required information:

   | Field           | Description                                                | Required | Format/Notes                 |
   | --------------- | ---------------------------------------------------------- | -------- | ---------------------------- |
   | Name            | A unique name for this integration instance                | Yes      |                              |
   | Insight Point   | The Insight Point this integration will be associated with | Yes      |                              |
   | Organization ID | Adobe Organization ID                                      | Yes      | Must end with @AdobeOrg      |
   | Client ID       | Adobe API Client ID                                        | Yes      | From Adobe Developer Console |
   | Client Secret   | Adobe API Client Secret                                    | Yes      | From Adobe Developer Console |
5. Click **Create Integration** to save the configuration.

#### Verifying the Integration

1. To check integration status:
   1. On the Veza **Integrations** list, click the integration name to view details.
   2. On the details page, review the list of data sources.
   3. Use the **Status** column to check if the data source is unavailable or has an error.
   4. Click on an individual status to show more details.
2. To view discovered entities:
   1. On the Veza **Integrations** list, click **View Dashboard** to show an overview of the entities Veza has discovered.
   2. Click an entity type to view the results in **Query Builder**.
   3. Review the entities to validate that results and attributes are as expected.

### Notes and Supported Entities

#### Application

**Type:** "Adobe Enterprise"

#### Users

| Attribute      | Description                                            |
| -------------- | ------------------------------------------------------ |
| `id`           | Unique identifier for the user                         |
| `name`         | Username used for authentication                       |
| `email`        | Primary email address for the user                     |
| `isActive`     | Boolean indicating if the user account is active       |
| `first_name`   | User's first name                                      |
| `last_name`    | User's last name                                       |
| `domain`       | Domain associated with the user's account              |
| `country`      | User's country                                         |
| `account_type` | Type of Adobe account (adobeID/enterpriseID/federated) |
| `identities`   | List of email addresses associated with the user       |
| `groups`       | List of group IDs the user belongs to                  |

#### Groups

| Attribute       | Description                                              |
| --------------- | -------------------------------------------------------- |
| `id`            | Unique identifier for the group (converted from integer) |
| `name`          | Display name of the group                                |
| `group_type`    | Type of Adobe group                                      |
| `product_name`  | Name of associated Adobe product (if applicable)         |
| `license_quota` | Number of available licenses for the group               |

#### Built-in Roles and Permissions

The integration supports three built-in administrative roles:

| Role       | Permission | Description                       |
| ---------- | ---------- | --------------------------------- |
| org        | org        | Organization-level administration |
| deployment | deployment | Deployment management             |
| support    | support    | Support access                    |

Each role has a corresponding permission of the same name. All permissions are of type "uncategorized".

**Role Properties**

| Attribute     | Description                                          |
| ------------- | ---------------------------------------------------- |
| `id`          | Role identifier (matches name)                       |
| `name`        | Name of the role ("org", "deployment", or "support") |
| `permissions` | List of permissions associated with the role         |

**Permission Properties**

| Attribute        | Description                                 |
| ---------------- | ------------------------------------------- |
| `name`           | Name of the permission (matches role name)  |
| `permissionType` | Type of permission (always "uncategorized") |

**Relationships**

| Relationship Type | Description                                           |
| ----------------- | ----------------------------------------------------- |
| Group Membership  | Associates users with their groups                    |
| Role Assignment   | Associates users with administrative roles            |
| Permission Grant  | Associates roles with their corresponding permissions |

### Additional Resources

* [Adobe User Management API Documentation](https://developer.adobe.com/developer-console/docs/guides/authentication/ServerToServerAuthentication/IMS/)
* [Adobe Admin Console](https://adminconsole.adobe.com/)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.veza.com/4yItIzMvkpAvMVFAamTf/integrations/integrations/adobe-enterprise.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.