Getting Started with User Management
The User Management API provides programmatic access to the user accounts that are associated with your Adobe organization. You can integrate this API into your organization’s administrative applications and processes. You can use the API in scripts or programs to allow authorized administrators to create, update, and delete user accounts for your enterprise, and retrieve information about your Adobe users and their access to Adobe products.
The User Management API allows you to manage a large number of identities programmatically, rather than individually through a user interface. You can create programs that obtain account management data stored in another identity tool that you might already be using, such as Microsoft Active Directory, and can use that data in calls to the Adobe User Management API. You can call the API directly to perform creation, management, and removal of user accounts. You can also generate reports, or drive other processes that track which users have access to which Adobe products.
You can use the API directly to create applications and scripts to manage your organization’s Adobe user accounts and product entitlements. In addition to direct programmatic access through the API, Adobe offers system administrators a ready-made user-management automation tool, User Sync, which is built on top of the UM API.
User Management Tasks
The User Management API gives you direct access to the functionality you need to manage your Adobe user accounts and control user access to Adobe products.
Create and Manage User Accounts
Creative Cloud, Experience Cloud, and Document Cloud apps and services use an identity management system to determine an end user’s entitlements. A user is recognized based on their identity. You can use the User Management API to create and manage Adobe user identities of all types. User types include the personal Adobe ID, the Enterprise ID that is managed by your enterprise but hosted by Adobe, and the Federated ID that is both managed and hosted by your enterprise.
For details of supported types, see Manage Identity Types in the Enterprise help hub.
Manage Product Entitlements
Users are granted access to Adobe products by adding them as members of a product profile that has been created in the Admin Console. A product profile identifies an Adobe product or set of products, and is associated with a list of users who are entitled to access. You can use the API to add individual users to and remove individual users from specific product profiles.
You can also create user groups in the Admin Console. You can use the API to manage both profiles and user groups:
- You can add and remove users to manage membership in user groups.
- You can add and remove both users and user groups to manage membership in product profiles.
Together, user groups and product profiles allow you to group users according to your own criteria, and then grant or deny product access to individuals and to entire groups.
Note: You cannot create or manage product profiles themselves through the User Management API. For more information about creating and managing product profiles, see Manage Product Profiles in the Enterprise help hub.
Reporting and Analysis
You can use the UM API to collect data from your organization, and break it down by product to generate usage reports. You can get counts of the number of users in product profiles and user groups, and monitor changes over time by storing the information locally.
Automating User Management with User Sync
The User Sync tool can automate many of your user management tasks. User Sync is an open-source Python application provided and supported by Adobe. The tool can be invoked by your existing user-management scripts, without the need for extensive programming.
Consider this route if your enterprise uses Microsoft Active Directory or another LDAP directory service to manage and provision Adobe products, and has a large user base or high churn of users.
User Sync is a client of the User Management API; it uses the API to automatically synchronize user data that you keep in your enterprise LDAP directory with your user data stored with Adobe. You run User Sync on the command line or from a script. Each time you run the tool it looks for differences between the user information in the two systems, and updates the Adobe side to match the enterprise directory.
Before you can use the User Management API (directly or indirectly through User Sync), you must use the Adobe Developer Console to create a Project. The integration registers your application as a client of User Management API, and gives you the credentials you need to authorize calls to the API. If you plan to use the User Sync automation tool, you must create an integration to give the tool access to the API.
- For information on how to authorize calls to the User Management API, see Authentication for API Access.
- For complete information on the OAuth Server-to-Server implementation see OAuth Server-to-Server credential API Reference
- For complete information on the deprecated JWT implementation, see Service Account (JWT) Authentication
If you think your enterprise can use the ready-made API client, User Sync, read more about the tool: Synchronize User Data with UserSync.
- If you plan to build your own API client, learn about the user-management operations that are available through the API Overview
- Get complete reference details for all API calls: User Management API Reference
- See a sample Python script and examples of representative requests: Examples and Samples