I have an open ticket with Adobe and Okta to resolve this issue but wanted to post the answer here for all that may stumble across this. We recently moved to creative cloud applications however only using one of them (Acrobat DC). If you deploy without the creative cloud application, the software will prompt to activate (expected). Assuming you have built your SAML 2.0 connection you can login to Adobe with your federated ID using edge, firefox or Chrome no problem. For this configuration my default browser is set to Chrome.

When the user opens Adobe Acrobat DC for the first time, they are prompted to sign in to activate Adobe, which ultimately ends with this vague error

"Sorry, something went wrong. This is likely an issue at our end, but it could be that you're not connected to the internet. Please check your internet connection and then try again later."

After trying all their help guides, I opened a ticket with Adobe and finally getting to an escalated tech who knew the issue and resolution. Simultaneously I had a Fiddler trace done on the connectivity and was receiving a 400 error in my log (strange since my browsers didn't show this).

After working with Adobe, they asked me to login with my federated ID in Chrome (worked) and then in IE (failed, 400 error like my fiddler trace). They then informed me that Adobe relies upon IE for activation rather than the user's default browser and that this was a known issue.

Adobe rep asked me to contact Okta (I did in my open support ticket) and enable the following two flags in our environment:

ADSSO_STATE_TOKEN

STATE TOKEN ALL FLOWS

It was reported that this has worked for multiple organizations using Okta as their IdP. From my knowledge so far, this is not able to be modified by an org admin and has to be done by Okta support.

I am waiting for this to be enabled but sharing this for other users who come across this scenario and can expediently get this fixed (2 weeks for me to get to this point).

-Travis