Application
- Adobe Enterprise & Teams: Administration guide
- Plan your deployment
- Basic concepts
- Deployment Guides
- Deploy Creative Cloud for education
- Deployment home
- K-12 Onboarding Wizard
- Simple setup
- Syncing Users
- Roster Sync K-12 (US)
- Key licensing concepts
- Deployment options
- Quick tips
- Approve Adobe apps in Google Admin Console
- Enable Adobe Express in Google Classroom
- Integration with Canvas LMS
- Integration with Blackboard Learn
- Configuring SSO for District Portals and LMSs
- Add users through Roster Sync
- Kivuto FAQ
- Primary and Secondary institution eligibility guidelines
- Set up your organization
- Identity types | Overview
- Set up identity | Overview
- Set up organization with Enterprise ID
- Setup Azure AD federation and sync
- Set up Google Federation and sync
- Set up organization with Microsoft ADFS
- Set up organization for District Portals and LMS
- Set up organization with other Identity providers
- SSO common questions and troubleshooting
- Manage your organization setup
- Manage users
- Overview
- Administrative roles
- User management strategies
- Assign licenses to a Teams user
- In-app user management for teams
- Add users with matching email domains
- Change user's identity type
- Manage user groups
- Manage directory users
- Manage developers
- Migrate existing users to the Adobe Admin Console
- Migrate user management to the Adobe Admin Console
- Overview
- Manage products and entitlements
- Manage products and product profiles
- Manage products
- Buy products and licenses
- Manage product profiles for enterprise users
- Manage automatic assignment rules
- Entitle users to train Firefly custom models
- Review product requests
- Manage self-service policies
- Manage app integrations
- Manage product permissions in the Admin Console
- Enable/disable services for a product profile
- Single App | Creative Cloud for enterprise
- Optional services
- Manage Shared Device licenses
- Manage products and product profiles
- Get started with Global Admin Console
- Adopt global administration
- Select your organization
- Manage organization hierarchy
- Manage product profiles
- Manage administrators
- Manage user groups
- Update organization policies
- Manage policy templates
- Allocate products to child organizations
- Execute pending jobs
- Explore insights
- Export or import organization structure
- Manage storage and assets
- Storage
- Asset migration
- Reclaim assets from a user
- Student asset migration | EDU only
- Manage services
- Adobe Stock
- Custom fonts
- Adobe Asset Link
- Adobe Acrobat Sign
- Creative Cloud for enterprise - free membership
- Deploy apps and updates
- Overview
- Create packages
- Customize packages
- Deploy Packages
- Manage updates
- Adobe Update Server Setup Tool (AUSST)
- Adobe Remote Update Manager (RUM)
- Troubleshoot
- Manage your Teams account
- Renewals
- Manage contracts
- Reports & logs
- Get help
Asset settings give an organization control over how its assets are shared outside the organization.
To manage how users in your organization share company-owned assets, navigate to Settings > Asset settings in the Adobe Admin Console.
Asset Settings are not a digital rights management system (DRM) or a complete asset protection system. Employees with access to certain assets can still copy them and share with others outside the organization using third-party systems.
Sharing options
The System administrator can select a restrictive setting that limits employees from using specific sharing features within Creative Cloud and Document Cloud. Asset settings and other third-party organizational policy enforcement systems are used to ensure that assets are only shared with appropriate external entities.
Deployment Considerations
Before you turn on sharing restrictions, consider the impact it has on your end users.
After you choose a setting, you cannot stop or reverse the consequent deletion process. If you choose No public link sharing, all existing public links are removed and users with these links can no longer access the linked content. If you choose Sharing Limited to Org Members and Trusted Users, any current external collaborators who are not part of the org or claimed, trusted, or authorized domains lose access to content previously shared with them. Users can no longer access Content Schedules in Adobe Express and scheduled social media posts are paused.
Below are the Creative Cloud and Document Cloud sharing and publishing functionalities that are impacted when you select No public link sharing or Sharing Limited to Org Members and Trusted Users.
|
Impacted features |
Application |
Impacted features |
---|---|---|---|
Adobe Comp |
Share, Send to Behance |
Adobe XD |
Invitations, Share link |
Adobe Express |
Share to social, access Content Scheduler |
Adobe Stock |
Invitations, Share link |
After Effects |
Invite to Team Project, Invite to Library |
Aero (mobile) |
Publish link, Post to Behance |
Animate |
Social share |
Behance |
Creating or updating projects or Work in Progress, Invitations |
Capture |
Share, Invitations |
Creative Cloud (desktop and mobile) |
Get link, Invitations |
Creative Cloud Assets |
Get link, Invitations, Share to Slack |
Creative Cloud Libraries |
Get link, Invitations, Share to Slack |
Dimension |
Generating public links |
Firefly |
Share link |
Fresco |
Get link, Invitations |
Illustrator and Illustrator Draw |
Link to project, Invitations |
InDesign |
Publish Online, Share for Review |
Lightroom |
Share |
Photoshop (desktop) |
Invitations |
Photoshop (mobile) |
Share to social |
Photoshop Sketch |
Link to Project |
Portfolio |
Access to Portfolio site, create drafts, and publish |
Podcast |
Invite guests, Share template |
Premiere Pro |
Invite to Team Projects |
- You can't enable or disable Frame.io sharing on the Admin Console.
- Starting August 15, 2024, all new Lightroom shares will follow Enterprise sharing restrictions. These restrictions will also apply to existing shares starting December 5, 2024.
Learn more about enabling and disabling services.
Application |
Impacted features |
Application |
Impacted features |
---|---|---|---|
Acrobat and Reader desktop apps |
Share |
Adobe Document Cloud for Microsoft Outlook |
Share |
Mobile apps (including Adobe Scan and Acrobat) |
Share Link, Share Document Cloud Link |
Web services (cloud.acrobat.com) |
Share |
Choose Sharing Options
To choose a restrictive Asset Setting for your organization, do the following:
-
In the Admin Console, navigate to Settings > Asset Settings.
-
Choose a Sharing Restrictions Policy.
You can choose from three levels of restrictions. Once you choose a more restrictive setting, you cannot stop or undo the loss of existing public links, shared folders, or document collaborations. Users can no longer access Content Schedules in Adobe Express and scheduled social media posts are paused.
If you select Sharing Limited to Org Members and Trusted Users, ensure that you define your authorized domains. Any current external collaborators who are not part of the org or claimed, trusted, or authorized domains will lose access to content previously shared with them.
Note:To use the option Sharing Limited to Org Members and Trusted Users with Document Cloud, you must add your claimed and trusted domains to the Authorized Domains.
Sharing Options
Restrictions
Impact on existing links and collaborations
No restrictions (Default)
- You can keep this default setting whereby users are allowed to share public links, publish posts to social media, and collaborate on shared folders with anyone inside or outside the organization.
- Recommended for enterprises who trust their employees to have freedom, control, and access to every Creative Cloud and Document Cloud feature.
No impact.
No public link sharing
- Prevents users from creating public links and posting to social media.
- Recommended for enterprises who want to prevent public sharing but still want to allow invitation-based sharing with anyone inside and outside of the organization.
Deletes all existing public links. Once this process starts, you cannot stop or undo it. Users can no longer access Content Schedules in Adobe Express and scheduled social media posts are paused.
Sharing limited to org members and trusted users
- You can restrict invitation-based sharing to recipients in your org, claimed domains, trusted domains, and authorized domains. After you set this policy, the users are prevented from sharing organization-owned assets with external users who are not members of the org or in the list of allowed domains.
- Recommended for enterprises who need tight control over which external domains can access organization assets.
Deletes all existing public links and deletes all existing collaborations on shared documents and folders with users who are not in the org or an allowed domain. Once this process starts, you cannot stop or undo it. Users can no longer access Content Schedules in Adobe Express and scheduled social media posts are paused.
The time taken to restrict sharing through Asset Settings is proportional to the number of users in the organization and the sharing relationships between them. For some Adobe products and services, it also involves invalidating cached entries in CDNs and removing preview images from slack. If the Asset Setting is changed, it can take up to 24 hours to fully take effect.
Caution:Users will be prevented from sharing assets with everyone in an organization with more than 500,000 users.
-
Click Confirm.
If you want your users to continue sharing organization-owned assets with specific external organizations or individuals, do the following.
- For an external organization such as an agency: Add the agency’s domain to the authorized list of domains under Asset Settings in the Adobe Admin Console.
- For a freelancer: Issue the individual an Enterprise ID, or Federated ID from your organization. Or, add the user as a Business ID type to your organization on the Admin Console.
-
Choose an Access Request Policy and click Confirm.
You can use this default setting to allow users with no permissions to a folder or document to request access to it.
For added privacy, you can use this setting to prevent users from requesting access to a document that has not been shared with them.
By default, access requests are allowed. So, a user with the link to a shared resource, but without the permission to view it, can request access. Users with sharing permissions on the document receive notifications for each access request and can decide whether to grant or deny access.
The requester receives a notification when the access is granted or denied.
Note:If you have a sharing limited to org members and trusted users policy selected, that restriction is applied when users attempt to grant an access request made by someone outside the organization.
Authorized Domains are the domains that are safe to collaborate with. If you have selected Sharing Limited to Org Members and Trusted Users, you can add domains to the Authorized Domains.
Add authorized domains
-
In the Admin Console, navigate to Settings > Asset Settings > Authorized domains.
-
Click Add Domains.
-
Enter the domains in the Add Domains dialog. You can add multiple domains separated by commas. Click Add.
Note:To use the option Sharing Limited to Org Members and Trusted Users with Document Cloud, you must add your claimed and trusted domains to the Authorized Domains.
Remove authorized domains
While managing the authorized domains on the Admin Console, to remove domains from the list, select the check box to the left of the domain names, and click Remove Domains. Then, click Remove to confirm.
The domain name is removed from the Authorized Domains. If the sharing option is Sharing Limited to Org Members and Trusted Users, any shares to the removed domain are revoked.
Removing domains from the authorized list deletes all existing collaborations on shared documents and folders between users in that domain and the users in your organization. Once this process starts, you cannot stop or undo it.
Content Credentials allow creators to attach extra information to their content when they export or download it.
By turning on the Content Credentials toggle, you can allow creators to receive more recognition for their work, connect with others online, and enhance transparency for their audience. Learn more about Content credentials.
Implications for users in multiple organizations
Adobe strongly recommends that a user only be a member of one organization. Where users must be members of multiple organizations, all organizations must have the same Sharing Policy and Allow Lists configured.