User Guide Cancel

Named User Licensing | Deployment guide

  1. Adobe Enterprise & Teams: Administration guide
  2. Plan your deployment
    1. Basic concepts
      1. Licensing
      2. Identity
      3. User management
      4. App deployment
      5. Admin Console overview
      6. Admin roles
    2. Deployment Guides
      1. Named User deployment guide
      2. SDL deployment guide
      3. Deploy Adobe Acrobat 
    3. Deploy Creative Cloud for education
      1. Deployment home
      2. K-12 Onboarding Wizard
      3. Simple setup
      4. Syncing Users
      5. Roster Sync K-12 (US)
      6. Key licensing concepts
      7. Deployment options
      8. Quick tips
      9. Approve Adobe apps in Google Admin Console
      10. Enable Adobe Express in Google Classroom
      11. Integration with Canvas LMS
      12. Integration with Blackboard Learn
      13. Configuring SSO for District Portals and LMSs
      14. Add users through Roster Sync
      15. Kivuto FAQ
      16. Primary and Secondary institution eligibility guidelines
  3. Set up your organization
    1. Identity types | Overview
    2. Set up identity | Overview
    3. Set up organization with Enterprise ID
    4. Setup Azure AD federation and sync
      1. Set up SSO with Microsoft via Azure OIDC
      2. Add Azure Sync to your directory
      3. Role sync for Education
      4. Azure Connector FAQ
    5. Set up Google Federation and sync
      1. Set up SSO with Google Federation
      2. Add Google Sync to your directory
      3. Google federation FAQ
    6. Set up organization with Microsoft ADFS
    7. Set up organization for District Portals and LMS
    8. Set up organization with other Identity providers
      1. Create a directory
      2. Verify ownership of a domain
      3. Add domains to directories
    9. SSO common questions and troubleshooting
      1. SSO Common questions
      2. SSO Troubleshooting
      3. Education common questions
  4. Manage your organization setup
    1. Manage existing domains and directories
    2. Enable automatic account creation
    3. Set up organization via directory trust
    4. Migrate to a new authentication provider 
    5. Asset settings
    6. Authentication settings
    7. Privacy and security contacts
    8. Console settings
    9. Manage encryption  
  5. Manage users
    1. Overview
    2. Administrative roles
    3. User management strategies
      1. Manage users individually   
      2. Manage multiple users (Bulk CSV)
      3. User Sync tool (UST)
      4. Microsoft Azure Sync
      5. Google Federation Sync
    4. Assign licenses to a Teams user
    5. In-app user management for teams
      1. Manage your team in Adobe Express
      2. Manage your team in Adobe Acrobat
    6. Add users with matching email domains
    7. Change user's identity type
    8. Manage user groups
    9. Manage directory users
    10. Manage developers
    11. Migrate existing users to the Adobe Admin Console
    12. Migrate user management to the Adobe Admin Console
  6. Manage products and entitlements
    1. Manage products and product profiles
      1. Manage products
      2. Buy products and licenses
      3. Manage product profiles for enterprise users
      4. Manage automatic assignment rules
      5. Entitle users to train Firefly custom models
      6. Review product requests
      7. Manage self-service policies
      8. Manage app integrations
      9. Manage product permissions in the Admin Console  
      10. Enable/disable services for a product profile
      11. Single App | Creative Cloud for enterprise
      12. Optional services
    2. Manage Shared Device licenses
      1. What's new
      2. Deployment guide
      3. Create packages
      4. Recover licenses
      5. Manage profiles
      6. Licensing toolkit
      7. Shared Device Licensing FAQ
  7. Get started with Global Admin Console
    1. Adopt global administration
    2. Select your organization
    3. Manage organization hierarchy
    4. Manage product profiles
    5. Manage administrators
    6. Manage user groups
    7. Update organization policies
    8. Manage policy templates
    9. Allocate products to child organizations
    10. Execute pending jobs
    11. Explore insights
    12. Export or import organization structure
  8. Manage storage and assets
    1. Storage
      1. Manage enterprise storage
      2. Adobe Creative Cloud: Update to storage
      3. Manage Adobe storage
    2. Asset migration
      1. Automated Asset Migration
      2. Automated Asset Migration FAQ  
      3. Manage transferred assets
    3. Reclaim assets from a user
    4. Student asset migration | EDU only
      1. Automatic student asset migration
      2. Migrate your assets
  9. Manage services
    1. Adobe Stock
      1. Adobe Stock credit packs for teams
      2. Adobe Stock for enterprise
      3. Use Adobe Stock for enterprise
      4. Adobe Stock License Approval
    2. Custom fonts
    3. Adobe Asset Link
      1. Overview
      2. Create user group
      3. Configure Adobe Experience Manager Assets
      4. Configure and install Adobe Asset Link
      5. Manage assets
      6. Adobe Asset Link for XD
    4. Adobe Acrobat Sign
      1. Set up Adobe Acrobat Sign for enterprise or teams
      2. Adobe Acrobat Sign - Team feature Administrator
      3. Manage Adobe Acrobat Sign on the Admin Console
    5. Creative Cloud for enterprise - free membership
      1. Overview
  10. Deploy apps and updates
    1. Overview
      1. Deploy and deliver apps and updates
      2. Plan to deploy
      3. Prepare to deploy
    2. Create packages
      1. Package apps via the Admin Console
      2. Create Named User Licensing Packages
      3. Manage pre-generated packages
        1. Manage Adobe templates
        2. Manage Single-app packages
      4. Manage packages
      5. Manage device licenses
      6. Serial number licensing
    3. Customize packages
      1. Customize the Creative Cloud desktop app
      2. Include extensions in your package
    4. Deploy Packages 
      1. Deploy packages
      2. Deploy Adobe packages using Microsoft Intune
      3. Deploy Adobe packages with SCCM
      4. Deploy Adobe packages with ARD
      5. Install products in the Exceptions folder
      6. Uninstall Creative Cloud products
      7. Use Adobe provisioning toolkit enterprise edition
    5. Manage updates
      1. Change management for Adobe enterprise and teams customers
      2. Deploy updates
    6. Adobe Update Server Setup Tool (AUSST)
      1. AUSST Overview
      2. Set up the internal update server
      3. Maintain the internal update server
      4. Common use cases of AUSST   
      5. Troubleshoot the internal update server
    7. Adobe Remote Update Manager (RUM)
      1. Release notes
      2. Use Adobe Remote Update Manager
    8. Troubleshoot
      1. Troubleshoot Creative Cloud apps installation and uninstallation errors
      2. Query client machines to check if a package is deployed
  11. Manage your Teams account
    1. Overview
    2. Update payment details
    3. Manage invoices
    4. Change contract owner
    5. Change your plan
    6. Change reseller
    7. Cancel your plan
    8. Purchase Request compliance
  12. Renewals
    1. Teams membership: Renewals
    2. Enterprise in VIP: Renewals and compliance
  13. Manage contracts
    1. Automated expiration stages for ETLA contracts
    2. Switching contract types within an existing Adobe Admin Console
    3. Value Incentive Plan (VIP) in China
    4. VIP Select help
  14. Reports & logs
    1. Audit Log
    2. Assignment reports
    3. Content Logs
  15. Get help
    1. Contact Adobe Customer Care
    2. Support options for teams accounts
    3. Support options for enterprise accounts
    4. Support options for Experience Cloud

Applies to enterprise.

Introduction

Adobe's enterprise offerings let your organization, create, collaborate, and deliver on the web, mobile, or desktop with the latest Adobe apps and services. With centralized license management tools and enterprise-level technical support, your IT function is fully equipped to support creative teams at scale.

If you are planning a Creative Cloud or Document Cloud deployment, take some time and consider how to deploy and manage applications, storage, and services. This article covers all the information you require for planning purposes. There are several topics that must consider when you plan your deployment.

  • License deployment
  • Identity management
  • Applications and updates
  • Storage and services
  • Users, product profiles, and licenses
  • Migrating existing users

License management

When you purchase a product from Adobe, a license represents your right to use Adobe software and services. Licenses are used to authenticate and activate the products on the end user's computers.

For more information, see Licensing overview.

Licensing methods

Named user license

Named licensing is useful in the following scenarios:

  • If you want to provide access to Adobe-hosted services.
  • If you want to use Adobe Admin Console for centralized license and compliance management.
  • If you require flexible licensing over time, for example, a designer moving from a video product profile to a web product profile.
  • If you want to enable self-service workflows for users to acquire apps and updates.

Automatically created packages are readily available for download from the Admin Console. Packages are created based on default settings and purchased products and can be downloaded and deployed as is. For more information, see Packaging apps using the Admin Console.

Shared device licensing

Shared Device Licensing is a licensing method targeted at educational institutions where software is assigned to a device instead of an individual. Anyone who logs onto the device will have access to Adobe's products and services.

Shared Device Licensing is ideal for desktop computer labs and classrooms. For example, you can install Creative Cloud apps in your computer labs to allows students and teachers, with access to these computers, to use the apps and services that are available as part of your license agreement with Adobe.

Serial number licensing

Serial Number licensing is a historical method of licensing that is not tied to an individual user but to a particular computer. This licensing method is suitable for a very small number of customers and, as with named licensing, can be used to create pre-licensed packages that are deployed remotely. However, when using serial number licensing, customers do not receive the complete value from their Adobe Cloud subscription.

License migration

Device license to Shared device license

Serial number license to named user license

Named licensing provides several advantages as compared to anonymous or Serial number licensing. Administrators can closely track and monitor the usage of licenses. They can also centrally manage licenses assigned to a user and revoke access to apps and services, without a need to redeploy packages. Named license can also enable self-service workflows to let customers download and install products and updates. Named licenses also enable end users to use cloud services, such as add fonts from Adobe Fonts, choose file sync locations, and share and gather feedback on Behance.

Identity management

Adobe uses an underlying identity management system to authenticate and authorize users. If you're using named licensing or are planning to provide access to services, using identities is a requirement. Adobe supports three identity or account types; they use an email address as the user name. These identity types are:

  • Federated ID: Created, owned, and managed by an organization and linked to the enterprise directory via federation. The organization manages credentials and processes Single Sign-On via a SAML2 Identity Provider (IdP).
  • Enterprise ID: Created, owned, and managed by an organization. Adobe hosts the Enterprise ID and performs authentication, but the organization maintains the Enterprise ID.
  • Adobe ID: Created, owned, and managed by the end user. Adobe performs the authentication, and the end user manages the identity.

Based on your organizational needs, you can select the most appropriate identity model to implement and use.

You can use Federated IDs, Enterprise IDs, and Adobe IDs in the same enterprise deployment. Remember, when you set up an account using Adobe ID, end users retain complete control over files and data associated with this account. When you use a Federated ID or an Enterprise ID, it is the enterprise that owns and controls this content.

Adobe recommends admins to migrate Adobe ID users to Federated and Enterprise IDs to provide organizations complete control over users and application assets.

Note:

Adobe Licensing Website does not support Enterprise or Federated IDs. If you are planning to use serial number licensing, set up all administrator accounts using Adobe IDs. For user accounts, Adobe recommends using Federated and Enterprise IDs.

Set up a directory

A directory in the Admin Console is an entity that holds resources such as users and policies like authentication. These directories are similar to LDAP or Active Directories.

For more information, see Set up identity.

Set up domains

User identities are verified against an authorization source. To use Federated ID or Enterprise ID, set up your own authorization source by adding a domain. For example, if your email address is john@example.com, example.com is your domain. Adding a domain permits the creation of Federated IDs or Enterprise IDs with email addresses on the domain. A domain can be used either with Federated IDs or Enterprise IDs, but not both. You can however add multiple domains.

An organization must demonstrate their control over a domain. An organization can also add multiple domains. However, a domain can be added only once. Known public and generic domains, such as gmail.com or yahoo.com cannot be added at all.

For more information, see Set up domains.

Configure Single Sign-On

The Adobe Admin Console offers a method for enterprise users to authenticate using their existing corporate identity. Adobe Federated IDs enable integration with a Single Sign-On (SSO) identity management system. Single Sign-On is enabled using SAML, an industry-standard protocol that connects enterprise identity management systems to cloud service providers like Adobe.

When you add users with Federated IDs, automatic emails are not sent to the users. You must plan and communicate with users when you create Federated IDs. If users already have Adobe IDs that use the same email address, see Sign in with an enterprise ID to understand the sign-in procedure and the impact it has on their existing content and application.

If your organization wants to test the SSO integration, you can claim a test domain that you own. Your organization must have an Identity Provider with identities set up in that test domain. This process allows you to test the integration before you claim the main domains, until you feel comfortable with the domain claim and configuration process.

For more information, see Configure Single-Sign On.

Users, product profiles, and licenses

For Named licenses, Product Profiles are used to associate licenses with individual users. To assign licenses, add users to a Product Profile. A user can be a member of multiple Product Profiles, and each Product Profile can confer different licenses to the user. The final eligibility of a user is the union of all licenses conferred by each Product Profile.

Consider how to deliver sets of licenses in a way that fits how users are assigned responsibilities in your organization. For example, if all the users in a department need Photoshop, you can create a department Product Profile which confers Photoshop Single App. However, if in a department, web designers need Photoshop and Dreamweaver, while video editors need Premiere Pro and After Effects, use two Product Profiles- one for the Web Designer role, and one for the Video Editor role.

Some users play multiple roles. A user who performs both web design and a video editing can be added to both Product Profiles, conferring the union of licenses from each Product Profile, that is Photoshop, Dreamweaver, Premiere Pro and After Effects.

Product Profiles also make it easy to manage licenses. When users move from a web design role to a video editing role, add the users to the video editing Product Profile and remove them from the web design Product Profile. This changes the activated products for the user and frees up licenses. When Product Profile requirements change - for example, when the video editing Product Profile needs to use Adobe Premiere Rush, it can be added to the video editing Product Profile and all users immediately get access to Adobe Premiere Rush.

A license is consumed when a user is added to a Product Profile. If a user is a member of two Product Profiles and both confer a license to Photoshop Single App, the user consumes two licenses. To eliminate redundant consumption of licenses, design your Product Profiles. Identify each Product Profile that needs a particular application or set of applications to do their job.

Identify the following:

  • Products: The licenses for a product govern which applications and services are conferred to each member of an associated Product Profile.
  • Product Profile name: Identify each Product Profile. The labels you choose to identify the Product Profiles are for your own use only. They are not included anywhere in the deployment package, so there are no restrictions on how you name them. In practice, it is better to create Product Profiles based on function, rather than departments or teams. 
  • Services: Choose from the available list of services for a selected product. For example, Creative Cloud for enterprise includes services such as Adobe Fonts and PDF services.
  • Users: Identify the users to add to each Product Profile.

Read more about how to manage products and product profiles.

Deploy apps and updates

Adobe delivers continuous innovation in the form of features and updates. IT admins can decide how and when these updates are applied. Decide how to deliver these apps and updates to your end users. At this stage, also consider the hardware and software requirements of client computers. Adobe enterprise offerings provide several levels of control on deploying apps and updates. IT admins can choose between empowering users via a self-service workflow or they can opt for a more managed environment where admins can decide what, when, and how products and features get installed.

Apps

Self-service

Like millions of Adobe users, you can allow your users to download and install apps themselves. Users can sign in to www.adobe.com and download and install the desktop apps and access services. Self-service workflows require admin privileges, Internet connections, and Named licensing. Include the Creative Cloud desktop app in the software package that you deploy.

Self-service workflows enable users to download and install apps as and when required. Apps that a user is entitled to get, are provisioned when the user signs in. Other apps can be used as a trial for a limited time. This also frees up admins from creating and deploying multiple packages and updates. For example, self-service workflows are efficient in the following scenarios:

  • You have diverse and changing requirements of apps by different users.
  • Your users have several hardware and operating system combinations.
  • You have remote workers in your organization.
  • Different teams and users upgrade at different times, because of ongoing projects.
  • You want to reduce the initial footprint on a machine by allowing a user to install only the applications they require, and for as long as they require.

Managed delivery

You can create and download pre-configured packages from the Admin Console. These packages can then be deployed to the client machines in your organization. You can perform silent and custom installations. No inputs are required from end users during installation. The deployment packages can be distributed using industry-standard tools:

You can create two types of packages: self-service package and managed delivery package. The self-service package contains the Creative Cloud desktop app, which users can use to download and install software. If end users do not have admin privileges on their computers, you can create a Creative Cloud desktop app package with elevated privileges. Or you can create a managed delivery package that contains specific apps and updates. 

For more information, see Packaging apps using the Admin Console.

For example, you can use managed delivery of apps for the following:

  • To exercise strict control over installed apps on client machines.
  • To reduce Internet bandwidth consumption, by preventing multiple self-service downloads.
  • When there is no Internet access on client computers.
  • To strictly control the versions of installed apps across your organization.
  • To modify the update behavior in installed applications.
For information on packaging and deploying apps, see Deploy and deliver apps and updates.

Updates

There are several mechanisms to deliver app updates available to end users. Choose one of the following based on your organization's need.

Self-service

Users can download and install updates directly from Adobe. This method ensures that your end users have access to the latest updates when they become available. Updates can be downloaded and installed using the Creative Cloud desktop app or using the Adobe Updater included with the apps. For these workflows, the client machines require access to the Adobe servers and admin privileges.

This option is available for both self-service and managed app delivery.

Managed delivery

When you create packages, you can choose a managed update delivery mechanism.

  • Have client machines install updates via an internal update server.
  • Trigger updates remotely using Remote Update Manager. Use this option when client machines don't have admin privileges.
  • Create and deploy Update only packages.

For more information on managed delivery, see Applying updates.

Storage and services

Storage and services are available for all Creative Cloud for enterprise plans. Storage and services are tied to individual users. Access to storage and services requires using either Federated IDs, Enterprise IDs, or Adobe IDs.

When you assign a user to a Product Profile that includes storage and services, you can choose to enable/disable individual services for that Product Profile. Enabling and disabling services defines what the users of the Product Profile can or cannot access.

For more information, see Manage enterprise storage.

Several Creative Cloud services, rely on the availability of storage with the product. If a product does not include storage, these services are also unavailable. Some services are mandatory, and cannot be switched off. For more information, see Enable or disable services.

You can even select restrictive Asset Settings that limit employees from using specific sharing features within Creative Cloud and Document Cloud.

Proxy and firewall settings

For Creative Cloud for enterprise plans, access to named licensing, storage, and services require the client computers to access Adobe servers. For these features to work, ensure that your firewall and proxy setup allows access to Creative Cloud service endpoints. See Creative Cloud for enterprise - Network Endpoints and ensure that users can access the required web services endpoints.

Get help faster and easier

New user?