Sign in to the Admin Console, and navigate to Settings > Identity > Encryption Settings.
- Adobe Enterprise & Teams: Administration guide
- Plan your deployment
- Basic concepts
- Deployment Guides
- Deploy Creative Cloud for education
- Deployment home
- K-12 Onboarding Wizard
- Simple setup
- Syncing Users
- Roster Sync K-12 (US)
- Key licensing concepts
- Deployment options
- Quick tips
- Approve Adobe apps in Google Admin Console
- Enable Adobe Express in Google Classroom
- Integration with Canvas LMS
- Integration with Blackboard Learn
- Configuring SSO for District Portals and LMSs
- Add users through Roster Sync
- Kivuto FAQ
- Primary and Secondary institution eligibility guidelines
- Set up your organization
- Identity types | Overview
- Set up identity | Overview
- Set up organization with Enterprise ID
- Setup Azure AD federation and sync
- Set up Google Federation and sync
- Set up organization with Microsoft ADFS
- Set up organization for District Portals and LMS
- Set up organization with other Identity providers
- SSO common questions and troubleshooting
- Manage your organization setup
- Manage users
- Overview
- Administrative roles
- User management strategies
- Assign licenses to a Teams user
- In-app user management for teams
- Add users with matching email domains
- Change user's identity type
- Manage user groups
- Manage directory users
- Manage developers
- Migrate existing users to the Adobe Admin Console
- Migrate user management to the Adobe Admin Console
- Overview
- Manage products and entitlements
- Manage products and product profiles
- Manage products
- Buy products and licenses
- Manage product profiles for enterprise users
- Manage automatic assignment rules
- Entitle users to train Firefly custom models
- Review product requests
- Manage self-service policies
- Manage app integrations
- Manage product permissions in the Admin Console
- Enable/disable services for a product profile
- Single App | Creative Cloud for enterprise
- Optional services
- Manage Shared Device licenses
- Manage products and product profiles
- Get started with Global Admin Console
- Adopt global administration
- Select your organization
- Manage organization hierarchy
- Manage product profiles
- Manage administrators
- Manage user groups
- Update organization policies
- Manage policy templates
- Allocate products to child organizations
- Execute pending jobs
- Explore insights
- Export or import organization structure
- Manage storage and assets
- Storage
- Asset migration
- Reclaim assets from a user
- Student asset migration | EDU only
- Manage services
- Adobe Stock
- Custom fonts
- Adobe Asset Link
- Adobe Acrobat Sign
- Creative Cloud for enterprise - free membership
- Deploy apps and updates
- Overview
- Create packages
- Customize packages
- Deploy Packages
- Manage updates
- Adobe Update Server Setup Tool (AUSST)
- Adobe Remote Update Manager (RUM)
- Troubleshoot
- Manage your Teams account
- Renewals
- Manage contracts
- Reports & logs
- Get help
Applies to enterprise.
The concepts and procedures described in this article:
- Only apply to enterprise customers who've set up Enterprise or Federated IDs on the Admin Console.
- Do not apply to teams customers.
- Do not apply to Lightroom storage.
(For educational institutions only) Assets that are encrypted can't migrate to personal student accounts. See Migrate your student assets for more on student asset migration.
Introduction
End users can store files safely and securely. Also, users can share files and collaborate with others. Files are accessible to users via the Creative Cloud website, Creative Cloud desktop app, and Creative Cloud mobile app. Storage is available only if it is a part of your organization's agreement with Adobe.
While all data is encrypted, for extra layers of control and security, you can choose to have Adobe generate a dedicated encryption key for your organization. Content is then encrypted using standard encryption with a dedicated encryption key. If necessary, you can revoke the encryption key from the Admin Console. When you enable encryption on the Admin console, the assets of all users in the organization are encrypted.
Dedicated encryption keys are available only with shared services plans that include storage and services.
Before enabling dedicated encryption keys, see Adobe Creative Cloud for enterprise security overview or Adobe Document Cloud security.
To upgrade your plan to include storage and services, contact your Adobe Account Manager.
Dedicated encryption keys: Considerations
Make note of the following when working with encryption keys
- Once you enable a dedicated encryption key, you cannot revert to using standard encryption keys.
- You can revoke a dedicated encryption key, if necessary. If you revoke the encryption key, your users can no longer access content that has been encrypted using the encryption key. For example, if you suspect a data breach, we recommend you immediately revoke the dedicated encryption key from the Admin Console.
- To restore access to content whose encryption key has been revoked, re-enable the encryption key from the Admin Console.
- Dedicated encryption keys are not recommended for educational institutions. This prevent students from being able to export their content after they leave the institution.
The following data is not encrypted using the dedicated encryption key and is therefore not affected if the key is revoked
- Metadata (file name, collection name, font use, MIME type, and other attributes necessary to browse a collection)
- Videos published by Adobe Spark Video
- Lightroom photos
- Colors that are stored by the Adobe Color service
- All data that is managed by the Behance and Adobe Fonts services
- All data managed by the Experience Cloud
- Saved application preferences
- Information about the account holder such as name, email, licenses, and other basic user account information
- Data of members of an organization with an Adobe ID account (unless the user is collaborating on content when Enterprise ID or Federated ID users initiated the collaboration)
Enable dedicated encryption keys
-
-
On the Encryption Settings page, enable encryption.
-
Click Enable.
The Enable Dedicated Encryption Key dialog box appears.
-
Click Enable to confirm.
The following message indicates that dedicated key encryption is now enabled:
Also, a message is displayed if, for any reason, the enabling of the encryption key fails or the key is enabled but asset encryption has failed.
Revoke dedicated encryption keys
If you revoke a dedicated encryption key, data encrypted with the encryption key is no longer accessible to users.
Users cannot open existing assets, but can browse files, folders, and view attributes. Revoking encryption key restricts all access, even uploading new content. Users will only be able to browse content.
-
Sign in to the Admin Console, and navigate to Settings > Identity > Encryption Settings.
-
On the Encryption Settings page, revoke encryption.
The Revoke Dedicated Encryption Key dialog box appears.
-
Click Revoke to confirm.
When the dedicated encryption key has been successfully revoked, a message indicating the success displays.