Application
Applies to enterprise & teams.
Asset settings give system admins control over sharing restrictions, access requests, and asset movement across the organization.
Go to Settings > Asset settings in the Adobe Admin Console to configure asset policies.
- Asset Settings isn't a digital rights management (DRM) system or a comprehensive asset protection system. Employees with access to certain assets can still copy them and share them with others outside the organization using third-party systems.
- To control access to partner generative AI models, see Manage roles and permissions.
Sharing options
Sharing options help admins define guardrails for collaboration across the organization.
Admins can adjust these settings to meet organizational, security, and operational needs.
System administrators can select a restrictive setting that limits employees from using specific sharing features within Creative Cloud and Document Cloud. Asset settings and other third-party organizational policy enforcement systems are used to ensure that assets are only shared with appropriate external entities.
Deployment Considerations
Before you turn on sharing restrictions, consider the impact it has on your end users.
After you choose a setting, you cannot stop or reverse the consequent deletion process. If you choose No public link sharing, all existing public links are removed and users with these links can no longer access the linked content. If you choose Sharing Limited to Org Members and Trusted Users, any current external collaborators who are not part of the org or claimed, trusted, or authorized domains lose access to content previously shared with them. Users can no longer access Content Schedules in Adobe Express and scheduled social media posts are paused.
Below are the Creative Cloud and Document Cloud sharing and publishing functionalities that are impacted when you select No public link sharing or Sharing Limited to Org Members and Trusted Users.
|
|
Impacted features |
Application |
Impacted features |
|---|---|---|---|
|
Adobe Comp |
Share, Send to Behance |
Adobe XD |
Invitations, Share link |
|
Adobe Express |
Share to social, access Content Scheduler |
Adobe Stock |
Invitations, Share link |
|
After Effects |
Invite to Team Project, Invite to Library |
Aero (mobile) |
Publish link, Post to Behance |
|
Animate |
Social share |
Behance |
Creating or updating projects or Work in Progress, Invitations |
|
Capture |
Share, Invitations |
Creative Cloud (desktop and mobile) |
Get link, Invitations |
|
Creative Cloud Assets |
Get link, Invitations, Share to Slack |
Creative Cloud Libraries |
Get link, Invitations, Share to Slack |
|
Dimension |
Generating public links |
Firefly |
Share link |
|
Fresco |
Get link, Invitations |
Illustrator and Illustrator Draw |
Link to project, Invitations |
|
InDesign |
Publish Online, Share for Review |
Lightroom |
Share |
|
Photoshop (desktop) |
Invitations |
Photoshop (mobile) |
Share to social |
|
Photoshop Sketch |
Link to Project |
Portfolio |
Access to Portfolio site, create drafts, and publish |
|
Podcast |
Invite guests, Share template |
Premiere Pro |
Invite to Team Projects |
- You can't enable or disable Frame.io sharing on the Admin Console.
- Starting August 15, 2024, all new Lightroom shares will follow Enterprise sharing restrictions. These restrictions will also apply to existing shares starting December 5, 2024.
Learn more about enabling and disabling services.
|
Application |
Impacted features |
Application |
Impacted features |
|---|---|---|---|
|
Acrobat and Reader desktop apps |
Share |
Adobe Document Cloud for Microsoft Outlook |
Share |
|
Mobile apps (including Adobe Scan and Acrobat) |
Share Link, Share Document Cloud Link |
Web services (cloud.acrobat.com) |
Share |
Workfront asset settings are not yet available in the Adobe Admin Console. Learn how to manage your asset settings.
Configure the sharing restrictions policy
To choose a restrictive Asset Setting for your organization, do the following:
In the Admin Console, navigate to Settings > Asset Settings.
Choose a Sharing Restrictions Policy.
You can choose from three levels of restrictions. Once you choose a more restrictive setting, you cannot stop or undo the loss of existing public links, shared folders, or document collaborations. Users can no longer access Content Schedules in Adobe Express and scheduled social media posts are paused.
If you select Sharing Limited to Org Members and Trusted Users, ensure that you define your authorized domains. Any current external collaborators who are not part of the org or claimed, trusted, or authorized domains will lose access to content previously shared with them.
To use the option Sharing Limited to Org Members and Trusted Users with Document Cloud, you must add your claimed and trusted domains to the Authorized Domains.
|
Sharing Options |
Restrictions |
Impact on existing links and collaborations |
|---|---|---|
|
No restrictions (Default) |
|
No impact. |
|
No public link sharing |
|
Deletes all existing public links. Once this process starts, you cannot stop or undo it. Users can no longer access Content Schedules in Adobe Express and scheduled social media posts are paused. |
|
Sharing limited to org members and trusted users |
|
Deletes all existing public links and deletes all existing collaborations on shared documents and folders with users who are not in the org or an allowed domain. Once this process starts, you cannot stop or undo it. Users can no longer access Content Schedules in Adobe Express and scheduled social media posts are paused. |
The time taken to restrict sharing through Asset Settings is proportional to the number of users in the organization and the sharing relationships between them. For some Adobe products and services, it also involves invalidating cached entries in CDNs and removing preview images from slack. If the Asset Setting is changed, it can take up to 24 hours to fully take effect.
Users will be prevented from sharing assets with everyone in an organization with more than 500,000 users.
Select Confirm.
If you want your users to continue sharing organization-owned assets with specific external organizations or individuals, do the following.
- For an external organization such as an agency: Add the agency’s domain to the authorized list of domains under Asset Settings in the Adobe Admin Console.
- For a freelancer: Issue the individual an Enterprise ID, or Federated ID from your organization. Or, add the user as a Business ID type to your organization on the Admin Console.
You can use this default setting to allow users with no permissions to a folder or document to request access to it.
For added privacy, you can use this setting to prevent users from requesting access to a document that has not been shared with them.
By default, access requests are allowed. So, a user with the link to a shared resource, but without the permission to view it, can request access. Users with sharing permissions on the document receive notifications for each access request and can decide whether to grant or deny access.
The requester receives a notification when the access is granted or denied.
If you have a sharing limited to org members and trusted users policy selected, that restriction is applied when users attempt to grant an access request made by someone outside the organization.
Implications for users in multiple organizations
Adobe strongly recommends that a user only be a member of one organization. Where users must be members of multiple organizations, all organizations must have the same Sharing Policy and Allow Lists configured.
Move assets policy
On the Asset settings page in the Admin Console, you can configure the Move assets policy to control whether users in your organization can move assets outside the organization's storage.
Option |
Description |
Allow asset move (Default) |
Users in your organization can move assets to locations outside the organization’s storage, such as shared projects or folders. |
Restrict asset move |
Users in your organization can't move assets to locations outside the organization’s storage. Copying assets isn't affected by this policy. |
Changes to the Move assets policy setting are captured in the audit log. Asset move events across organizations are captured in the content log.
Regardless of the policy setting, admins can move assets outside the organization’s storage, while users outside the organization cannot.
Learn how users can move files to a project in another organization.
Authorized Domains are the domains that are safe to collaborate with. If you have selected Sharing Limited to Org Members and Trusted Users, you can add domains to the Authorized Domains.
Add authorized domains
In the Admin Console, navigate to Settings > Asset Settings > Authorized domains.
Select Add Domains.
Enter the domains in the Add Domains dialog. You can add multiple domains separated by commas. Select Add.
To use the option Sharing Limited to Org Members and Trusted Users with Document Cloud, you must add your claimed and trusted domains to the Authorized Domains.
Remove authorized domains
While managing the authorized domains on the Admin Console, to remove domains from the list, select the checkbox to the left of the domain names, and select Remove Domains. Then, select Remove to confirm.
The domain name is removed from the Authorized Domains. If the sharing option is set to Sharing Limited to Org Members and Trusted Users, any shares to the removed domain are revoked.
Removing domains from the authorized list deletes all existing collaborations on shared documents and folders between users in that domain and the users in your organization. Once this process starts, you cannot stop or undo it.
Content Credentials are an industry-standard type of metadata that can capture details about how content was made and identity information about users who made the content. This durable metadata can then be accessed by people viewing the content when it's published online to supporting platforms or by using dedicated viewing tools like Adobe’s Inspect tool or the Adobe Content Authenticity Chrome browser extension.
Applying Content Credentials to content can help increase transparency about how it was made and the tools that were used. It can also help your users connect themselves to content they have made, if you allow them to include their identity information. Learn more about Content Credentials.
In the Adobe Admin Console, go to Settings > Asset Settings > Content Credentials and use the toggles to allow users in your organization to use Content Credentials and include their own identity in them.
- When turned on, users in your organization can customize Content Credentials preferences and apply them to files in supported Adobe apps, including the Adobe Content Authenticity (Beta) web app.
- When turned off, Content Credentials preferences will not appear in supported apps, and users will not be able to apply Content Credentials to files or manage preferences in Adobe Content Authenticity.
Content Credentials metadata is meant to persist with content as it is shared online. A combination of invisible watermarking and digital fingerprinting makes Content Credentials very durable. As an organization, you own and are responsible for the content produced by your plan users, including content that may contain Content Credentials with identity information.