Asset settings

Last updated on Jun 10, 2026

Applies to enterprise & teams.

Asset settings give system admins control over sharing restrictions, access requests, and asset movement across the organization.

Go to Settings > Asset settings in the Adobe Admin Console to configure asset policies.

Note
  • Asset Settings isn't a digital rights management (DRM) system or a comprehensive asset protection system. Employees with access to certain assets can still copy them and share them with others outside the organization using third-party systems.
  • To control access to partner generative AI models, see Manage roles and permissions.

Sharing options

Sharing options help admins define guardrails for collaboration across the organization.

Admins can adjust these settings to meet organizational, security, and operational needs.


Sharing restrictions policy

System administrators can select a restrictive setting that limits employees from using specific sharing features within Creative Cloud and Document Cloud. Asset settings and other third-party organizational policy enforcement systems are used to ensure that assets are only shared with appropriate external entities.

Deployment Considerations

Before you turn on sharing restrictions, consider the impact it has on your end users.

After you choose a setting, you cannot stop or reverse the consequent deletion process. If you choose No public link sharing, all existing public links are removed and users with these links can no longer access the linked content. If you choose Sharing Limited to Org Members and Trusted Users, any current external collaborators who are not part of the org or claimed, trusted, or authorized domains lose access to content previously shared with them. Users can no longer access Content Schedules in Adobe Express and scheduled social media posts are paused.

Below are the Creative Cloud and Document Cloud sharing and publishing functionalities that are impacted when you select No public link sharing or Sharing Limited to Org Members and Trusted Users.

Application

Impacted features

Application

Impacted features

Adobe Comp

Share, Send to Behance

Adobe XD

Invitations, Share link

Adobe Express

Share to social, access Content Scheduler

Adobe Stock

Invitations, Share link

After Effects

Invite to Team Project, Invite to Library

Aero (mobile)

Publish link, Post to Behance

Animate

Social share

Behance

Creating or updating projects or Work in Progress, Invitations

Capture

Share, Invitations

Creative Cloud (desktop and mobile)

Get link, Invitations

Creative Cloud Assets

Get link, Invitations, Share to Slack

Creative Cloud Libraries

Get link, Invitations, Share to Slack

Dimension

Generating public links

Firefly

Share link

Fresco

Get link, Invitations

Illustrator and Illustrator Draw

Link to project, Invitations

InDesign

Publish Online, Share for Review

Lightroom

Share

Photoshop (desktop)

Invitations

Photoshop (mobile)

Share to social

Photoshop Sketch

Link to Project

Portfolio

Access to Portfolio site, create drafts, and publish

Podcast

Invite guests, Share template

Premiere Pro

Invite to Team Projects

Note
  • You can't enable or disable Frame.io sharing on the Admin Console.
  • Starting August 15, 2024, all new Lightroom shares will follow Enterprise sharing restrictions. These restrictions will also apply to existing shares starting December 5, 2024.

Learn more about enabling and disabling services.

Application

Impacted features

Application

Impacted features

Acrobat and Reader desktop apps

Share

Adobe Document Cloud for Microsoft Outlook

Share

Mobile apps (including Adobe Scan and Acrobat)

Share Link, Share Document Cloud Link

Web services (cloud.acrobat.com)

Share

Note

Workfront asset settings are not yet available in the Adobe Admin Console. Learn how to manage your asset settings.

Configure the sharing restrictions policy

To choose a restrictive Asset Setting for your organization, do the following:

In the Admin Console, navigate to Settings > Asset Settings.

Choose a Sharing Restrictions Policy.

You can choose from three levels of restrictions. Once you choose a more restrictive setting, you cannot stop or undo the loss of existing public links, shared folders, or document collaborations. Users can no longer access Content Schedules in Adobe Express and scheduled social media posts are paused. 

If you select Sharing Limited to Org Members and Trusted Users, ensure that you define your authorized domains. Any current external collaborators who are not part of the org or claimed, trusted, or authorized domains will lose access to content previously shared with them.

Note

To use the option Sharing Limited to Org Members and Trusted Users with Document Cloud, you must add your claimed and trusted domains to the Authorized Domains.

Sharing Options

Restrictions

Impact on existing links and collaborations

No restrictions (Default)

  • You can keep this default setting whereby users are allowed to share public links, publish posts to social media, and collaborate on shared folders with anyone inside or outside the organization.
  • Recommended for enterprises who trust their employees to have freedom, control, and access to every Creative Cloud and Document Cloud feature.

No impact.

No public link sharing

  • Prevents users from creating public links and posting to social media.
  • Recommended for enterprises who want to prevent public sharing but still want to allow invitation-based sharing with anyone inside and outside of the organization.

Deletes all existing public links. Once this process starts, you cannot stop or undo it. Users can no longer access Content Schedules in Adobe Express and scheduled social media posts are paused.

Sharing limited to org members and trusted users

  • You can restrict invitation-based sharing to recipients in your org, claimed domainstrusted domains, and authorized domains. After you set this policy, the users are prevented from sharing organization-owned assets with external users who are not members of the org or in the list of allowed domains.
  • Recommended for enterprises who need tight control over which external domains can access organization assets.

Deletes all existing public links and deletes all existing collaborations on shared documents and folders with users who are not in the org or an allowed domain. Once this process starts, you cannot stop or undo it. Users can no longer access Content Schedules in Adobe Express and scheduled social media posts are paused.  

The time taken to restrict sharing through Asset Settings is proportional to the number of users in the organization and the sharing relationships between them. For some Adobe products and services, it also involves invalidating cached entries in CDNs and removing preview images from slack. If the Asset Setting is changed, it can take up to 24 hours to fully take effect.

Caution

Users will be prevented from sharing assets with everyone in an organization with more than 500,000 users.

Select Confirm.

If you want your users to continue sharing organization-owned assets with specific external organizations or individuals, do the following.

  • For an external organization such as an agency: Add the agency’s domain to the authorized list of domains under Asset Settings in the Adobe Admin Console.
  • For a freelancer: Issue the individual an Enterprise ID, or Federated ID from your organization. Or, add the user as a Business ID type to your organization on the Admin Console.

Choose an Access Request Policy and select Confirm.

You can use this default setting to allow users with no permissions to a folder or document to request access to it.

For added privacy, you can use this setting to prevent users from requesting access to a document that has not been shared with them.

By default, access requests are allowed. So, a user with the link to a shared resource, but without the permission to view it, can request access. Users with sharing permissions on the document receive notifications for each access request and can decide whether to grant or deny access.

The requester receives a notification when the access is granted or denied.

Note

If you have a sharing limited to org members and trusted users policy selected, that restriction is applied when users attempt to grant an access request made by someone outside the organization. 

Implications for users in multiple organizations

Adobe strongly recommends that a user only be a member of one organization. Where users must be members of multiple organizations, all organizations must have the same Sharing Policy and Allow Lists configured.


Move assets policy

On the Asset settings page in the Admin Console, you can configure the Move assets policy to control whether users in your organization can move assets outside the organization's storage.

Option

Description

Allow asset move (Default)

Users in your organization can move assets to locations outside the organization’s storage, such as shared projects or folders.

Restrict asset move

Users in your organization can't move assets to locations outside the organization’s storage. Copying assets isn't affected by this policy.

Changes to the Move assets policy setting are captured in the audit log. Asset move events across organizations are captured in the content log.

Note

Regardless of the policy setting, admins can move assets outside the organization’s storage, while users outside the organization cannot.

Authorized domains

Authorized Domains are the domains that are safe to collaborate with. If you have selected Sharing Limited to Org Members and Trusted Users, you can add domains to the Authorized Domains.

Add authorized domains

In the Admin Console, navigate to Settings Asset Settings > Authorized domains.

Select Add Domains.

Enter the domains in the Add Domains dialog. You can add multiple domains separated by commas. Select Add.

Note

To use the option Sharing Limited to Org Members and Trusted Users with Document Cloud, you must add your claimed and trusted domains to the Authorized Domains.

Remove authorized domains

While managing the authorized domains on the Admin Console, to remove domains from the list, select the checkbox to the left of the domain names, and select Remove Domains. Then, select Remove to confirm.

The domain name is removed from the Authorized Domains. If the sharing option is set to Sharing Limited to Org Members and Trusted Users, any shares to the removed domain are revoked.

Caution

Removing domains from the authorized list deletes all existing collaborations on shared documents and folders between users in that domain and the users in your organization. Once this process starts, you cannot stop or undo it.

Content Credentials

Content Credentials are an industry-standard type of metadata that can capture details about how content was made and identity information about users who made the content. This durable metadata can then be accessed by people viewing the content when it's published online to supporting platforms or by using dedicated viewing tools like Adobe’s Inspect tool or the Adobe Content Authenticity Chrome browser extension

Applying Content Credentials to content can help increase transparency about how it was made and the tools that were used. It can also help your users connect themselves to content they have made, if you allow them to include their identity information. Learn more about Content Credentials.

In the Adobe Admin Console, go to Settings > Asset Settings > Content Credentials and use the toggles to allow users in your organization to use Content Credentials and include their own identity in them.

  • When turned on, users in your organization can customize Content Credentials preferences and apply them to files in supported Adobe apps, including the Adobe Content Authenticity (Beta) web app. 
  • When turned off, Content Credentials preferences will not appear in supported apps, and users will not be able to apply Content Credentials to files or manage preferences in Adobe Content Authenticity.

Note

Content Credentials metadata is meant to persist with content as it is shared online. A combination of invisible watermarking and digital fingerprinting makes Content Credentials very durable. As an organization, you own and are responsible for the content produced by your plan users, including content that may contain Content Credentials with identity information.

Note

This setting can only be enabled if Content Credentials access is already turned on.

  • When turned on, users will be able to include their personal identity information in Content Credentials. This information is managed by users on the Connected Identities webpage. The Admin Console's Connected Identities page can also control their ability to access that webpage to connect identity information and share it in Content Credentials and on Behance.
  • When turned off, users can't include identity information from the Connected Identities webpage in Content Credentials. However, they will still be able to include that information on Behance unless access to Connected Identities is turned off on the Admin Console’s Connected Identities page.
Note

Content Credentials are automatically added to content created with generative AI using Adobe Firefly, whether on the web or through its APIs. This happens even if users don’t choose to apply them, and the policy cannot be changed.

By default, these credentials don't include personal identity information. However, identity details may be included if two conditions are met:

  • You have enabled user access to manage identity information in Content Credentials
  • The user chooses to include their personal identity when applying Content Credentials

In that case, the credentials will show both the use of generative AI and the user's identity.