Shared Device Licensing is a licensing model to deploy and manage Adobe applications in labs and shared device setups, where multiple users use the devices and applications. The software license is assigned to a device or computer instead of an individual. Shared Device Licensing is ideal for computers in your labs or classrooms. Shared Device Licensing is not designed for use on machines used by dedicated users. For dedicated users, we recommend you deploy named-user licenses.
While Named User Licensing is associated the license with the user, Shared Device Licensing assoicates the machine. So, when you launch a named user licensed app, the license is validated agains the user name and password. When you launch a shared device licensed app, the license is validated against the machine on which the app is license is installed. This implies that a named user licensed app can be acitvated on any machine as long as the user name and password are validated. While shared device licensed apps will only activate on machine on which the license is installed.
Read more about Adobe's licensing methods.
When users launch an app on a shared device, they’re prompted to sign in with their credentials. Apps only launch after a successful sign-in. The required credentials depend on how you have set up identity in your institution.
The sign-in screen warns users to sign out of Creative Cloud after they're done. Also, users should not store any assets on this shared device.
A shared device license does not directly entitle a user to access any services such as storage, libraries, fonts, or stock, among others. However, if the user account has these entitlements these services are available.
While shared device licenses do not have specific system requirements, ensure that your end-user machines meet the system requirements of the installed Creative Cloud applications. See the Creative Cloud system requirements. Also, for details any installation errors, see Product Installation Error/Exit Codes.
IT admins can create packages and deploy the apps to computers. Shared Device Licensing provides several tools that allow you to control user access to apps: Identity, Access Policy, Egress IP addresses, and Associated Machines. You can use a combination of these options to prevent unauthorized usage of the apps and protect your student accounts and the assets created by them.
Enterprise or Federated IDs are owned by the organization or school and all data is legally owned by the organization. K-12 schools are required to use Enterprise or Federated IDs. You can also use these IDs if you want to exercise tighter control on who can access the apps. To use Enterprise or Federated IDs, if you haven’t already done so, you’ll need to set up identity.
For more information, see the identity Types supported on the Admin Console.
You can choose Open Access to enable anyone to access the apps on a shared device. All users need is a valid account of any of the types described above, a personal account (Adobe ID) or enterprise account. Users can even sign up for a free Adobe ID and use that to access the apps. Use Open Access for open labs where general public, visiting students and staff, and our students access the labs and the apps. For example, shared machines in your public library or if you use the lab to provide continued education after hours.
Choose Organization user only to limit access to users you have added to the Admin Console. These users could be of any type of ID which is supported on the admin console. This option is useful if you want to provide limited access to approved students and staff only. For example, a lab at a higher education institution, where users may have any supported identity type.
Choose Enterprise/Federated users only, to restrict access to Enterprise users only. Signing in with personal Adobe IDs does not enable access to the apps. This option is useful to restrict access to Enterprise users only. For example, in a K-12 lab use this option to authorize minor students to access the apps and services.
Egress IP addresses or ranges prevent access to apps if users connect from outside your approved computer networks. This is especially useful, if you use portable computers and can restrict the apps to run only when they’re connected to a lab or school network. Using the apps from outside your labs or school network is not allowed.
Use this option to specify external IP address ranges. This is the Internet-facing IP address behind which the workstations are connected. You can use this to prevent access to applications if these workstations are used from a different network. Note that you may have to modify the setting periodically if your Internet connection does not have a static IP address.
You can use the Associated Machines section to define how to segment groups of machines into different product profiles.
Choose By Microsoft Active Directory organizational units to ensure all machines that belong to a listed organizational unit are associated with a product profile. If, for example, your institution has created organizational units based on department, you can create product profiles for each department. Machines that belong to a department will be associated to a specific product profile.
To associate an Active Directory organizational unit to a product profile, it needs to be a leaf directory. This implies that it needs to be the bottom-most directory, with no other directories below it.
The associated machine options are applied in the listed order of priority.
Say profile A is configured with Active Directory OU = Library and profile B is configured with Package = Video apps. A machine in the Library OU and with the Video apps package, will be associated with profile A and not with profile B.
If you're a new customer, you can skip this section.
If you’re an existing Device Licensing customer, Adobe provides you a complimentary upgrade to Shared Device Licensing. The older Device Licensing program does not provide access to the latest version of Creative Cloud apps. For access to the latest version of Creative Cloud apps, you can migrate your older device licenses to the new shared device licenses. Post migration, your older apps will continue to work for a period of 30 days, within which you can set up and deploy the latest apps using shared device licenses. For more information, see Migrate from Device Licensing to Shared Device Licensing
If you’re using the legacy Serial Number Licensing to manage your lab computers, you can continue to use the older apps until the serial numbers become invalid. If you deploy a shared device license package alongside a serial number package, both will continue to work. You can continue to use the older apps until the serial number licenses expire, or you can uninstall the serial number licensed apps and deploy a new shared device license package.
The above migrations are one way. So, once you complete the migration process from device or serial licenses to shared device licenses, you cannot then go back to either device or serial licenses.
Once you’ve determined which machines you need to deploy Creative Cloud apps to, you can begin your deployment. Depending on your access requirements and current setup you may need to perform some of the following actions. We recommend that you read this document completely before you start the deployment so that you have all the required information ahead of time.
- If you haven’t already done so, you’ll start with setting up identity to enable Enterprise or Federated IDs.
- You’ll need to demonstrate ownership of the domain (for example: @school.edu) to complete this step.
- You may need to contact the person who manages your institution’s website or emails to complete this activity.
Adobe recommends that you use Enterprise or Federated IDs to provide access to regular students or lab users. These identity types provide your organization better control and monitoring.
For step-by-step instructions, see Set Up Identity.
Before you proceed, we recommend that you see the following videos on setting up identity for Shared Device Licensing:
The primary admin for your institution on the Admin Console is a System admin. The system admin has the rights to perform all tasks on the Admin Console. However, it's always a good idea to delegate tasks to other admins. This decentralizes the admin tasks and specialized tasks are then performed by the roles that most fit those tasks.
- Create Product admins to create product profiles and add users to the organization.
- Create Product profile admins to manage product profiles and add users the organization.
See how to manage admin roles on the Admin Console.
If you plan to deploy shared device licenses in multiple labs to your institution, you can map each lab to a different product profile on the Admin Console.
For example, you can create a product profile for labs to be unrestricted, so that anyone can use Adobe apps, even users without a school account. Additionally, you can create product profiles for other labs where access to the installed applications needs to be restricted to users with a school account. Also, you can restrict access to the applications installed in these labs based on the access policies defined on the corresponding product profiles.
For details, see how to manage shared device license profiles.
Shared device configurations provide three options to control user access to apps: Access Policy, Egress IP addresses, Associated Machines. You can use a combination of these options to prevent unauthorized usage of the apps and protect your student accounts and the assets created by them.
For more details, see Shared device configuration.
After you create the shared device license package, set up the devices in your lab with the license.
Choose from the following methods to deploy the package:
- Install by double-clicking the package file. See this document for details.
- Use third-party tools such as Microsoft System Center Configuration Manager (SCCM), Apple Remote Desktop, or JAMF Casper Suite. See this document for details.
- Deploy using command line on Windows computers. See this document for details.
- Deploy using Info.plist file on macOS computers. See this document for details.
For details on troubleshoot Creative Cloud apps installation and uninstallation errors, see this document.
If you are a VIP (Value Incentive Plan) customer, you can purchase products or additional shared device licenses from the Admin console directly.
In the upper-right corner of the Overview page of the Admin Console, click Add Products.
In the Add Products screen, add products or add licenses to your existing products.
To recover licenses on unused machines, go to the Admin Console and reset the product profile that is mapped to the unused machines. See this document for details on how to recover shared device licenses.
Your IT department determines if the users are allowed to do so on the lab machines, by setting the appropriate user access policy.
If the user access policy is set to Open Access, the users can use any Adobe ID to sign in. If they have more than one account, each account's storage is unique.