Shared Device Licensing is a licensing model to deploy and manage Adobe applications in labs and shared device setups, where multiple users use the devices and applications. The software license is assigned to a device or computer instead of an individual. Shared Device Licensing is ideal for computers in your labs or classrooms. Shared Device Licensing is not designed for use on machines used by dedicated users. For dedicated users, we recommend you deploy named-user licenses.
Why Shared Device Licensing
To use an app deployed on a shared device, end users need to sign in with their credentials. When users launch an app on a shared device, they’re prompted to sign in with their credentials. The apps only launch after a successful sign-in. A shared device license does not directly entitle a user to access any services such as storage, libraries, fonts, or stock, among others. However, if the user account has these entitlements these services are available.
Often, users forget to sign out after the class or lab session is complete. To protect users and their assets, periodically, users are prompted with an account confirmation dialog box. This ensures that a subsequent user to the lab computer does not access have to assets that the previous user was working on.
- To sign in, users are required to have a valid user name and password. The required credentials depend how you have set up identity in your institution.
- While shared device licenses do not have specific system requirements, ensure that your end-user machines meet the system requirements of the installed Creative Cloud applications. For details, see this document.
IT admins can create packages and deploy the apps to computers. Shared Device Licensing provides several tools that allow you to control user access to apps: Identity, Access Policy, Egress IP addresses., and Associated Machines. You can use a combination of these options to prevent unauthorized usage of the apps and protect your student accounts and the assets created by them.
Enterprise or Federated IDs are owned by the organization or school and all data is legally owned by the organization. You must use Enterprise or Federated IDs if your students are under 13 years old or above, for example K-12 schools. You can also use these IDs if you want to exercise tighter control on who can access the apps. To use Enterprise or Federated IDs, if you haven’t already, you’ll need to set up identity.
Adobe IDs are owned by the users and any data associated with the Adobe ID is legally owned by the users. Users need to be 13 or older to create Adobe IDs. IT admins don’t have any way to monitor or control data and content associated with an Adobe ID account. You can use Adobe IDs if your users are above 13 years of age and you do not want to monitor or control data access.
For more information, see Supported Identity Types.
You can choose Open Access to enable anyone to access the apps on a shared device. All users need is a valid account of any of the three types described above, a personal account (Adobe ID) or enterprise account (Enterprise ID or Federated ID). Users can even sign up for a free Adobe ID and use that to access the apps. Use this option for open labs where general public, visiting students and staff, and our students access the labs and the apps. For example, shared machines in your public library or if you use the lab to provide continuing education after hours.
Choose Organization user only to limit access to users you have added to the Admin Console. These users could be Adobe ID, Enterprise ID, or Federated ID users. This option is useful if you want to provide limited access to approved students and staff only. For example, a lab at a higher education institution, where users may have either Adobe IDs, Enterprise IDs, or Federated IDs.
Choose Enterprise/Federated users only, to restrict access to Enterprise users only. Signing in with Adobe IDs does not enable access to the apps. This option is useful to restrict access to Enterprise users only. For example, in a K-12 lab use this option to authorize minor students to access the apps and services.
Egress IP addresses or ranges prevent access to apps if users connect from outside your approved computer networks. This is especially useful, if you use portable computers and can restrict the apps to run only when they’re connected to a lab or school network. Using the apps from outside your labs or school network is not allowed.
Use this option to specify external IP address ranges. This is the internet-facing IP address behind which the workstations are connected. You can use this to prevent access to applications if these workstations are used from a different network. Note that you may have to modify the setting periodically if your internet connection does not have a static IP address.
You can use the Associated Machines section to define how to segment groups of machines into different product profiles.
Choose By Microsoft Active Directory organizational units to ensure all machines that belong to a listed organizational unit are associated with a product profile. If, for example, your institution has created organizational units based on department, you can create product profiles for each department. Machines that belong to a department will be associated to a specific product profile.
To associate an Active Directory organizational unit to a product profile, it needs to be a leaf directory. This implies that it needs to be the bottom-most directory, with no other directories below it.
The associated machine options are applied in the listed order of priority.
Say profile A is configured with Active Directory OU = Library and profile B is configured with Package = Video apps. A machine in the Library OU and with the Video apps package, will be associated with profile A and not with profile B.
If you're a new customer you can skip this section.
If you’re an existing Device Licensing customer, Adobe provides you a complimentary upgrade to Shared Device Licensing. The older Device Licensing program does not provide access to the latest version of Creative Cloud apps. For access to the latest version of Creative Cloud apps, you can migrate your older device licenses to the new shared device licenses. Post migration, your older apps will continue to work for a period of 30 days, within which you can set up and deploy the latest apps using shared device licenses. For more information, see Migrate from Device Licensing to Shared Device Licensing
If you’re using the legacy Serial Number Licensing to manage your lab computers. You can continue to use the older apps until the serial numbers become invalid. If you deploy a shared device license package alongside a serial number package, both will continue to work. You can continue to use the older apps untill the serial number licenses expire, or you can uninstall the serial number licensed apps and deploy a new shared device license package.
The above migrations are one-way. So, once you complete the migration process from device or serial licenses to shared device licenses, you cannot then go back to either device or serial licenses.
Once you’ve determined which machines you need to deploy Creative Cloud apps to, you can begin your deployment. Depending on your access requirements and current setup you may need to perform some of the following actions. We recommend that you read this document completely before you start the deployment so that you have all the required information ahead of time.
In most cases, if you haven’t already done so, you’ll start with setting up identity. This step is required for enabling Enterprise or Federated IDs. You’ll need to demonstrate ownership of the domain (for example: @school.edu) to complete this step. You may need to contact the person who manages your institution’s website or emails to complete this activity.
Adobe recommends that you use Enterprise or Federated IDs to provide access to regular students or lab users. These identity types provide your organization better control and monitoring.
For step-by-step instructions, see Set Up Identity.
The primary admin for your institution on the Admin Console is a System admin. The system admin has the rights to perform all tasks on the Admin Console. However, it's always a good idea to delegate tasks to other admins. This decentralizes the admin tasks and specialized tasks are then performed by the roles that most fit those tasks.
- Create Product admins to create product profiles and add users to the organization.
- Create Product profile admins to manage product profiles and add users the organization.
See how to manage admin roles on the Admin Console.
If you plan to deploy shared device licenses in multiple labs to your institution, you can map each lab to a different product profile on the Admin Console.
For example, you can create a product profile for labs to be unrestricted, so that anyone can use Adobe apps, even users without a school account. Additionally, you can create product profiles for other labs where access to the installed applications needs to be restricted to users with a school account. Also, you can restrict access to the applications installed in these labs based on the access policies defined on the corresponding product profiles.
For details, see how to create and manage product profiles.
Shared device configurations provide three options to control user access to apps: Access Policy, Egress IP addresses, Associated Machines. You can use a combination of these options to prevent unauthorized usage of the apps and protect your student accounts and the assets created by them.
For more details, see Shared device configuration.
After you create the shared device license package, set up the devices in your lab with the license.
Choose from the following methods to deploy the package:
- Install by double-clicking the package file. See this document for details.
- Use third-party tools such as Microsoft System Center Configuration Manager (SCCM), Apple Remote Desktop, or JAMF Casper Suite. See this document for details.
- Deploy using command line on Windows computers. See this document for details.
- Deploy using Info.plist file on macOS computers. See this document for details.
If you are a VIP (Value Incentive Plan) customer, you can now purchase products or additional shared device licenses from the Admin console directly.
In the upper-right corner of the Overview page of the Admin Console, click Add Products .
In the Add Products screen, add products or add licenses to your existing products.
If you deploy shared device licenses to machines and those machines are no longer in use, the licenses are still consumed and you can't use them on other machine. The product card on the Overview tab of the Admin Console, the machines used indicates the license count.
To recover licenses on unused machines, go to the Admin Console and reset the product profile that is mapped to the unused machines. See this document for details on how to recover shared device licenses.