Global Administration | Edit organizations

Last updated on Dec 27, 2022 | Also applies to Creative Cloud for enterprise, Document Cloud for enterprise

See how you can request access to Global Admin Console.

In the Global Admin Console, after you select an organization from the hierarchy tree, you can begin editing information for a particular organization. Edits can affect the organization name, user groups, product profiles, administrators, and organization policies. Edits cannot affect users (except for deletion of groups or product profiles) and cannot add users (except for administrators).

When an organization is selected from the hierarchy tree, the following information is displayed: Organization name, region, number of users, list of products, product profiles, user groups, administrators, claimed domains, and organization's policy values.

To view or edit products, user groups, administrators, domains, policies, or policy templates, select the appropriate tab. You can use the search field in most cases to locate a specific item within the tab.

Any Global Admins or Admins added to or removed from an org will receive an email notification. Certain policy changes to an org result in a notification in that org's Admin Console.

Following is a list of products supported in the Global Admin Console:

Acrobat	Dimension	Muse
Adobe Animate	Document Cloud (including Sign)	Photoshop
Adobe Audition	Dreamweaver	Prelude
Adobe Stock premium credits	Flash	Premiere Pro
Adobe Stock standard credits	Fresco	Premiere Rush
Adobe Stock video	Illustrator	Adobe Express
After Effects	InCopy	Substance
Creative Cloud - All apps	InDesign	XD
Creative Cloud - Single app	Lightroom

View Products

You can view the list of products assigned to the selected organization. To look for a product, use the search field.

To manage access to a product, use the Admin console. Individual users can be granted access there.
To add or remove products, navigate to Product Allocation. Learn more.

Manage product profiles

As in the Admin console, you can fine-tune the usage of the products within an organization through product profiles. Product profiles allow you to enable all or a subset of Adobe services available with a product. You can also assign administrators, called Product Profile Administrators, to the product profiles. These administrators can add end users to the product profiles that they manage.

Note:

To manage product profiles, select a product. The controls to add, edit, and delete product profiles are displayed. For some products, you cannot create or edit product profiles in the Global Admin Console. In such cases, use the Admin Console.

In the Global Admin Console, select an organization to edit, then navigate to the Products tab.
Select a product to add a Product Profile to.
Click Add Profile.
Enter the following in the Add Profile dialog box that appears:
- Name: specify a name for the Product Profile that is unique in the organization among other product profiles and user groups.
- Quota: specify the target number of licenses allotted for this profile
- User Groups: click the drop-down arrow to select a user group from the list, or enter the user group name and select it from the drop-down list that displays. If you want to add a user group that you have not yet created, you must first create it using the User Groups tab.
- Admins: click the drop-down arrow to select an admin from the list, or enter the admin's email address and select it from the drop-down list that displays. If you want to add a new admin that hasn't already been created, you must first do that using the Admins tab.
The User Groups you specify are assigned the Product Profile, and the Admins you specify become the Product Profile Admins for the profile. The Product Profile Admins can use the Adobe Admin console for the relevant organization to manage the Product Profile.
Use the Notifications toggle to enable or disable the notifications. If enabled, users are notified via email when they are added or removed from this profile.
Use the toggles for individual services to enable or disable them for the Product Profile. For more information, see Enable/disable services for a Product Profile.
Click Save.
Click Review Pending Changes after you are done editing the organizations. After reviewing, click Submit Changes to execute them.

Select an organization to edit, navigate to the Products tab, and select a product.
Click for the relevant Product Profile, and select Edit Profile.
Update the Product Profile details and click Save.
Click Review Pending Changes after you are done editing the organizations. After reviewing, click Submit Changes to execute them.

Caution:

Deleting a product profile removes access to the product for users who were members of that profile or user groups that were attached to that profile.

Select an organization to edit, navigate to the Products tab, and select a product.
Click for the relevant Product Profile, and select Delete Profile.
Click Ok in the dialog box that appears.
Click Review Pending Changes after you are done editing the organizations. After reviewing, click Submit Changes to execute them.

Manage user groups

You can create user groups to simplify the process of assigning products to a collection of users. User groups can also have admins, called the User Group Admins, who can add or remove users from the group. In the Global Admin Console, you can define user groups with relevant product profiles assigned, to which the user group admins can later add users using the Admin Console.

In the Global Admin Console, select an organization to edit, then navigate to the User Groups tab.
Click Add User Group.
Enter the following in the Add User Group dialog box that appears:
- Name: specify a name for the user group
- Product Profiles: if you want to grant product access to the current or future members in the user group, click the drop-down arrow to select a Product Profile from the list, or enter the Product Profile name and select it from the drop-down list that displays. If you want to add a product profile that hasn't already been created, you must first do that using the Product Profiles tab.
- Admins: click the drop-down arrow to select an admin from the list, or enter the admin's email address and select it from the drop-down list that displays. If you want to add a new admin that hasn't already been created, you must first do that using the Admins tab.
The product profiles you specify are assigned to the User Group, and the Admins you specify become the User Group Admins for the group. The User Group Admins can use the Adobe Admin console for the relevant organization to manage the group.
Click Save.
Click Review Pending Changes after you are done editing the organizations. After reviewing, click Submit Changes to execute them.

Select an organization to edit and navigate to the User Groups tab.
Click for the relevant user group, and select Edit User Group.
Update the user group details and click Save.
Click Review Pending Changes after you are done editing the organizations. After reviewing, click Submit Changes to execute them.

Select an organization to edit and navigate to the User Groups tab.
Click for the relevant user group, and select Delete User Group.
Click Ok in the dialog box that appears.

Caution:

Deleting a user group can impact your users. Ensure that there is no access or information that will be lost when the user group is deleted.
Click Review Pending Changes after you are done editing the organizations. After reviewing, click Submit Changes to execute them.

Manage administrators

You can create a flexible administrative hierarchy that enables fine-grained management of Adobe product access and usage. Like in the Adobe Admin Console, the Global Admin Console allows you to add System Admins, Product Admins, Product Profile Admins, User Group Admins, Deployment, Support, and Storage Admins. These admins can perform their respective administrative tasks in the organizations they are the admin of. Apart from these roles, there are two new roles for the Global Administration: Global Admin and Global Viewer.

Global Admin is a transitive role. Making a user the Global Admin of an organization automatically makes that user a Global Admin of all children of that organization, directly or indirectly. Also, if a new organization is created in the org hierarchy, all Global Admins of any parents of that organization will immediately become Global Admins of the newly created organization.

The following are the capabilities of the Global Admin role:

Create and delete child organizations
Set and edit policies
Set and modify administrative roles

Add and remove products in child organizations
Set or change resource allocations for child organizations
Manage Product Profiles and User Groups

Following are the capabilities of the Global Viewer role:

View the list of user groups, products, product profiles, administrators, policies set, and resources in the organization and in the child organizations.

Distributed administration

By managing administrators, a Global Admin can delegate and distribute the administration of users, products licenses, and groups to admins for each individual organization. The admin added to an organization by a Global Administrator is given the flexibility to manage the org without having any visibility into the administration of other orgs. So, the Global Admin can delegate administration of resources and users keeping the data on those resources and users isolated.

A Global Admin can create organizations, distribute resources such as products and storage to those organizations, manage identity setup, and create and apply org policy templates. A System Admin added to an organization by a Global Admin can assign products to users, onboard users, create and manage product profiles, and perform other administrative tasks within that organization.

In the Global Admin Console, select an organization to edit, then navigate to the Admins tab.
Click Add Admin.
In the Add Admin dialog box that appears, enter the User Details—Email, First Name, Last Name, Account Type, Country Code.

If you are trying to add an existing user as admin, choose the same account type as the existing user, otherwise the add operation will fail.

Note:

Organizations can have restrictions on which Account Types can be added. These may be based on policies or on other configuration parameters for an organization. Organizations do not allow adding both AdobeID users and BusinessID users at the same time. In general, there should not be users of both types in an organization but depending on the order in which rules are set there may be some users of a particular Account Type that pre-date the application of policies or rules.
Select one or more admin roles from the Admin Rights section.

For Admin types like Product Administrator, Product Profile Administrator, and User Group Administrator, select the specific products, profiles, and groups respectively.
Click Save.
Click Review Pending Changes after you are done editing the organizations. After reviewing, click Submit Changes to execute them.

When an admin role is added, the user receives an email notification informing them of the change in their role.

After the administrator is added, they receive an email message inviting them to accept their role and giving them a link to the Admin Console. If they are added as both a Global Administrator and some other role, they will receive two invitations, one to the Global Admin console and one to the Admin Console.

Select an organization to edit and navigate to the Admins tab.
Click for the relevant admin, and select Edit Admin.
Update the admin details and click Save.
Click Review Pending Changes after you are done editing the organizations.

A separate command appears in the pending change list for each added or removed admin role. After reviewing, click Submit Changes to execute them.

Select an organization to edit and navigate to the Admins tab.
Click for the relevant admin, and select Remove Admin Rights.
Click Ok in the dialog box that appears.
Click Review Pending Changes after you are done editing the organizations. After reviewing, click Submit Changes to execute them.

After you delete an admin, the admin receives an email notification informing them of the loss of access to the admin console for that organization.

View Domains

You can view the list of domains linked to the selected organization. If you are a system administrator of the selected organization, click Open in Admin Console to manage domains.

To understand the information displayed in the Domains tab, see Export and import schemas.

Update policies

Policies are associated with an organization and restrict operations that can be performed on that organization. As a Global Administrator, you can set and modify policies for an organization and its children.

When a policy value is set, it restricts or enables actions from that point forward. For example, if Claim Domains policy is set to not allowed, no additional domains can be claimed but any domains claimed before setting the policy value are not affected. To modify the policies of an organization, do the following:

In the Global Admin Console, select an organization to edit, then navigate to the Policies tab.
Click the toggle for the relevant policy to allow or disallow it.

You can also lock a policy so no one except a Global Administrator of the organization selected in the org picker or its parent organization can change or unlock it.
To lock a policy, click . Hovering on the lock now displays the name of the selected organization. Learn more about policy locks.
Click Review Pending Changes after you are done editing the organizations. After reviewing, click Submit Changes to execute them.

Policy locks

When a policy is locked, its value cannot be changed until the policy is unlocked. The Global Admin Console remembers the selected org in the org picker as being the org from which the policy was locked. Any Global Administrator of that selected org or of any org higher in the tree has the permission to unlock the policy.

Global administrators whose scope is lower than that org do not have the permission to unlock and change policy values.

To create a locked-down environment, set desired policy values on your child orgs and then lock them. Global administrators of those child orgs will not be able to edit the policy values.

For example, if Elissa, the Global administrator of Acme Division creates child orgs, Marketing and Engineering. Then, adds Robert as a Global Admin of Marketing and Sarah as Global Admin of Engineering. Next, she sets several policies to Not Allowed and locks them. Elissa can later unlock and change the policy values when she chooses Acme Division as the selected org, but Robert and Sarah cannot unlock the policies on the organizations they are Global admins of because the policies are locked by the org Acme Division.

Policy details

Policy Category	Policy Name	Description
Organization Management	Create Child Orgs	Allows Global Admin(s) to create child orgs. If off, no child orgs can be created.
	Rename Org	If allowed, a Global or System Admin can rename the org. It also controls changing the country/region of the org. The pathname of an org can also be changed independently of this policy setting if a parent org is renamed, or the org or an ancestor of the org is reparented. Allows Global Admin(s) to delete child orgs. This becomes more important when orgs with Enterprise Storage are enabled due to the risk of deleting user assets.
	Delete Orgs
Administrator Management	Add or Delete Admins	Allows Global Admin(s) to add new admins to an org. If off, new Admins cannot be added.
	Inherit System Admins from Parent when Child Org is Created	When Global Admin(s) create new child orgs, Systems Admins of the parent become System Admins of the new org automatically. This policy is default off.
	Manage Admins	Allows Global Admin(s) to change or remove/edit admin permissions.
User Management	Inherit Users from Directories Managed by the Parent Org	This policy must be toggled on and active prior to creating the new child org. When a child org is created, users in the parent org are made available as users in the child org. In other words, this policy automatically sets up a trust relationship between the parent and the child when the new child is created within GAC. For existing orgs, any trust relationships prior to being added to GAC will remain once brought into GAC. If there were no trust relationships in place, the usual trust request process must be followed. For this policy to be successful, the Global Admin who creates the new org must also be a System Admin of the parent org with the claimed domain. If not, the domain trust relationship will not be inherited into the newly created org.
	Add Adobe ID Users	If set, the org cannot add Adobe ID type users via the Admin Console, User Management API (UMAPI), or sync mechanism.
	Manage User Groups	If allowed, Global, System, and User Group Admins can create, edit, and delete User Groups.
Directory and Domain Enforcement	Claim Domains Change Identity Configuration	If set, System Admins can claim domains on the Admin Console.
Directory and Domain Enforcement	Claim Domains Change Identity Configuration	If set, System Admins can change the setup of user identity configuration on the Admin Console.
Product Allocation	Manage Products	Allows Global Admin(s) to add or remove products and change product resource grants.
Asset Sharing	System or Storage admin can change asset sharing settings	If allowed, Storage and System Admins can change asset sharing settings, including security contacts, password policy, and storage policy. If allowed, asset sharing settings are inherited from the parent when a child org is created. Asset sharing settings include security contacts, password policy, and storage policy. This only applies to newly created orgs at the time of creation. It is set on a parent and affects the creation of child orgs under that parent.
Asset Sharing	Inherit sharing policy from a parent when an organization is created

Manage policy templates

Policy Templates are a set of policy values that can be used to streamline setup and facilitate consistent policy management across organizations. They are stored with an organization and are visible to all Global Administrators of that organization. They can be applied to any child organization, directly or indirectly from the organization where they are stored.

Once applied, the entries from the policy template are individually set in each organization. There is no ongoing association between the policy template and the organizations to which it was applied. Editing the policy template does not update the policies on organizations to which the policy template was applied previously.

When a policy template is applied to an organization, each of the entries in the policy template are applied to the organization's policies, replacing existing policy values. Updates to locked policies are only performed if the user applying the update is a Global Administrator of the organization indicated by the Locked By icon of the policy being updated.

If the user applying the template has permission to unlock the policy, the policy locks take the values from the template applied (locked or unlocked). If the template indicates that the lock should be left as is, the value of the lock in the policy stays same as before.

In the Global Admin Console, select an organization to edit, then navigate to the Policy Templates tab.
Click Create Template.
In the Create Policy Template dialog box, enter the name and description for the policy template.

The name of the policy template can be a maximum of 100 characters.
Select the policies to include in the template.
Set values for the selected the policies.
- Set the slider to Allowed or Not Allowed. Learn about policy details.
- Modify the lock value of the policy: Lock/ Unlock/ Keep as is
  
  Lock: The policy will be locked after application of the template.
  
  Unlock: The policy will be unlocked after application of the template.
  
  Keep as is: The lock state of the policy will be left the same as before the template was applied.
Click Save.

In the Global Admin Console, select an organization to edit, then navigate to the Policy Templates tab.
Click for the relevant policy template and select Apply Template to Organization.
Select the organizations to apply the template to.
Click Apply Template.
Click Review Pending Changes after you are done editing the organizations. After reviewing, click Submit Changes to execute them.

If all the policy values in the organizations you select match the values in the template, a message appears notifying that no changes were made. Also, Review Pending Changes is not enabled if there are no other pending edits.

In the Global Admin Console, select an organization to edit, then navigate to the Policy Templates tab.
Click for the relevant template, and select Edit template.
Update the policy template and click Update Now.

Note:

Unlike other changes made in the Global Admin Console, policy template edits are applied immediately when Update Now is clicked. They do not go through the Review Pending Changes - Submit process.

In the Global Admin Console, select an organization to edit, then navigate to the Policy Templates tab.
Click for the relevant admin, and select Delete Template.
Click Yes in the dialog box that appears.

Note:

Unlike other changes made in the Global Admin Console, policy template deletions are applied immediately when Yes is clicked. They do not go through the Review Pending Changes - Submit process.

More like this

After editing your organizations, you can allocate products to the organizations or go back to setting up the organizations. If you still don't have access to the Global Admin Console, submit a support case using your Admin Console to request the same.

Get help faster and easier

New user?