Update organization policies

Policy Category

Policy Name

Description

Organization Management

Create Child Orgs

Allows global admin(s) to create child orgs. If off, no child orgs can be created.

Rename Org

If allowed, a global or system admin can rename the org. It also controls changing the country/region of the org. The pathname of an organization can also be changed independently of this policy setting if a parent organization is renamed, or the organization or an ancestor of the organization is reparented.

Allows global admin(s) to delete child organizations. This becomes more important when organizations with Enterprise Storage are enabled due to the risk of deleting user assets.

Delete Orgs

Administrator Management

Add or Delete Admins

Allows global admin(s) to add new admins to an organization. If off, new admins cannot be added.

Inherit System Admins from Parent when Child Org is Created

When global admin(s) create new child organizations, systems admins of the parent become system admins of the new organization automatically. This policy is default off.

Manage Admins

Allows global admin(s) to change or remove/edit admin permissions.

User Management

Inherit Users from Directories Managed by the Parent Org

This policy must be toggled on and active prior to creating the new child org.

When a child organization is created, users in the parent organization are made available as users in the child org. In other words, this policy automatically sets up a trust relationship between the parent and the child when the new child is created within GAC.

For existing orgs, any trust relationships prior to being added to GAC will remain once brought into GAC. If there were no trust relationships in place, the usual trust request process must be followed.

For this policy to be successful, the global admin who creates the new organization must also be a system admin of the parent organization with the claimed domain. If not, the domain trust relationship will not be inherited into the newly created org.

Add Adobe ID Users

If set, the organization cannot add Adobe ID type users via the Admin Console, User Management API (UMAPI), or sync mechanism.

Manage User Groups

If allowed, Global, System, and user group admins can create, edit, and delete User Groups.

Directory and Domain Enforcement

Claim Domains

Change Identity Configuration

If set, system admins can claim domains on the Admin Console.

If set, system admins can change the setup of user identity configuration on the Admin Console.

Product Allocation

Manage Products

Allows global admin(s) to add or remove products and change product resource grants.

Asset Sharing

System or Storage admin can change asset sharing settings

If allowed, storage and system admins can change asset sharing settings, including security contacts, password policy, and storage policy.

If allowed, asset sharing settings are inherited from the parent when a child organization is created. Asset sharing settings include security contacts, password policy, and storage policy.

This only applies to newly created orgs at the time of creation. It is set on a parent and affects the creation of child orgs under that parent.

Inherit sharing policy from a parent when an organization is created