ÃÛ¶¹ÊÓƵ

Transcript

Hi, everyone. Welcome. Thank you for joining our webinar. Today will be focused on the ÃÛ¶¹ÊÓƵ Admin Console.

We’re going to wait just another moment for attendees to continue to filter in. Before we dive into today’s content. Before we get started, just to note that this webinar format for attendees is listen only. If you do have any questions that come up. Please feel free to post those in the Q&A pod or the chat module and will respond to as many as possible in the session. And then we do also have time reserved at the end for Q&A to speak to anything that needs a little discussion.

In addition, note that this session is being recorded and we will send out the presentation slides as well as the recording to. Everyone has registered after this session. Today.

All right. Well, it looks like we’ve got a good amount of people filtering through. So I’m going to go ahead and have my colleague Catherine kick us off to take us through today’s content.

Thank you. Katie. Hi, everyone. My name is Kat. I’m a senior field engineer here at ÃÛ¶¹ÊÓƵ and subject matter expert on Marketo and the admin console.

I’m here today with my colleague Dragos. And with that, we will get started. Can everyone see my screen? Okay. Great. So quick introduction. As I said, my name is Kat. Dragos. I’ll let you introduce yourself. Yep. Hi, I’m Greg. I’m working as a senior field engineer consultant in ÃÛ¶¹ÊÓƵ Ultimate Success team. Specializing usually name which is a group experience manager being certified as an architect, and also I DevOps.

Besides, am I being successfully supporting customers in implementing role based access control and streamlining user provisioning for Active Directory from Active Directory to ÃÛ¶¹ÊÓƵ Admin Console? Thank you. And with that we will jump right in. So what is the admin console? The admin console is a centralized platform that streamlines the management of ÃÛ¶¹ÊÓƵ Enterprise Solutions. It offers admins a unified area interface, to interface with the different users, products and services across the ÃÛ¶¹ÊÓƵ solutions.

It integrates seamlessly with the Creative Cloud, the Document Cloud, and the Experience Cloud. Again, for that one stop place to manage, the complexity of the tools.

Is everyone able to see my screen or is the content coming up? It is, but I do believe that, some of the words are a little bit. I mean, I guess the font is a little bit wrong for that. Yeah. Okay, okay. I guess we’re going to we’re going to fix this for for sharing. Unless you. Yeah. Well, for me sharing, I’m not sure why it looks fine on my screen, but then it doesn’t appear. Okay. All right, let’s just keep going. So anyway, the admin console, works across solutions for user management, product management and licensing, security, compliance and integrating with other systems. And it’s also the place where you put in your support tickets. So user management is how admins add or remove users and assign to assign users to ÃÛ¶¹ÊÓƵ products through user groups, which can be customized by things like department. It also provides SSL features to simplify the login process to allow users access across services. For both convenience and security, under products and license management. This is where admins can also, in the admin console, allocate licenses to users and groups to make sure that the right employees are having access to the right tools and product profiles, which allows admins to customize features and services that users can use and access security and compliance. So this lets admins define who can access specific resources and audit. It also has the audit trails that track user activity for compliance and security. The Admin Console also offers API access, which, we’ll talk about more later, but that’s the seamless integration with other enterprises items and directory sync, which allows services, like Azure to ensure consistency and automation and user management. Also, and very importantly, this is where access to support resources is also available inside the admin console. So that also gives you that’s where you open all your tickets to support you with your ÃÛ¶¹ÊÓƵ tools. There’s also user insights that can help us track how products are being used across the organization. So overall, the admin console is where you go to streamline managing users products, licenses and getting your support efficiently and smoothly.

So the Admin Console serves a variety of ÃÛ¶¹ÊÓƵ products, and we know that those products are all very different. Right. And so adapting the admin console adapts its functionalities to cater to the wide needs of the products within the suite. What that means is that different solutions use the admin console differently. Keep in mind access is granted to in the admin console. So access is who gets to use the tool or who is allowed into the solution. And then permission is granted either in the admin console or in the solution itself. And that depends on the solution. And you can think of permission as what the user can actually do inside of the tool. Right. So some people have read only access, some people have more admin access and everything in between depending on the solution.

So with that, we’ve created a cheat sheet. It’s two pages long. But anyway, it’s summarizes pretty clearly for you the solution. And then where permission is granted and then where access is granted. And there are some support articles describing each. So we’ll get a copy of this out to you. Note it’s two slides. Usually permission is granted in the admin console. The only exceptions to that are am, in certain instances in certain versions of the product and commerce and then permission. It depends on the tool. Additionally, another thing that might happen is some solutions are in the middle of migration. So like work front and Marketo campaign. Depending on whether you’re prior post migration, you might be doing your access and permissioning in the admin console or in the tool itself. So we realize that might be a little confusing. So we’ve laid it all out here and we will share that with you.

Okay, I’m going to stop sharing my screen for segue and move over to the admin console. And I’ll take you through. So let me switch screens here.

Okay. So I’m going to walk you through kind of what the admin console looks like here. This is when you log in admin console.adobe.com. The first thing you see is the overview tab. The overview tab provides a holistic view of the accounts. So it shows you where the status of licenses, the number of licenses and users assigned, along with quick links to add and manage your accounts. So that’s all here on the home page as soon as you log in. Another important factor is the org picker. If you have multiple subsidiaries that exist as separate organizations, or each subsidiary has a separate license agreement, the same administrator can be assigned to all of them. And you can go here and pick which org you’re working in.

Okay. Here we have the help option. This is just a super handy, widget within the tool. And this is where you can search for help articles from the ÃÛ¶¹ÊÓƵ Center within the admin console. The user can search independently by typing your query. Or you can go down and kind of look at the recommended options. You can also explore the community, start chat, and share feedback from this help portal right here.

Okay.

So, Under the products tab, this is where you assign a license to a user or group over here. So that’s all done in this tab. And then the users tab is where you actually the users can create search and update or remove access accounts. Another thing that’s important is the user groups. So here in user groups this is a collection of different users that are given a shared set of permissions. And there are various permissions across the different products that are assigned to many users in varying order. So having a user group containing all the members of each department then assign the product to that group helps manage and organize the account more efficiently, and this method allows the administrator to be decoupled from the management of every single user. So when we’re thinking about scaling right user groups becomes really important to the scaling process.

Then we go to the settings tab In the setting tabs it depends on the types of subscription plan you have. But the admin can update and modify a bunch of settings in the admin console first off is the privacy and security context over here. So in the event of a security incident involving ÃÛ¶¹ÊÓƵ software, notifications need to be sent to the appropriate compliance officers. So to help ensure that the prompt there’s a prompt notification the system. And we need to specify in this section, who who should be responsible for the security data protection and compliance. Okay. There’s also console settings over here in the console settings. And admin can add custom notes for the end user to communicate with them about how to get assistance if they encounter issues or require support. So remember, not everyone is going to be able to open support tickets, so this is a good place for you to note where your team should get in touch with. In order to get the help that they need. You can also put email language settings stored in this tab under the identity settings. This allows the organization to have different levels of control over the user’s account data, and it impacts how the user is going to share assets within asset settings. This is where you you give an organization control over its employees to share out assets outside of the organization. So asset settings are used, along with organizational policy of enforcement systems, to ensure that assets are only shared with the appropriate external individuals and organizations. Under authentication settings, it supports several password level protections used to ensure safety and security, and the admin can specify a password protection level to apply to all users across the organization. And then finally, the encryption settings are over here. And this is where we generate, dedicated encryption key for extra layers of control and security. All done here. So the I in in admin console the settings over here. You know, they’re not really set and forget but you’re not going to be adjusting them daily. It’s important to be aware of them and keep it keep touch on them. But this is more about the initial configuration and then just maintaining it. After that. And then what I think is super important is the support tab. So the support tab is where you actually open your tickets.

And so here’s where you’re opening your tickets for all of your ÃÛ¶¹ÊÓƵ solutions. As well as getting access to Experience League and the community. And reviewing documentation is all done in the support tab, which brings you here. Hey.

So with that.

I’m going to bring you back over to, I’m going to bring you back over to my other screen so we can continue the presentation.

Okay, so here are the different levels of admin within the admin console. I’ll, we’ll send you this so you have it laid out. But what’s really important is the system admin. Right. That’s the super user for the organization. And then you have the product admin which administers the actual products. Right. That’s super important along with the profile admin which can assign admins functions across the specific product profile support admin. Also really important because that’s the person who’s going to open the tickets if you need help. Another one is contract admin is a newer type of admin. Who has access to the contract details? Okay. So.

When we’re scaling the admin console, a lot of what we hear day to day is like, you know, we’re trying to create consistency across the business. And because the admin console manages the products differently and interacts differently with each of the solutions, it can be sometimes confusing to realize how to scale something like that because of that. You know, we’ve come up with a couple of best practices to share with you here today. First of all, develop product profiles and then assign based on required permissions. So the product profiles is how you’re going to be able to scale that the users. Right. We don’t want you know, we certainly don’t want 1 to 1 roles and users. And so this is how we manage it is assigning to product profiles. Access should be granted specifically for what’s needed. No more, no less. A lot of times when we see big errors happen right.

You know, someone sends out an email to the wrong group or makes a, a segmentation issue, right where they, they’ve segmented the wrong audience and presented the wrong offer. Right. It’s usually because they’re not trained or they did it by mistake. Right. And so that’s why we don’t want to over grant access. It’s very tempting, especially when the permissions get so granular to just provide all access so they can do whatever they want. But that is a long term setup for failure. So, we, you know, that’s just a best practice.

That brings me to the next thing. Permission should really be decided by a subject matter expert in the tool. So for Am, an Am expert should be advising on the permissions for Marketo, a marketo expert, and so on and so forth. We never want the system admin of the admin console is probably not going to be an expert across all of these solutions, and won’t really know what the different access levels are actually providing compared to what our users are doing day to day in the system. So if you have ultimate success, we would advise that you do decide coaching per solution as needed. So because each solution handles permissions and access differently, we can structure the conversation by solution and ensure the correct SMEs are present for that. I also wanted to call out a couple of limits for the Experience Cloud products on the admin console. Maximum of 14 product profiles per user group is advised.

That and then that includes 8000 profiles in organization, 4000 product profiles, and 100,000 users. I don’t often see anyone coming up against these limits. The only one that seems like it looks a little contextually low is product profiles. In that case, you would just divide up, divide up the product profiles per user group to accommodate that. Okay, so that’s the best practice. But then how do we organize our access and permissions. Right. So we organize by solution. First you’re going to want to do a system audit right. The an ad and system admin will do the audit standard to, you know, remove those who haven’t logged in who have left the company. You know, this is a manual process for those of us who aren’t using, directory sync yet, but it is a necessary and required process. And then you want to review the existing rules to understand how groups are leveraging the tool. Right. It’s really important to understand how your employees are actually interacting with the tools and what they’re adopting within the tool, so that you can give them the appropriate access to the system admin that needs to work with the product admin or profile admin, depending on the set up to review permission logs within the product itself. So you want to work with the SMEs to understand the roles compared to the permissions allowed. And then don’t forget that some of the products like EAP, have attribute based access roles and access control. And then you do a comparison, right? Are the permissions granted appropriate for those given access? I know when I’m doing audits of a solution, if I see like 50 admins, it’s usually a red flag to me, right? Usually a business doesn’t need that many admins in their system. And when we see something like that, it’s, we’re just we’re just granting that access, you know, for convenience, it’s a granular and detailed step to go through that. So don’t underestimate when you’re doing your project plan, how long it’s going to take you to go through that, and then you’re going to, of course, adjust the rules accordingly to those standard business needs and assign when you do the assigning, I highly recommend that you do it at a time that’s not super busy for the organization. So don’t make role changes during your busiest season. And make sure that you provide communication in advance, because it’s possible that, you know, 1 or 2 people are doing something critical and they’ve been assigned a role differently where they do a process. Not that often, but it is required for their, for their job. And so you want to make sure that you’re communicating in advance and they know how to get in touch with you to adjust settings as needed.

Okay. So that’s BI solution. And then what you’re going to do is you want to determine their requirements. Protocol for providing access. What is that mean. That means that when you have a new, person who’s onboarding to the company, when you have someone who’s switching roles or is, you know, got promoted, whatever it is, what training requirements do you require? Is it a certification? Is it a training program? And then how do they requested. So you want to automate that process as much as possible while maintaining your standard for excellence? Especially when it comes to providing those higher levels of access. Determine the protocol for processing requests. So we’re going to go over how to automate those processes. If you’re not automating it, then you know you need to figure out a manual process for that. That works for the business, establish necessary process of infrastructure so that, you know what, what needs to happen, in which order, and who’s going to support that, assign responsibility for the management. So this is not a one and done project. This is a living, breathing, ongoing ING, responsibility of someone. So someone needs to be responsible for it and constantly managing it across the admin console. But then also within the solution someone that’s again that’s the SME who really understands those roles and permissions.

Okay. And with that, I’m going to pass this over to Driggers to talk about the user sync tool.

Thank you again. Now, since we all learned the roles and permissions and what you can do at the admin console level, you would probably wonder how you can streamline this from your organization down to the admin console and then to your products. It’s now synchronizing users from the Ldap into admin console can be achieved using different methods. I mean, to name a few. I would say the basic one, which is manual user, user manual individually. So you go to the admin console and you add one or multiple users, you know you know manual manner. Then you can do them in bulk still at the admin console level if you want. But using bulk CSV import, just remark on that one. You have to be careful if you’re bringing a user, you’re not updating a list of existing one. You’re just bulk CSV import them. All the configurations that are found into your CSV file will overwrite any existing configuration that exists in the admin console. So as a rule of thumb, just download the existing structure of your users. Do a little bit of sanity check and clean up. Remove the users that should not be updated, and then add or do the modifications that are needed for the existing users, and also append the ones that should, should should follow next, the third option that might might be available to you would be Microsoft Azure Sync or Google Federation Sync. Those are tools and apps that are coming with the solution to just mentioned, you just have to configure them from within. And then the process should be should bring automatically the, the groups, if you have them down to the admin console and the one that we’re going to talk about it today, which is just the thing to now use this thing to automate the provisioning of user identity and product access in the Admin console.

It operates by reading user information from one identity source and using configure rules. It creates accounts for users who need ÃÛ¶¹ÊÓƵ product access and assigns the needed products to these users. It also manages the full lifecycle of ÃÛ¶¹ÊÓƵ users. If configured, it can update user information, group membership, and of board users who no longer require access to ÃÛ¶¹ÊÓƵ products and services. To simplify it a bit can be configured to synchronize the list of groups from your Ldap directly into ÃÛ¶¹ÊÓƵ Admin Console, offering the possibility of leveraging role based access control. A potential sources for this would be, either your Ldap system, like your Active Directory or another admin console, an Okta system, and also CSB file. The key benefits of using tool would be the ability to create your federated accounts when the users are placed into the right groups that are part of the synchronization. You can also update account information on certain fields, in the directory when they change. When they’re changed, then you can update user groups for specific people. G accounts can be removed also from the admin console in there you have two options. You have the option to remove and also to delete. You really need to be careful with these options because by default user sync tool configuration is set to look into the whole organization. What that means is ÃÛ¶¹ÊÓƵ IDs are ignored, but federated IDs are not. You can have federated these coming from your organization, but you can have like our accounts. If you add them right now, they will still show up as federated IDs.

The risk is we’re going to do a comparison against the list of, federated IDs found into your org, against the one in your Ldap. The ones that are trying to ÃÛ¶¹ÊÓƵ Admin Console, they will get to be removed. So you need to be careful how you configure your users simple configuration. Because in there you have the option to exclude by groups, by email addresses, by domains I mean it’s quite flexible, but you need to be aware of it.

And also all the actions that that you can do with it today, I would say that it helps you streamline the process of role based access control config by placing placing said users into specific groups, which grants specific access to products that are part of their role.

Now very minor about the above mentioned limitation. Regards to the number of product profiles that could be associated to the group, which is 14 as of today. Now a little bit about using tools. It is a Python based self-contained commandline application. It doesn’t need any. It doesn’t rely on any dependencies. It can basically run on a terminal. Or we can run it in a, you know, you can run it from a script. It runs on both windows or specific Linux distributions. That being said, you can have it hosted in a virtual machine or a Docker container inside your network for easy access to your Active Directory. Doesn’t need too much resources, to be honest. The thing is, you need directional having a read only access to your Ldap for safety reasons mainly. Ideally, you will have it running based on a scheduled task or on windows or a cron job on Linux. The frequency will be something that you will have to agree with. I don’t know, something from one hour would be good enough for for start.

How can it be configured? Well, the first step implies for you to create a directory trust between your IDP and ÃÛ¶¹ÊÓƵ Admin Console part of that process, or separately. You can also add one or multiple domain names and validate them, either with the help of your IDP configuration or using a DNS to record afterwards. If you do the integration between users into an admin console. So we look on the other side.

To do that, you go to the developer console and create an integration for User Management API as a service to associate with the project. Once that’s done, you can get the credentials that are needed by the configuration.

Now there is also an option to use which which we call zero touch administration that gives flexibility to your company and empowers your users. Once the process is created for a specific product, a link can be shared within the organization or team, and user can start using it. Get vantage of of that solution brings it to that brings is that you don’t have to create the account in the admin console. Now you have to place the people into any group. The process itself allows an automatic account creation, and also the people will be placed in the right groups, inheriting the right permissions to the right products.

Those are options that could, you know, in the end, you can also filter the number of users that could use into your organization, because maybe you would want to broadcast it in your organization, but only some departments will have access to it in order to limit the access to to specific users in your organization, you can use an automatic assignment. You can use automatic assignment rules. There are some prerequisites to that configuration before you are able to enable it. So you need to be to read the documentation and make sure that this process actually suits you. Now going to going further down, we managed to bring the users into the active from the Active Directory, into ÃÛ¶¹ÊÓƵ Admin Console. And what would be next? Well, if your organization has a rather complex structure composed out of multiple orgs, those orgs can have a security requirement of leveraging federated login. Or maybe there are some further requirements which enforces federated logging to be used. The integration with your IDP is bound to that org alone, and a domain name is bound to that directory.

That means if you have the need to use federated identification with any other orgs, you will need to find a way to make that work.

To keep things rather simple and to give companies greater flexibility and granularity on how the products are managed. We’ve created a global admin console. In a nutshell, Global Admin Console acts as an organization organization’s central management hub, and it can be seen as feature or add on rather than a transformation. With Global Admin Console, Creative Cloud resources can be distributed across multiple orgs, even though they were licensed in one or other or specific ones. We cannot say the same thing about experienced cloud products. Those are kind of bound to the org, where they were assigned. In most cases, they cannot even be moved from those, or even if you have to.

Can we use Global Admin Console in this case? I mean, the answer is yes, we can. I mean, global advocacy does not replace or change any functional ity of the existing ORS when they adhere to this structure. It works like an Iraqi where the main org, which we call it root org, sits on top of the pyramid and the rest, can be easily structured as child orgs. This feature has no cost and it will, see it in a few minutes. And how other simple is to request it.

What can you do with it? There are a list of actions that you can perform in Global Admin Console. And I’m going to show you in a little bit, what exactly I’m talking about. But to mention a few, I would say you can delegate system admins to other orgs, create extra organization, rename them, distribute Creative Cloud resources among different organizations, or restrict visibility. Basically every org see the only list of user groups and product profiles within, and they have no extra visibility outside of it, so you can silo for them if you want to. You can create, edit, and delete product profiles. Same thing goes about the user groups, including the existing ones that were created previously by the child org. You can export and import information about your organization structure and you have like three types of exports, including Yaml.

This is also a good way to backup the current configuration before a major change. You know, and the most interesting one for the experience cloud world would be group projection or group sharing.

Now, how would you request that in order to request a global admin console, we recommend to check inside your organization if you have either multiple admin console that need to be grouped under one structure, sharing the resources, or you have the need to split the console for siloed administration, you are in need of using an IDP across all your organization, and you want to streamline the process. And last but not least, you are managing multiple contracts in different orgs. There are not mandatory requirements right away, rather than reasons for which you could really benefit from using global Admin Console.

To be honest, there are many, many, many downsides of using it and enable it. It comes with zero risk, especially in the Experience Cloud section.

Now, what you need to do to request it? Well, the main condition would be for you and the people. That should be part of the request to be system admins in the org that will become the root org. Usually that’s the org where the IDP is configure. From that org, you open up a support ticket technically for admin console. Now we are in the process of migrating the support system, and I believe that in the new one there’s no admin console as a product. Just open up a ticket under any eligible product that you have in your org and ask for Global Admin console. Besides asking, you need to fill in some details in front of a template shape which will have the following details. Customer name org ID the one. Even though you’re open it from it, we still ask for it for validation. Org name as it is right now. And the global admins that that will become obviously global admins. You in the name of in the structure of first name, last name and email address. Optionally, you can mention if you want your technical Account Manager or Customer success manager that takes care of your of your of your account. Regarding the constraints, there are a few, and I would like to mention them. The max depth of nesting orgs is five. That means you can create root org child one child through shell three child for all change together. You cannot create a child five so you can go as deep as five iterations down. You can create siblings. And as far as I’m aware, there might not be a limit. But although imagine that every object that you create in the Cherokee represents an organization. So I mean, you really have to have, that granularity if you want to create that many maximum pathname length would be 255 characters, including slashes. So that means when you create, just imagine it as the Uri path in a link, right? So you have slash root one root org, then child one child two child three child for all the limited by slashes all the strings that are composing this Uri should not surpass 255 characters. The old name itself has a limit of its own. It’s between four characters, so you have a minimum limit and 100 or Pathname is unique, but you can have the same org name in your in your organization as long as they are not siblings. So if they’re not sitting in the same in the same, they don’t have the same parent, you can easily name them in the same way.

You can share a group from I mean, group position. It’s another feature. Works works exclusively between parent and children or lower actually. So from the root org you can share with every other org. But if you have a group projection from, from a child organization, you can do that only against, the lower orgs. You cannot share it with the sibling or with the parent.

Now let me try to actually show you a little bit what I’ve been talking about.

Okay. I hope you can all see my screen now. I’m working on a on stage environment. I might have features that do not exist. I really hope you will not be the case. I’m trying to keep it simple. Now. This is my my my sample org and inside it I created a structure in which I create a pack and map all all, all of these are org. So if you look at it you have an already in here and another one once I move around in here, so on and so forth.

As of right now, I don’t believe I created any groups. Now I do have one. Let’s add another group. So from the from the root org I can create another. Let’s say this group.

Now that I created this group, bear in mind that the group is not actually created every every modification, every change that I’m doing in the, in the global Admin Console has a review process. So basically I need to go to review pending changes, evaluate the changes that I’m planning to do, and approve them. If I don’t do that, the changes are not permanent. Now let’s assume that I want to share this group to another org. I can I can select the group that I’m planning to share it. I’m asked again about it, and then I get to choose basically every org that I have underneath me to share those groups. Let’s say that I’m going to go only with this. Again, nothing happens. The changes are actually pending in review. Let’s create another org if I want to. Oh, by the way, there’s another interesting feature that I might have mentioned. You can rename the orcs right now. So you have this tiny pencil in here and you can actually change the name of the country.

You’re going to leave it like this. And right now it’s another pending action on my play. If I want to create an org, you can also do that. This is a self-service and you can create it. Right. Rather easily. You just select where you want to create it. And you just I don’t know, I’m going to create another country just to show that actually you can you can actually have the same name on different orgs in the same, in the same structure. The only thing that you cannot do, you cannot create another country. As a sibling for the same or so. Oh, wait, I actually went below.

Yeah. So it says that’s already exists at the same level. This is the problem we’re going to we’re going to leave them like that. I’m going to review the pending changes. Right now I have all these action painting for me and I’m going to submit them.

I got to tell you that sometimes it takes some seconds. Sometimes it takes a little bit longer when it comes to, sharing groups and distributing with a lot of users, it might take a little bit longer until you see them. Now, from this, from this place, actually, you can go and open up the admin console off of the set, of the set orgs. So right now I shared one of the groups, if I remember correctly, with with this company, which is group created in country one, and if I am opening the one console, if I have the right permissions, I get to say this is your regular admin console. So basically if you do not have a global admin console, you will see exactly what you what you’ve seen before. The only thing that actually makes a difference let me remember which one was it. Country. Okay, this one.

The only thing that will differ once I get to log in, you’ll see a tiny structure on the left hand upper side of the, of the page. So basically in here you can see a little bit of ramifications. And this is the so-called Uri that we mentioned. So you have Acme Dash dev immediate country. This is the path that I was talking about. Now if let’s assume that you did a mistake and you want to undo some of the things, right. So I shared a group a little bit earlier and I want to remove it. Let’s go with this. I got again to manage it. And I say I want to either resync or revoke the access to it. And here you have two interesting options. So one actually does a proper cleanup. It removes the groups and deletes the users and everything. The other one, it just revokes the shell group. So it breaks the link between the the org that shared the group and any other groups that are, any other orgs that are part of the synchronization and leaves the group intact with the users inside. I would go with this one.

I would like to mention that usually in production, when you have users in groups shared with actual people, even though you see the action as being completed in here, it might take up to five minutes until you see it. It it takes a little bit of time until you manage to finalize the process. By the way, you can also delete orgs. This is another interesting thing. As long as I don’t have any dependencies. Okay, so I have a shell group with it. I just delete it earlier. Now obviously it takes a little bit of time until I managed to do it. I haven’t done anything with shell country of country. So let me try to delete this one. Okay. So the problem is I mean there is no problem with it, but there is a warning saying that it cannot be undone and all the resources will be, you know, move back to the Creative Cloud, and all the users that will have that had access to it, obviously they will stop having access. Also, the assets created for those for those users will be deleted and actually not deleted, will be reallocated from, from those users, and they will not be accessible by them. Since you are running on the, on the enterprise storage model, you get to recover them. But, I mean, it will not be a really easy process to do it.

As I mentioned before, even though I did this, it’s still a pending task and I have to submit it.

As I mentioned before, if you want to share a group, let’s say you do a group projection in here.

First I’m creating it and I want to share it.

I’m able to share it only with like the ones that are underneath me. So basically I get to share it with country. I mean, the second one, I’m not going to try to do it because it’s already pending on delete.

You will not be able to share it. For me, bacteremia or any other child of children from India branch, you get to do it only under your branch.

So you need to design your structure in such a way that obviously, it suits your purpose. And it kind of overcomes the limitation that I’ve been mentioning.

I guess this is it. From this point, I would say that, that concludes the conversation regarding users, including global admin. If you need support on any specific topic, don’t hesitate to contact us. If you have an active ultimate success premise for contract, reach out one of your Technical Account Manager Customer Success managers and you can engage us if you need support. Thank you.

Thank you guys so much. I’m going to launch a quick poll for feedback. It’s just two questions. If everyone to take the time to please give us a response, that’d be much appreciated. But I’m going to go ahead and keep it open for a few more minutes in case Catherine Jack knows there’s anything in the Q&A that you’d like to speak to you.

It looks like everything was well handed through the Q&A and chat pod, but yeah, let us know if there’s anything else that you want to add on to what was discussed there.

All right. Well, thank you everyone for your time today. We’ll send out the recording and a copy of the presentation to everyone who’s registered and have a great rest of your day.