51ºÚÁϲ»´òìÈ

Transcript

Hi everyone. Welcome. Thank you for joining our webinar today. We’ll be focused on the 51ºÚÁϲ»´òìÈ Admin Console. We’re going to wait just another moment for attendees to continue to filter in before we dive into today’s content. Before we get started, just to note that this webinar format for attendees is listen only. If you do have any questions that come up, please feel free to post those in the Q&A pod or the chat module and we’ll respond to as many as possible in the session. And then we do also have time reserved at the end for Q&A to speak to anything that needs a little discussion. In addition, note that this session is being recorded and we will send out the presentation slides as well as the recording to everyone has registered after the session today. All right. It looks like we’ve got a good amount of people filtering through. So I’m going to go ahead and have my colleague, Catherine, kick us off to take us through today’s content. Thank you, Katie. Hi everyone. My name is Kat. I am a senior field engineer here at 51ºÚÁϲ»´òìÈ and subject matter expert on Marketo and the admin console. I’m here today with my colleague, Dragos. And with that, we will get started. Can everyone see my screen? Okay. Great. So quick introduction. As I said, my name is Kat. Dragos, I’ll let you introduce yourself. Yep. Hi, I’m Dragos. I’m working as a senior field engineer consultant in 51ºÚÁϲ»´òìÈ Ultimate Success team, specializing usually in AEM, which is 51ºÚÁϲ»´òìÈ Experience Manager, being certified as AEM architect and also AEM DevOps. Besides AEM, I’ve been successfully supporting customers in implementing role-based access control and streamlining user provisioning from Active Directory to 51ºÚÁϲ»´òìÈ Admin Console. Thank you. Great. And with that, we will jump right in. So what is the admin console? The admin console is a centralized platform that streamlines the management of 51ºÚÁϲ»´òìÈ Enterprise Solutions. It offers admins a unified area to interface with the different users, products, and services across the 51ºÚÁϲ»´òìÈ Solutions. It integrates seamlessly with the Creative Cloud, the Document Cloud, and the Experience Cloud, again, for that one-stop place to manage the complexity of the tools. Is everyone able to see my screen, or is the content coming up? It is, but I do believe some of the words are a little bit… I mean, I guess the font is a little bit wrong. Overlap, yeah. Okay. Okay, I guess we’re going to fix this for sharing, unless you… Yeah. We’ll fix it for sharing. I’m not sure why. It looks fine on my screen, but then it doesn’t appear. Okay. All right. Let’s just keep going. So anyway, the admin console works across solutions for user management, product management, and licensing, security compliance, and integrating with other systems. And it’s also the place where you put in your support tickets. So user management is how admins add or remove users and assign users to 51ºÚÁϲ»´òìÈ products through user groups, which can be customized by things like department. It also provides SSO features to simplify the login process to allow users access across services for both convenience and security. Under products and license management, this is where admins can also, in the admin console, allocate licenses to users and groups to make sure that the right employees are having access to the right tools. And product profiles, which allows admins to customize features and services that users can use and access. Security and compliance. So this lets admins define who can access specific resources and audit. It also has the audit trails that track user activity for compliance and security. The admin console also offers API access, which we’ll talk about more later, but that’s the seamless integration with other enterprise systems and directory sync, which allows services like Azure to ensure consistency and automation in user management. Also and very importantly, this is where access to support resources is also available inside the admin console. So that also gives you, that’s where you open all your tickets to support you with your 51ºÚÁϲ»´òìÈ tools. There’s also user insights that can help us track how products are being used across the organization. So overall, the admin console is where you go to streamline managing users, products, services and getting your support efficiently and smoothly. So the admin console serves a variety of 51ºÚÁϲ»´òìÈ products, and we know that those products are all very different, right? And so adapting, the admin console adapts its functionalities to cater to the wide needs of the products within the suite. What that means is that different solutions use the admin console differently. Keep in mind, access is granted in the admin console. So access is who gets to use the tool or who is allowed into the solution, and then permission is granted either in the admin console or in the solution itself, and that depends on the solution. And you can think of permission as what the user can actually do inside of the tool, right? So some people have read-only access, some people have more admin access and everything in between depending on the solution. So with that, we’ve created a cheat sheet. It’s two pages long, but anyway, it summarizes pretty clearly for you the solution and then where permission is granted and then where access is granted, and there are some support articles describing each. So we’ll get a copy of this out to you. Note it’s two slides. Usually permission is granted in the admin console. The only exceptions to that are AEM in certain instances, in certain versions of the product, and Commerce. And then permission, it depends on the tool. Additionally, another thing that might happen is some solutions are in the middle of migration, so like Workfront and Marketo, Campaign. Depending on whether you’re pre or post migration, you might be doing your access and permissioning in the admin console or in the tool itself. So we realized that might be a little confusing, so we’ve laid it all out here and we will share that with you. I’m going to stop sharing my screen for a sec and move over to the admin console and I’ll take you through. So let me switch screens here. So I’m going to walk you through kind of what the admin console looks like. Here this is when you log in adminconsole.adobe.com.

The first thing you see is the overview tab. The overview tab provides a holistic view of the account, so it shows you where the status of license is, the number of licenses and users assigned along with quick links to add and manage your accounts. So that’s all here on the homepage as soon as you log in. Another important factor is the org picker. If you have multiple subsidiaries that exist as separate organizations or each subsidiary has a separate license agreement, the same administrator can be assigned to all of them and you can go here and pick which org you’re working in. Here we have the help option. This is just a super handy widget within the tool and this is where you can search for help articles from the 51ºÚÁϲ»´òìÈ Center within the admin console. The user can search independently by typing your query or you can go down and kind of look at the recommended options. You can also explore the community, start chat and share feedback from this help portal right here. So, under the products tab, this is where you assign a license to a user or group over here. So that’s all done in this tab and then the users tab is where you actually, the users can create, search and update or remove access accounts. Another thing that’s important is the user groups. Here in user groups, this is a collection of different users that are given a shared set of permissions and there are various permissions across the different products that are assigned to many users in varying order. Having a user group containing all the members of each department, then assign the product to that group helps manage and organize the account more efficiently. This method allows the administrator to be decoupled from the management of every single user. So when we’re thinking about scaling, user groups becomes really important to the scaling process. Then we go to the settings tab. In the settings tab, it depends on the types of subscription plan you have, but the admin can update and modify a bunch of settings in the admin console. First off is the privacy and security contacts over here. So in the event of a security incident involving 51ºÚÁϲ»´òìÈ software, notifications need to be sent to the appropriate compliance officers. So to help ensure that there’s prompt notification, the system admin needs to specify in this section who should be responsible for the security data protection and compliance. There’s also console settings over here. In the console settings, an admin can add custom notes for the end user to communicate with them about how to get assistance if they encounter issues or require support. So remember, not everyone is going to be able to open support tickets, so this is a good place for you to note where your team should get in touch with in order to get the help that they need. You can also put email language settings stored in this tab. Under the identity settings, this allows the organization to have different levels of control over the user’s account data, and it impacts how the user is going to share assets. In asset settings, this is where you give an organization control over its employees to share assets outside of the organization. So asset settings are used along with organizational policy of enforcement systems to ensure that assets are only shared with the appropriate external individuals and organizations. Under authentication settings, it supports several password-level protections used to ensure safety and security, and the admin can specify a password protection level to apply to all users across the organization. And then finally, the encryption settings are over here, and this is where we generate a dedicated encryption key for extra layers of control and security. All done here. In Admin Console, the settings over here, they’re not really set and forget, but you’re not going to be adjusting them daily. It’s important to be aware of them and keep touch on them, but this is more about the initial configuration and then just maintaining it after that. And then what I think is super important is the support tab. The support tab is where you actually open your tickets. And so here’s where you’re opening your tickets for all of your 51ºÚÁϲ»´òìÈ solutions, as well as getting access to Experience League and the community, and reviewing documentation is all done in the support tab, which brings you here. Okay.

So with that, I’m going to bring you back over to my other screen so we can continue the presentation.

Okay. So here are the different levels of admin within the Admin Console. We’ll send you this so you have it laid out, but what’s really important is the system admin rate, that’s the super user for the organization. And then you have the product admin, which administers the actual products, right? That’s super important along with the profile admin, which can assign admins functions across the specific product profile. Support admin, also really important because that’s the person who’s going to open the tickets if you need help. Another one is contract admin is a newer type of admin who has access to the contract details. Okay. So when we’re scaling the Admin Console, a lot of what we hear day to day is like, you know, we’re trying to create consistency across the business. And because the Admin Console manages the products differently and interacts differently with each of the solutions, it can be sometimes confusing to realize how to scale something like that. Because of that, you know, we’ve come up with a couple of best practices to share with you here today. First of all, develop product profiles and then assign based on required permission. So the product profiles is how you’re going to be able to scale the users, right? We don’t want, you know, we certainly don’t want one to one roles and users. And so this is how we manage it is assigning to product profiles. Access should be granted specifically for what’s needed, no more, no less. A lot of times when we see big errors happen, right? You know, someone sends out an email to the wrong group or makes a segmentation issue, right, where they’ve segmented the wrong audience and presented the wrong offer, right? It’s usually because they’re not trained or they did it by mistake, right? And so that’s why we don’t want to over grant access. It’s very tempting, especially when the permissions get so granular to just provide all access so they can do whatever they want. But that is a long term setup for failure. So we, you know, that’s just a best practice. That brings me to the next thing. Permissions should really be decided by a subject matter expert in the tool. So for AEM, an AEM expert should be advising on the permissions for a Mercado, a Mercado expert and so on and so forth. We never want, the system admin of the admin console is probably not going to be an expert across all of these solutions and won’t really know what the different access levels are actually providing compared to what our users are doing day to day in the system. So if you have ultimate success, we would advise that you do desk side coaching per solution as needed. So because each solution handles permissions and access differently, we can structure the conversation by solution and ensure the correct SMEs are present for that. I also wanted to call out a couple of limits for the experience cloud products on the admin console. A maximum of 14 product profiles per user group is advised. And then that includes 8,000 profiles in an organization, 4,000 product profiles and 100,000 users. I don’t often see anyone coming up against these limits. The only one that seems like it looks a little contextually low is product profiles. In that case, you would just divide up the product profiles per user group to accommodate that. Okay, so that’s the best practice. But then how do we organize our access and permissions? We organize by solution. First, you’re going to want to do a system audit. System admin will do the audit standard to remove those who haven’t logged in, who have left the company. This is a manual process for those of us who aren’t using Directory Sync yet, but it is a necessary and required process. And then you want to review the existing roles to understand how groups are leveraging the tool. It’s really important to understand how your employees are actually interacting with the tools and what they’re adopting within the tool so that you can give them the appropriate access. The system admin then needs to work with the product admin or profile admin, depending on the setup, to review permission logs within the product itself. So you want to work with the SMEs to understand the roles compared to the permissions allowed. And then don’t forget that some of the products, like AEP, have attribute-based roles in access control. And then you do a comparison, right? Are the permissions granted appropriate for those given access? I know when I’m doing audits of a solution, if I see like 50 admins, it’s usually a red flag to me, right? Usually a business doesn’t need that many admins in their system. And when we see something like that, it’s, oh, we’re just granting the access for convenience. It’s a granular and detailed step to go through that. So don’t underestimate when you’re doing your project plan, how long it’s going to take you to go through that. And then you’re going to, of course, adjust the roles accordingly to the standard business needs and assign. When you do the assigning, I highly recommend that you do it at a time that’s not super busy for the organization. So don’t make role changes during your busiest season and make sure that you provide communication in advance because it’s possible that one or two people are doing something critical and they’ve been assigned a role differently or they do a process not that often, but it is required for their job. And so you want to make sure that you’re communicating in advance and they know how to get in touch with you to adjust settings as needed. Okay, so that’s by solution. And then what you’re going to do is you want to determine the requirements protocol for providing access. What does that mean? That means that when you have a new person who’s onboarding to the company, when you have someone who’s switching roles or is, you know, got promoted, whatever it is, what training requirements do you require? Is it a certification? Is it a training program? And then how do they request it? So you want to automate that process as much as possible while maintaining your standard for excellence, especially when it comes to providing those higher levels of access. Determine the protocol for processing requests. So we’re going to go over how to automate those processes. If you’re not automating it, then you know, you need to figure out a manual process for that that works for the business. Establish necessary process of infrastructure. So that’s, you know, what needs to happen in which order and who’s going to support that. Assign responsibility for the management. So this is not a one and done project. This is a living, breathing, ongoing responsibility of someone. So someone needs to be responsible for it and constantly managing it across the admin console, but then also within the solution, someone that’s again, that’s the SME who really understands those rules and permissions. Okay. And with that, I’m going to pass this over to Dragos to talk about the user sync tool. Thank you, Kat. Now, since we all learned the roles and permissions and what you can do at the admin console level, you would probably wonder how you can streamline this from your organization down to the admin console and then to your products. Now synchronizing users from the LDAP into admin console can be achieved using different methods. I mean, to name a few, I would say the basic one, which is manual user individually. So you go to the admin console and you add one or multiple users in a manual manner. Then you can do them in bulk still at the admin console level if you want, but using bulk CSV import, just a remark on that one, you have to be careful. If you’re bringing a user, you’re not updating a list of existing one, you’re just bulk CSV import them. All the configurations that are found into your CSV file will override any existing configuration that exists in the admin console. So as a rule of thumb, just download the existing structure of your users, do a little bit of sanity check and clean up, remove the users that should not be updated and then add or do the modifications that are needed for the existing users and also append the ones that should follow next. The third option that might be available to you would be Microsoft Azure Sync or Google Federation Sync. Those are tools and apps that are coming with the solution just mentioned. You just have to configure them from within and then the process should bring automatically the groups, if you have them, down to the admin console. And the one that we’re going to talk about it today, which is User Sync tool. Now User Sync tool automates the provisioning of user identity and product access in the admin console. It operates by reading user information from one identity source and using configured rules, it creates accounts for users who need 51ºÚÁϲ»´òìÈ product access and assigns the needed products to these users. It also manages full lifecycle of 51ºÚÁϲ»´òìÈ users. If configured, it can update user information, group membership and of board users who no longer require access to 51ºÚÁϲ»´òìÈ products and services. To simplify it a bit, it can be configured to synchronize a list of groups from your LDAP directly into the 51ºÚÁϲ»´òìÈ admin console, offering the possibility of leveraging role-based access control. Potential sources for this would be either your LDAP system, like your Active Directory, another admin console, an Okta system, and also a CSV file. The key benefits of User Sync tool would be the ability to create new federated accounts when the users are placed into the right groups that are part of the synchronization. You can also update account information on certain fields in the directory when they change, when they are changed. Then you can update user groups for specific people. The accounts can be removed also from the admin console. In there you have two options. You have the option to remove and also to delete. You really need to be careful with these options because by default User Sync tool configuration is set to look into the whole organization. What that means is 51ºÚÁϲ»´òìÈ IDs are ignored, but federated IDs are not. You can have federated IDs coming from your organization, but you can have our accounts, if you add them right now, they will still show up as federated IDs. The risk is we’re going to do a comparison against the list of federated IDs found into your org against the one in your LDAP. The ones that are extra into 51ºÚÁϲ»´òìÈ admin console, they will get to be removed. So you need to be careful how you configure your User Sync tool configuration because in there you have the option to exclude by groups, by email addresses, by domains. I mean, it’s quite flexible, but you need to be aware of it. And also all the actions that you can do with it today, I would say that it helps you streamline the process of role-based access control config by placing set users into specific groups, which grants specific access to products that are part of their role. Now bear in mind about the above mentioned limitation in regards to the number of product profiles that could be associated to the group, which is 14 as of today. Now a little bit about User Sync tool. It is a Python-based self-contained command line application. It doesn’t rely on any dependencies. It can basically run on a terminal or you can run it from a script. It runs on both windows or specific linear distributions. That being said, you can have it hosted in a virtual machine or a Docker container inside your network for easy access to your Active Directory. Doesn’t need much resources to be honest. The Sync is unidirectional, having a read-only access to your LDAP for safety reasons mainly. Ideally, you will have it running based on a scheduled task or on windows or a cron job on Linux. The frequency would be something that you will have to agree with. I don’t know, something from one hour would be good enough for start. How can it be configured? Well, the first step implies for you to create a directory trust between your IDP and 51ºÚÁϲ»´òìÈ Admin Console. Part of that process or separately, you can also add one or multiple domain names and validate them either with the help of your IDP configuration or using a DNS TXT record. Because you do the integration between User Sync Tool and Admin Console, so we look on the other side. To do that, you go to the Developer Console and create an integration for user management API as a service to associate with the project. Once that’s done, you can get the credentials that are needed by the configuration. Now there is also an option to use, which we call Zero Touch Administration. That gives flexibility to your company and empowers your users. Once the process is created for a specific product, a link can be shared within the organization or team and user can start using it. The advantage of that solution that brings is that you don’t have to create the account in the admin console, you have to place the people into any group. The process itself allows automatic account creation and also the people will be placed in the right groups, inheriting the right permissions to the right products. Those are options that could, in the end, you can also filter the number of users that could use into your organization, because maybe you would want to broadcast it in your organization, but only some departments will have access to it. In order to limit the access to specific users in your organization, you can use automatic assignment rules. There are some prerequisites to that configuration before you’re able to enable it. So you need to read the documentation and make sure that this process actually suits you. Now going further down, we managed to bring the users from the Active Directory into 51ºÚÁϲ»´òìÈ admin console. And what would be next? Well, if your organization has a rather complex structure composed out of multiple orgs, those orgs can have a security requirement of leveraging federated login, or maybe there are some product requirements which enforces federated logging to be used. An integration with your IDP is bound to that org alone, and a domain name is bound to that directory. That means if you have the need to use federated identification with any other orgs, you will need to find a way to make that work. To keep things rather simple and to give companies greater flexibility and granularity on how the products are managed, we’ve created global admin console. In a nutshell, global admin console acts as an organization’s central management hub, and it can be seen as feature or add-on rather than a transformation. With global admin console, creative cloud resources can be distributed across multiple orgs, even though they were licensed in one or other specific ones. We cannot say the same thing about experience cloud products. Those are kind of bound to the org where they were assigned. In most cases, they cannot even be moved from those orgs, even if you have to. Can we use global admin console in this case? I mean, the answer is yes, we can. I mean, global admin console does not replace or change any functionality of the existing orgs when they adhere to this structure. It orgs like a hierarchy where the main org, which we call it root org, sits on top of the pyramid and the rest can be easily structured as child orgs. This feature has no cost and it will see it in a few minutes and how rather simple it is to request it. What can you do with it? There are a list of actions that you can perform with global admin console, and I’m going to show you in a little bit what exactly I’m talking about. But to mention a few, I would say you can delegate system admins to other orgs, create an extra organization, rename them, distribute creative cloud resources among different organizations, restrict visibility. Basically every org see the only list of user groups and product profiles within, and they have no extra visibility outside of it. So you can silo them if you want to. You can create, edit, and delete product profiles. Same thing goes about the user groups, including the existing ones that were created previously by the child org. You can export and import information about your organization structure, and you have like three types of exports, including YAML. This is also a good way to back up the current configuration before a major change. And the most interesting one for the experience cloud world would be group projection or group sharing. Now how would you request it? In order to request global admin console, we recommend to check inside your organization if you have either multiple admin console that need to be grouped under one structure, sharing the resources, or you have the need to split the console for siloed administration. You are in need of using an IDP across all the organization and you want to streamline the process. And last but not least, you are managing multiple contracts in different orgs. There are not mandatory requirements, by the way, rather than reasons for which you could really benefit from using global admin console. To be honest, there aren’t many downsides of using it and enable it to come with zero risk, especially in the experience cloud section. Now what do you need to do to request it? The main condition would be for you and the people that should be part of the request to be system admins in the org that will become the root org. Usually that’s the org where the IDP is configured. From that org, you open up a support ticket technically for admin console. Now we are in the process of migrating the support system and I believe that in the new one, there is no admin console as a product. Just open up a ticket under any eligible product that you have in your org and ask for global admin console. Besides asking, you need to fill in some details in the template shape, which would have the following details. Customer name, org ID, the one even though you’re opening from it, we still ask for it for validation. Org name as it is right now. And the global admins that will become obviously global admins in the structure of first name, last name and email address. Optionally, you can mention if you want your technical account manager or customer success manager that takes care of your account. Regarding the constraints, there are a few and I would like to mention them. The max depth of nesting orgs is five. That means you can create root org, child one, child two, child three, child four, all chained together. You cannot create a child five, so you can go as deep as five iterations down. You can create siblings and as far as I’m aware, there might not be a limit. Although imagine that every object that you create in that hierarchy represents an organization. So I mean, you really have to have that granularity if you want to create that many. Maximum path name length would be 255 characters, including slashes. So that means when you create, just imagine it as the URI path in a link, right? So you have slash root org, then child one, child two, child three, child four, all delimited by slashes. All the strings that are composing this URI should not surpass 255 characters. The org name itself has a limit of its own. It’s between four characters, so you have a minimum limit and 100. Or path name is unique, but you can have the same org name in your organization as long as they’re not siblings. So if they’re not sitting in the same, they don’t have the same parent, you can easily name them in the same way. You can share a group from, I mean, group projection. It’s another feature. Works exclusively between parent and children or lower actually. So from the root org, you can share with every other org, but if you have a group projection from a child organization, you can do that only against the lower orgs. You cannot share it with a sibling or with the parent. Now let me try to actually show you a little bit what I’ve been talking about. Okay. I hope you can all see my screen. Now I’m working on a stage environment. I might have features that do not exist. I really hope it will not be the case. I’m trying to keep it simple. Now this is my sample org, and inside it, I created a structure in which I create APAC, GEMEA. All of these are orgs. So if you look at it, you have an org ID in here and another one once I move around in here, so on and so forth. As of right now, I don’t believe I created any groups. No, I do have one. Let’s add another group. So from the root org, I can create another, let’s say, group. Now that I created this group, bear in mind that the group is not actually created. Every modification, every change that I’m doing in the global admin console has a review process. Basically, I need to go to review pending changes, evaluate the changes that I’m planning to do, and approve them. If I don’t do that, the changes are not permanent. Now let’s assume that I want to share this group to another org. I can select the group that I’m planning to share it. I’m asked again about it. And then I get to choose basically every org that I have underneath me to share those groups. Let’s say that I’m going to go only with this. Again, nothing happened. The changes are actually pending in review. Let’s create another org if I want to. Oh, by the way, there’s another interesting feature that I might have not mentioned. You can rename the orgs right now. So you have this tiny pencil in here, and you can actually change the name of the country. I’m going to leave it like this. And right now, it’s another pending action on my plate. If I want to create an org, you can also do that. This is a self-service, and you can create it quite rather easily. You just select where you want to create it, and you just, I don’t know. I’m going to create another country just to show that actually you can actually have the same name on different orgs in the same structure. The only thing that you cannot do, you cannot create another country as a sibling for the same org. Oh, wait. I actually went. I said below. Yeah. So it says that already exists at the same level. This is the problem. We’re going to leave them like that. I’m going to review the pending changes. Right now, I have all these action pending for me, and I’m going to submit them. I got to tell you that sometimes it takes some seconds. Sometimes, it takes a little bit longer. When it comes to sharing groups and distributing with a lot of users, it might take a little bit longer until you see them. Now, from this place, actually, you can go and open up the admin console of the set orgs. So right now, I shared one of the groups, if I remember correctly, with this company, which is group created in country one. And if I am opening the admin console, if I have the right permissions, I get to see it. This is your regular admin console. So basically, if you do not have a global admin console, you will still see exactly what you’ve seen before. The only thing that actually makes a difference, let me remember which one was it, country. Okay. This one.

The only thing that will differ once I get to log in, you’ll see a tiny structure of the left upper side of the page. So basically, in here, you can see a little bit of ramifications. And this is the so-called URI that I’ve been mentioned. So you have ACME-DV, EMEA, country. This is the path that I was talking about. Now, let’s assume that you did a mistake and you want to undo some of the things, right? So I shared the group a little bit earlier and I want to remove it. Let’s go with this. I get, again, to manage it. And I say, I want to either rethink or revoke the access to it. And here you have two interesting options. So one actually does a proper cleanup. It removes the groups and deletes the users and everything. The other one, it just revokes the shared group. So it breaks the link between the org that shared the group and any other groups that are, any other orgs that are part of the synchronization and leaves the group intact with the users inside. I would go with this one. I would like to mention that usually in production, when you have users in groups shared with actual people, even though you see the action as being completed in here, it might take up to five minutes until you see it. It takes a little bit of time until you manage to finalize the process. By the way, you can also delete orgs. This is another interesting thing. As long as I don’t have any dependencies. Okay. So I have a shared group with it. I just deleted earlier. Now, obviously, it takes a little bit of time until I manage to do it. I haven’t done anything with channel country of country. Let me try to delete this one. Okay. So the problem is, I mean, there is no problem with it, but there is a warning saying that it cannot be undone and all the resources will be moved back to the Creative Cloud. And all the users that had access to it, obviously, they will stop having access. Also, the assets created for those users will be deallocated from those users and they will not be accessible by them. Since you are running on the enterprise storage model, you get to recover them. But I mean, it will not be a really easy process to do it. As mentioned before, even though I did this, it’s still a pending task and I have to submit it.

As mentioned before, if you want to share a group, let’s say you do a group projection in here.

First, I’m creating it and I want to share it. I’m able to share it only with the ones that are underneath me. So basically, I get to share it with country. I mean, the second one, I’m not going to try to do it because it’s already pending on delete. You will not be able to share it from APAC to EMEA or any other child of children from EMEA branch. You get to share it with country. You get to do it only under your branch. So you need to design your structure in such a way that obviously it suits your purpose and it kind of overcomes the limitation that I’ve been mentioning.

I guess this is it from this point. I would say that that concludes the conversation regarding User Sync Tool and Global Admin. If you have any questions, please feel free to contact me. If you need support on any specific topic, don’t hesitate to contact us. If you have an active ultimate success or premier support contract, reach out to one of your technical account managers or customer success managers and you can engage us if you need support. Thank you.

Thank you guys so much. I’m going to launch a quick poll for feedback. It’s just two questions. If everyone could take their time to please give us a response, that would be much appreciated. But I’m going to go ahead and keep it open for a few more minutes in case Catherine and Dragos, if there’s anything in the Q&A that you’d like to speak to.

It looks like everything was well-handed through the Q&A and chat pod, but let us know if there’s anything else that you want to add on to what was discussed there. All right. Well, thank you everyone for your time today. We’ll send out the recording and a copy of the presentation to everyone who’s registered. Have a great rest of your day.