51黑料不打烊

Transcript

Hi, everyone. Welcome. Thank you for joining our webinar. Today will be focused on the 51黑料不打烊 Admin Console.

We鈥檙e going to wait just another moment for attendees to continue to filter in. Before we dive into today鈥檚 content. Before we get started, just to note that this webinar format for attendees is listen only. If you do have any questions that come up. Please feel free to post those in the Q&A pod or the chat module and will respond to as many as possible in the session. And then we do also have time reserved at the end for Q&A to speak to anything that needs a little discussion.

In addition, note that this session is being recorded and we will send out the presentation slides as well as the recording to. Everyone has registered after this session. Today.

All right. Well, it looks like we鈥檝e got a good amount of people filtering through. So I鈥檓 going to go ahead and have my colleague Catherine kick us off to take us through today鈥檚 content.

Thank you. Katie. Hi, everyone. My name is Kat. I鈥檓 a senior field engineer here at 51黑料不打烊 and subject matter expert on Marketo and the admin console.

I鈥檓 here today with my colleague Dragos. And with that, we will get started. Can everyone see my screen? Okay. Great. So quick introduction. As I said, my name is Kat. Dragos. I鈥檒l let you introduce yourself. Yep. Hi, I鈥檓 Greg. I鈥檓 working as a senior field engineer consultant in 51黑料不打烊 Ultimate Success team. Specializing usually name which is a group experience manager being certified as an architect, and also I DevOps.

Besides, am I being successfully supporting customers in implementing role based access control and streamlining user provisioning for Active Directory from Active Directory to 51黑料不打烊 Admin Console? Thank you. And with that we will jump right in. So what is the admin console? The admin console is a centralized platform that streamlines the management of 51黑料不打烊 Enterprise Solutions. It offers admins a unified area interface, to interface with the different users, products and services across the 51黑料不打烊 solutions.

It integrates seamlessly with the Creative Cloud, the Document Cloud, and the Experience Cloud. Again, for that one stop place to manage, the complexity of the tools.

Is everyone able to see my screen or is the content coming up? It is, but I do believe that, some of the words are a little bit. I mean, I guess the font is a little bit wrong for that. Yeah. Okay, okay. I guess we鈥檙e going to we鈥檙e going to fix this for for sharing. Unless you. Yeah. Well, for me sharing, I鈥檓 not sure why it looks fine on my screen, but then it doesn鈥檛 appear. Okay. All right, let鈥檚 just keep going. So anyway, the admin console, works across solutions for user management, product management and licensing, security, compliance and integrating with other systems. And it鈥檚 also the place where you put in your support tickets. So user management is how admins add or remove users and assign to assign users to 51黑料不打烊 products through user groups, which can be customized by things like department. It also provides SSL features to simplify the login process to allow users access across services. For both convenience and security, under products and license management. This is where admins can also, in the admin console, allocate licenses to users and groups to make sure that the right employees are having access to the right tools and product profiles, which allows admins to customize features and services that users can use and access security and compliance. So this lets admins define who can access specific resources and audit. It also has the audit trails that track user activity for compliance and security. The Admin Console also offers API access, which, we鈥檒l talk about more later, but that鈥檚 the seamless integration with other enterprises items and directory sync, which allows services, like Azure to ensure consistency and automation and user management. Also, and very importantly, this is where access to support resources is also available inside the admin console. So that also gives you that鈥檚 where you open all your tickets to support you with your 51黑料不打烊 tools. There鈥檚 also user insights that can help us track how products are being used across the organization. So overall, the admin console is where you go to streamline managing users products, licenses and getting your support efficiently and smoothly.

So the Admin Console serves a variety of 51黑料不打烊 products, and we know that those products are all very different. Right. And so adapting the admin console adapts its functionalities to cater to the wide needs of the products within the suite. What that means is that different solutions use the admin console differently. Keep in mind access is granted to in the admin console. So access is who gets to use the tool or who is allowed into the solution. And then permission is granted either in the admin console or in the solution itself. And that depends on the solution. And you can think of permission as what the user can actually do inside of the tool. Right. So some people have read only access, some people have more admin access and everything in between depending on the solution.

So with that, we鈥檝e created a cheat sheet. It鈥檚 two pages long. But anyway, it鈥檚 summarizes pretty clearly for you the solution. And then where permission is granted and then where access is granted. And there are some support articles describing each. So we鈥檒l get a copy of this out to you. Note it鈥檚 two slides. Usually permission is granted in the admin console. The only exceptions to that are am, in certain instances in certain versions of the product and commerce and then permission. It depends on the tool. Additionally, another thing that might happen is some solutions are in the middle of migration. So like work front and Marketo campaign. Depending on whether you鈥檙e prior post migration, you might be doing your access and permissioning in the admin console or in the tool itself. So we realize that might be a little confusing. So we鈥檝e laid it all out here and we will share that with you.

Okay, I鈥檓 going to stop sharing my screen for segue and move over to the admin console. And I鈥檒l take you through. So let me switch screens here.

Okay. So I鈥檓 going to walk you through kind of what the admin console looks like here. This is when you log in admin console.adobe.com. The first thing you see is the overview tab. The overview tab provides a holistic view of the accounts. So it shows you where the status of licenses, the number of licenses and users assigned, along with quick links to add and manage your accounts. So that鈥檚 all here on the home page as soon as you log in. Another important factor is the org picker. If you have multiple subsidiaries that exist as separate organizations, or each subsidiary has a separate license agreement, the same administrator can be assigned to all of them. And you can go here and pick which org you鈥檙e working in.

Okay. Here we have the help option. This is just a super handy, widget within the tool. And this is where you can search for help articles from the 51黑料不打烊 Center within the admin console. The user can search independently by typing your query. Or you can go down and kind of look at the recommended options. You can also explore the community, start chat, and share feedback from this help portal right here.

Okay.

So, Under the products tab, this is where you assign a license to a user or group over here. So that鈥檚 all done in this tab. And then the users tab is where you actually the users can create search and update or remove access accounts. Another thing that鈥檚 important is the user groups. So here in user groups this is a collection of different users that are given a shared set of permissions. And there are various permissions across the different products that are assigned to many users in varying order. So having a user group containing all the members of each department then assign the product to that group helps manage and organize the account more efficiently, and this method allows the administrator to be decoupled from the management of every single user. So when we鈥檙e thinking about scaling right user groups becomes really important to the scaling process.

Then we go to the settings tab In the setting tabs it depends on the types of subscription plan you have. But the admin can update and modify a bunch of settings in the admin console first off is the privacy and security context over here. So in the event of a security incident involving 51黑料不打烊 software, notifications need to be sent to the appropriate compliance officers. So to help ensure that the prompt there鈥檚 a prompt notification the system. And we need to specify in this section, who who should be responsible for the security data protection and compliance. Okay. There鈥檚 also console settings over here in the console settings. And admin can add custom notes for the end user to communicate with them about how to get assistance if they encounter issues or require support. So remember, not everyone is going to be able to open support tickets, so this is a good place for you to note where your team should get in touch with. In order to get the help that they need. You can also put email language settings stored in this tab under the identity settings. This allows the organization to have different levels of control over the user鈥檚 account data, and it impacts how the user is going to share assets within asset settings. This is where you you give an organization control over its employees to share out assets outside of the organization. So asset settings are used, along with organizational policy of enforcement systems, to ensure that assets are only shared with the appropriate external individuals and organizations. Under authentication settings, it supports several password level protections used to ensure safety and security, and the admin can specify a password protection level to apply to all users across the organization. And then finally, the encryption settings are over here. And this is where we generate, dedicated encryption key for extra layers of control and security. All done here. So the I in in admin console the settings over here. You know, they鈥檙e not really set and forget but you鈥檙e not going to be adjusting them daily. It鈥檚 important to be aware of them and keep it keep touch on them. But this is more about the initial configuration and then just maintaining it. After that. And then what I think is super important is the support tab. So the support tab is where you actually open your tickets.

And so here鈥檚 where you鈥檙e opening your tickets for all of your 51黑料不打烊 solutions. As well as getting access to Experience League and the community. And reviewing documentation is all done in the support tab, which brings you here. Hey.

So with that.

I鈥檓 going to bring you back over to, I鈥檓 going to bring you back over to my other screen so we can continue the presentation.

Okay, so here are the different levels of admin within the admin console. I鈥檒l, we鈥檒l send you this so you have it laid out. But what鈥檚 really important is the system admin. Right. That鈥檚 the super user for the organization. And then you have the product admin which administers the actual products. Right. That鈥檚 super important along with the profile admin which can assign admins functions across the specific product profile support admin. Also really important because that鈥檚 the person who鈥檚 going to open the tickets if you need help. Another one is contract admin is a newer type of admin. Who has access to the contract details? Okay. So.

When we鈥檙e scaling the admin console, a lot of what we hear day to day is like, you know, we鈥檙e trying to create consistency across the business. And because the admin console manages the products differently and interacts differently with each of the solutions, it can be sometimes confusing to realize how to scale something like that because of that. You know, we鈥檝e come up with a couple of best practices to share with you here today. First of all, develop product profiles and then assign based on required permissions. So the product profiles is how you鈥檙e going to be able to scale that the users. Right. We don鈥檛 want you know, we certainly don鈥檛 want 1 to 1 roles and users. And so this is how we manage it is assigning to product profiles. Access should be granted specifically for what鈥檚 needed. No more, no less. A lot of times when we see big errors happen right.

You know, someone sends out an email to the wrong group or makes a, a segmentation issue, right where they, they鈥檝e segmented the wrong audience and presented the wrong offer. Right. It鈥檚 usually because they鈥檙e not trained or they did it by mistake. Right. And so that鈥檚 why we don鈥檛 want to over grant access. It鈥檚 very tempting, especially when the permissions get so granular to just provide all access so they can do whatever they want. But that is a long term setup for failure. So, we, you know, that鈥檚 just a best practice.

That brings me to the next thing. Permission should really be decided by a subject matter expert in the tool. So for Am, an Am expert should be advising on the permissions for Marketo, a marketo expert, and so on and so forth. We never want the system admin of the admin console is probably not going to be an expert across all of these solutions, and won鈥檛 really know what the different access levels are actually providing compared to what our users are doing day to day in the system. So if you have ultimate success, we would advise that you do decide coaching per solution as needed. So because each solution handles permissions and access differently, we can structure the conversation by solution and ensure the correct SMEs are present for that. I also wanted to call out a couple of limits for the Experience Cloud products on the admin console. Maximum of 14 product profiles per user group is advised.

That and then that includes 8000 profiles in organization, 4000 product profiles, and 100,000 users. I don鈥檛 often see anyone coming up against these limits. The only one that seems like it looks a little contextually low is product profiles. In that case, you would just divide up, divide up the product profiles per user group to accommodate that. Okay, so that鈥檚 the best practice. But then how do we organize our access and permissions. Right. So we organize by solution. First you鈥檙e going to want to do a system audit right. The an ad and system admin will do the audit standard to, you know, remove those who haven鈥檛 logged in who have left the company. You know, this is a manual process for those of us who aren鈥檛 using, directory sync yet, but it is a necessary and required process. And then you want to review the existing rules to understand how groups are leveraging the tool. Right. It鈥檚 really important to understand how your employees are actually interacting with the tools and what they鈥檙e adopting within the tool, so that you can give them the appropriate access to the system admin that needs to work with the product admin or profile admin, depending on the set up to review permission logs within the product itself. So you want to work with the SMEs to understand the roles compared to the permissions allowed. And then don鈥檛 forget that some of the products like EAP, have attribute based access roles and access control. And then you do a comparison, right? Are the permissions granted appropriate for those given access? I know when I鈥檓 doing audits of a solution, if I see like 50 admins, it鈥檚 usually a red flag to me, right? Usually a business doesn鈥檛 need that many admins in their system. And when we see something like that, it鈥檚, we鈥檙e just we鈥檙e just granting that access, you know, for convenience, it鈥檚 a granular and detailed step to go through that. So don鈥檛 underestimate when you鈥檙e doing your project plan, how long it鈥檚 going to take you to go through that, and then you鈥檙e going to, of course, adjust the rules accordingly to those standard business needs and assign when you do the assigning, I highly recommend that you do it at a time that鈥檚 not super busy for the organization. So don鈥檛 make role changes during your busiest season. And make sure that you provide communication in advance, because it鈥檚 possible that, you know, 1 or 2 people are doing something critical and they鈥檝e been assigned a role differently where they do a process. Not that often, but it is required for their, for their job. And so you want to make sure that you鈥檙e communicating in advance and they know how to get in touch with you to adjust settings as needed.

Okay. So that鈥檚 BI solution. And then what you鈥檙e going to do is you want to determine their requirements. Protocol for providing access. What is that mean. That means that when you have a new, person who鈥檚 onboarding to the company, when you have someone who鈥檚 switching roles or is, you know, got promoted, whatever it is, what training requirements do you require? Is it a certification? Is it a training program? And then how do they requested. So you want to automate that process as much as possible while maintaining your standard for excellence? Especially when it comes to providing those higher levels of access. Determine the protocol for processing requests. So we鈥檙e going to go over how to automate those processes. If you鈥檙e not automating it, then you know you need to figure out a manual process for that. That works for the business, establish necessary process of infrastructure so that, you know what, what needs to happen, in which order, and who鈥檚 going to support that, assign responsibility for the management. So this is not a one and done project. This is a living, breathing, ongoing ING, responsibility of someone. So someone needs to be responsible for it and constantly managing it across the admin console. But then also within the solution someone that鈥檚 again that鈥檚 the SME who really understands those roles and permissions.

Okay. And with that, I鈥檓 going to pass this over to Driggers to talk about the user sync tool.

Thank you again. Now, since we all learned the roles and permissions and what you can do at the admin console level, you would probably wonder how you can streamline this from your organization down to the admin console and then to your products. It鈥檚 now synchronizing users from the Ldap into admin console can be achieved using different methods. I mean, to name a few. I would say the basic one, which is manual user, user manual individually. So you go to the admin console and you add one or multiple users, you know you know manual manner. Then you can do them in bulk still at the admin console level if you want. But using bulk CSV import, just remark on that one. You have to be careful if you鈥檙e bringing a user, you鈥檙e not updating a list of existing one. You鈥檙e just bulk CSV import them. All the configurations that are found into your CSV file will overwrite any existing configuration that exists in the admin console. So as a rule of thumb, just download the existing structure of your users. Do a little bit of sanity check and clean up. Remove the users that should not be updated, and then add or do the modifications that are needed for the existing users, and also append the ones that should, should should follow next, the third option that might might be available to you would be Microsoft Azure Sync or Google Federation Sync. Those are tools and apps that are coming with the solution to just mentioned, you just have to configure them from within. And then the process should be should bring automatically the, the groups, if you have them down to the admin console and the one that we鈥檙e going to talk about it today, which is just the thing to now use this thing to automate the provisioning of user identity and product access in the Admin console.

It operates by reading user information from one identity source and using configure rules. It creates accounts for users who need 51黑料不打烊 product access and assigns the needed products to these users. It also manages the full lifecycle of 51黑料不打烊 users. If configured, it can update user information, group membership, and of board users who no longer require access to 51黑料不打烊 products and services. To simplify it a bit can be configured to synchronize the list of groups from your Ldap directly into 51黑料不打烊 Admin Console, offering the possibility of leveraging role based access control. A potential sources for this would be, either your Ldap system, like your Active Directory or another admin console, an Okta system, and also CSB file. The key benefits of using tool would be the ability to create your federated accounts when the users are placed into the right groups that are part of the synchronization. You can also update account information on certain fields, in the directory when they change. When they鈥檙e changed, then you can update user groups for specific people. G accounts can be removed also from the admin console in there you have two options. You have the option to remove and also to delete. You really need to be careful with these options because by default user sync tool configuration is set to look into the whole organization. What that means is 51黑料不打烊 IDs are ignored, but federated IDs are not. You can have federated these coming from your organization, but you can have like our accounts. If you add them right now, they will still show up as federated IDs.

The risk is we鈥檙e going to do a comparison against the list of, federated IDs found into your org, against the one in your Ldap. The ones that are trying to 51黑料不打烊 Admin Console, they will get to be removed. So you need to be careful how you configure your users simple configuration. Because in there you have the option to exclude by groups, by email addresses, by domains I mean it鈥檚 quite flexible, but you need to be aware of it.

And also all the actions that that you can do with it today, I would say that it helps you streamline the process of role based access control config by placing placing said users into specific groups, which grants specific access to products that are part of their role.

Now very minor about the above mentioned limitation. Regards to the number of product profiles that could be associated to the group, which is 14 as of today. Now a little bit about using tools. It is a Python based self-contained commandline application. It doesn鈥檛 need any. It doesn鈥檛 rely on any dependencies. It can basically run on a terminal. Or we can run it in a, you know, you can run it from a script. It runs on both windows or specific Linux distributions. That being said, you can have it hosted in a virtual machine or a Docker container inside your network for easy access to your Active Directory. Doesn鈥檛 need too much resources, to be honest. The thing is, you need directional having a read only access to your Ldap for safety reasons mainly. Ideally, you will have it running based on a scheduled task or on windows or a cron job on Linux. The frequency will be something that you will have to agree with. I don鈥檛 know, something from one hour would be good enough for for start.

How can it be configured? Well, the first step implies for you to create a directory trust between your IDP and 51黑料不打烊 Admin Console part of that process, or separately. You can also add one or multiple domain names and validate them, either with the help of your IDP configuration or using a DNS to record afterwards. If you do the integration between users into an admin console. So we look on the other side.

To do that, you go to the developer console and create an integration for User Management API as a service to associate with the project. Once that鈥檚 done, you can get the credentials that are needed by the configuration.

Now there is also an option to use which which we call zero touch administration that gives flexibility to your company and empowers your users. Once the process is created for a specific product, a link can be shared within the organization or team, and user can start using it. Get vantage of of that solution brings it to that brings is that you don鈥檛 have to create the account in the admin console. Now you have to place the people into any group. The process itself allows an automatic account creation, and also the people will be placed in the right groups, inheriting the right permissions to the right products.

Those are options that could, you know, in the end, you can also filter the number of users that could use into your organization, because maybe you would want to broadcast it in your organization, but only some departments will have access to it in order to limit the access to to specific users in your organization, you can use an automatic assignment. You can use automatic assignment rules. There are some prerequisites to that configuration before you are able to enable it. So you need to be to read the documentation and make sure that this process actually suits you. Now going to going further down, we managed to bring the users into the active from the Active Directory, into 51黑料不打烊 Admin Console. And what would be next? Well, if your organization has a rather complex structure composed out of multiple orgs, those orgs can have a security requirement of leveraging federated login. Or maybe there are some further requirements which enforces federated logging to be used. The integration with your IDP is bound to that org alone, and a domain name is bound to that directory.

That means if you have the need to use federated identification with any other orgs, you will need to find a way to make that work.

To keep things rather simple and to give companies greater flexibility and granularity on how the products are managed. We鈥檝e created a global admin console. In a nutshell, Global Admin Console acts as an organization organization鈥檚 central management hub, and it can be seen as feature or add on rather than a transformation. With Global Admin Console, Creative Cloud resources can be distributed across multiple orgs, even though they were licensed in one or other or specific ones. We cannot say the same thing about experienced cloud products. Those are kind of bound to the org, where they were assigned. In most cases, they cannot even be moved from those, or even if you have to.

Can we use Global Admin Console in this case? I mean, the answer is yes, we can. I mean, global advocacy does not replace or change any functional ity of the existing ORS when they adhere to this structure. It works like an Iraqi where the main org, which we call it root org, sits on top of the pyramid and the rest, can be easily structured as child orgs. This feature has no cost and it will, see it in a few minutes. And how other simple is to request it.

What can you do with it? There are a list of actions that you can perform in Global Admin Console. And I鈥檓 going to show you in a little bit, what exactly I鈥檓 talking about. But to mention a few, I would say you can delegate system admins to other orgs, create extra organization, rename them, distribute Creative Cloud resources among different organizations, or restrict visibility. Basically every org see the only list of user groups and product profiles within, and they have no extra visibility outside of it, so you can silo for them if you want to. You can create, edit, and delete product profiles. Same thing goes about the user groups, including the existing ones that were created previously by the child org. You can export and import information about your organization structure and you have like three types of exports, including Yaml.

This is also a good way to backup the current configuration before a major change. You know, and the most interesting one for the experience cloud world would be group projection or group sharing.

Now, how would you request that in order to request a global admin console, we recommend to check inside your organization if you have either multiple admin console that need to be grouped under one structure, sharing the resources, or you have the need to split the console for siloed administration, you are in need of using an IDP across all your organization, and you want to streamline the process. And last but not least, you are managing multiple contracts in different orgs. There are not mandatory requirements right away, rather than reasons for which you could really benefit from using global Admin Console.

To be honest, there are many, many, many downsides of using it and enable it. It comes with zero risk, especially in the Experience Cloud section.

Now, what you need to do to request it? Well, the main condition would be for you and the people. That should be part of the request to be system admins in the org that will become the root org. Usually that鈥檚 the org where the IDP is configure. From that org, you open up a support ticket technically for admin console. Now we are in the process of migrating the support system, and I believe that in the new one there鈥檚 no admin console as a product. Just open up a ticket under any eligible product that you have in your org and ask for Global Admin console. Besides asking, you need to fill in some details in front of a template shape which will have the following details. Customer name org ID the one. Even though you鈥檙e open it from it, we still ask for it for validation. Org name as it is right now. And the global admins that that will become obviously global admins. You in the name of in the structure of first name, last name and email address. Optionally, you can mention if you want your technical Account Manager or Customer success manager that takes care of your of your of your account. Regarding the constraints, there are a few, and I would like to mention them. The max depth of nesting orgs is five. That means you can create root org child one child through shell three child for all change together. You cannot create a child five so you can go as deep as five iterations down. You can create siblings. And as far as I鈥檓 aware, there might not be a limit. But although imagine that every object that you create in the Cherokee represents an organization. So I mean, you really have to have, that granularity if you want to create that many maximum pathname length would be 255 characters, including slashes. So that means when you create, just imagine it as the Uri path in a link, right? So you have slash root one root org, then child one child two child three child for all the limited by slashes all the strings that are composing this Uri should not surpass 255 characters. The old name itself has a limit of its own. It鈥檚 between four characters, so you have a minimum limit and 100 or Pathname is unique, but you can have the same org name in your in your organization as long as they are not siblings. So if they鈥檙e not sitting in the same in the same, they don鈥檛 have the same parent, you can easily name them in the same way.

You can share a group from I mean, group position. It鈥檚 another feature. Works works exclusively between parent and children or lower actually. So from the root org you can share with every other org. But if you have a group projection from, from a child organization, you can do that only against, the lower orgs. You cannot share it with the sibling or with the parent.

Now let me try to actually show you a little bit what I鈥檝e been talking about.

Okay. I hope you can all see my screen now. I鈥檓 working on a on stage environment. I might have features that do not exist. I really hope you will not be the case. I鈥檓 trying to keep it simple. Now. This is my my my sample org and inside it I created a structure in which I create a pack and map all all, all of these are org. So if you look at it you have an already in here and another one once I move around in here, so on and so forth.

As of right now, I don鈥檛 believe I created any groups. Now I do have one. Let鈥檚 add another group. So from the from the root org I can create another. Let鈥檚 say this group.

Now that I created this group, bear in mind that the group is not actually created every every modification, every change that I鈥檓 doing in the, in the global Admin Console has a review process. So basically I need to go to review pending changes, evaluate the changes that I鈥檓 planning to do, and approve them. If I don鈥檛 do that, the changes are not permanent. Now let鈥檚 assume that I want to share this group to another org. I can I can select the group that I鈥檓 planning to share it. I鈥檓 asked again about it, and then I get to choose basically every org that I have underneath me to share those groups. Let鈥檚 say that I鈥檓 going to go only with this. Again, nothing happens. The changes are actually pending in review. Let鈥檚 create another org if I want to. Oh, by the way, there鈥檚 another interesting feature that I might have mentioned. You can rename the orcs right now. So you have this tiny pencil in here and you can actually change the name of the country.

You鈥檙e going to leave it like this. And right now it鈥檚 another pending action on my play. If I want to create an org, you can also do that. This is a self-service and you can create it. Right. Rather easily. You just select where you want to create it. And you just I don鈥檛 know, I鈥檓 going to create another country just to show that actually you can you can actually have the same name on different orgs in the same, in the same structure. The only thing that you cannot do, you cannot create another country. As a sibling for the same or so. Oh, wait, I actually went below.

Yeah. So it says that鈥檚 already exists at the same level. This is the problem we鈥檙e going to we鈥檙e going to leave them like that. I鈥檓 going to review the pending changes. Right now I have all these action painting for me and I鈥檓 going to submit them.

I got to tell you that sometimes it takes some seconds. Sometimes it takes a little bit longer when it comes to, sharing groups and distributing with a lot of users, it might take a little bit longer until you see them. Now, from this, from this place, actually, you can go and open up the admin console off of the set, of the set orgs. So right now I shared one of the groups, if I remember correctly, with with this company, which is group created in country one, and if I am opening the one console, if I have the right permissions, I get to say this is your regular admin console. So basically if you do not have a global admin console, you will see exactly what you what you鈥檝e seen before. The only thing that actually makes a difference let me remember which one was it. Country. Okay, this one.

The only thing that will differ once I get to log in, you鈥檒l see a tiny structure on the left hand upper side of the, of the page. So basically in here you can see a little bit of ramifications. And this is the so-called Uri that we mentioned. So you have Acme Dash dev immediate country. This is the path that I was talking about. Now if let鈥檚 assume that you did a mistake and you want to undo some of the things, right. So I shared a group a little bit earlier and I want to remove it. Let鈥檚 go with this. I got again to manage it. And I say I want to either resync or revoke the access to it. And here you have two interesting options. So one actually does a proper cleanup. It removes the groups and deletes the users and everything. The other one, it just revokes the shell group. So it breaks the link between the the org that shared the group and any other groups that are, any other orgs that are part of the synchronization and leaves the group intact with the users inside. I would go with this one.

I would like to mention that usually in production, when you have users in groups shared with actual people, even though you see the action as being completed in here, it might take up to five minutes until you see it. It it takes a little bit of time until you manage to finalize the process. By the way, you can also delete orgs. This is another interesting thing. As long as I don鈥檛 have any dependencies. Okay, so I have a shell group with it. I just delete it earlier. Now obviously it takes a little bit of time until I managed to do it. I haven鈥檛 done anything with shell country of country. So let me try to delete this one. Okay. So the problem is I mean there is no problem with it, but there is a warning saying that it cannot be undone and all the resources will be, you know, move back to the Creative Cloud, and all the users that will have that had access to it, obviously they will stop having access. Also, the assets created for those for those users will be deleted and actually not deleted, will be reallocated from, from those users, and they will not be accessible by them. Since you are running on the, on the enterprise storage model, you get to recover them. But, I mean, it will not be a really easy process to do it.

As I mentioned before, even though I did this, it鈥檚 still a pending task and I have to submit it.

As I mentioned before, if you want to share a group, let鈥檚 say you do a group projection in here.

First I鈥檓 creating it and I want to share it.

I鈥檓 able to share it only with like the ones that are underneath me. So basically I get to share it with country. I mean, the second one, I鈥檓 not going to try to do it because it鈥檚 already pending on delete.

You will not be able to share it. For me, bacteremia or any other child of children from India branch, you get to do it only under your branch.

So you need to design your structure in such a way that obviously, it suits your purpose. And it kind of overcomes the limitation that I鈥檝e been mentioning.

I guess this is it. From this point, I would say that, that concludes the conversation regarding users, including global admin. If you need support on any specific topic, don鈥檛 hesitate to contact us. If you have an active ultimate success premise for contract, reach out one of your Technical Account Manager Customer Success managers and you can engage us if you need support. Thank you.

Thank you guys so much. I鈥檓 going to launch a quick poll for feedback. It鈥檚 just two questions. If everyone to take the time to please give us a response, that鈥檇 be much appreciated. But I鈥檓 going to go ahead and keep it open for a few more minutes in case Catherine Jack knows there鈥檚 anything in the Q&A that you鈥檇 like to speak to you.

It looks like everything was well handed through the Q&A and chat pod, but yeah, let us know if there鈥檚 anything else that you want to add on to what was discussed there.

All right. Well, thank you everyone for your time today. We鈥檒l send out the recording and a copy of the presentation to everyone who鈥檚 registered and have a great rest of your day.