Specification (Standard Name)
Neue Funktionen
Erste Schritte
- Kurzanleitung für Administrierende
- Kurzanleitung für Benutzende
- Video-Tutorial-Bibliothek
- Häufig gestellte Fragen
Verwaltung
- Übersicht über die Admin Console
-
Benutzendenverwaltung
- Benutzer hinzufügen
- Erstellen von funktionsorientierten Benutzenden
- Suche nach Nutzenden mit Bereitstellungsfehlern
- Ändern des Namens/der E-Mail-Adresse
- Gruppenmitgliedschaft von Benutzenden bearbeiten
- Hochstufen von Benutzenden zu einer Administrationsrolle
- Benutzeridentitätstypen und SSO
- Wechseln der Benutzeridentität
- Authentifizieren von Benutzenden mit MS Azure
- Authentifizieren von Benutzenden mit Google Federation
- Produktprofile
- Anmeldung
-
Leitfaden für regulatorische Anforderungen
- Barrierefreiheit
- HIPAA
- DSGVO
- 21 CFR Part 11 und EudraLex Annex 11
- Kundinnen und Kunden im Gesundheitswesen
- IVES-Unterstützung
- Archivieren von Vereinbarungen
- Überlegungen zur EU/dem Vereinigten Königreich
- Anfordern deiner Domäne
- Links „Missbrauch melden“
Senden, Signieren und Verwalten von Vereinbarungen
-
Empfangsoptionen
- Stornieren von E-Mail-Erinnerungen
-
Optionen auf der E-Signatur-Seite
- Überblick über die E-Signatur-Seite
- Öffnen der Vereinbarung, um sie ohne Felder zu lesen
- Signieren einer Vereinbarung ablehnen
- Delegieren der Signaturberechtigung
- Herunterladen einer PDF-Datei der Vereinbarung
- Anzeigen des Vereinbarungsverlaufs
- Anzeigen der Vereinbarungsnachrichten
- Umwandlung von elektronischer zu handschriftlicher Signatur
- Umwandlung von handschriftlicher zu elektronischer Signatur
- Navigation der Formularfelder
- Löschen der Daten aus den Formularfeldern
- Seitenvergrößerung und Navigation der E-Signatur-Seite
- Ändern der in den Vereinbarungswerkzeugen und -informationen verwendeten Sprache
- Rechtliche Hinweise lesen
- Anpassen der Acrobat Sign-Cookie-Voreinstellungen
- Vereinbarungen senden
-
Erstellen von Feldern in Dokumenten
-
In-App-Authoring-Umgebung
- Automatische Felderkennung
- Ziehen und Ablegen von Feldern in der Authoring-Umgebung
- Formularfelder zu Empfangenden zuweisen
- Die Rolle „Vorausfüllen“
- Anwenden von Feldern mit einer wiederverwendbaren Feldvorlage
- Felder in eine neue Bibliotheksvorlage übertragen
- Aktualisierte Authoring-Umgebung beim Senden von Vereinbarungen
- Erstellen von Formularen mit Text-Tags
- Erstellen von Formularen mit Acrobat (AcroForms)
- Felder
- Authoring-FAQ
-
In-App-Authoring-Umgebung
- Signieren von Vereinbarungen
-
Vereinbarungen verwalten
- Übersicht über die Seite „Verwalten“
- Delegieren von Vereinbarungen
- Ersetzen von Empfangenden
- Eingeschränkte Dokumentsichtbarkeit
- Abbrechen einer Vereinbarung
- Erstellen von neuen Erinnerungen
- Überprüfen von Erinnerungen
- Stornieren von Erinnerungen
- Zugriff auf Power Automate-Flows
-
Weitere Aktionen...
- Funktionsweise der Suche
- Anzeigen einer Vereinbarung
- Vorlage aus einer Vereinbarung erstellen
- Aus-/Einblenden von Vereinbarungen
- Hochladen einer signierten Vereinbarung
- Ändern von Dateien und Feldern einer gesendeten Vereinbarung
- Bearbeiten der Authentifizierungsmethode einer Empfangspartei
- Hinzufügen oder Ändern eines Ablaufdatums
- Hinzufügen einer Notiz zu einer Vereinbarung
- Freigabe einer einzelnen Vereinbarung
- Aufheben der Freigabe einer Vereinbarung
- Herunterladen einer einzelnen Vereinbarung
- Herunterladen einzelner Dateien einer Vereinbarung
- Herunterladen des Audit-Berichts einer Vereinbarung
- Herunterladen des Feldinhalts einer Vereinbarung
- Audit-Bericht
- Berichte und Datenexporte
Erweiterte Vereinbarungsfunktionen und Workflows
-
Webformulare
- Erstellen eines Webformulars
- Bearbeiten eines Webformulars
- Deaktivieren/Aktivieren eines Webformulars
- Ein-/Ausblenden eines Webformulars
- Abrufen der URL oder des Skriptcodes
- Vorausfüllen von Webformularfeldern mithilfe von URL-Parametern
- Speichern eines Webformulars, um es später auszufüllen
- Ändern der Größe eines Webformulars
-
Wiederverwendbare Vorlagen
- US-Behördenformulare in der Acrobat Sign-Bibliothek
- Erstellen einer Bibliotheksvorlage
- Ändern des Namens einer Bibliotheksvorlage
- Ändern des Typs einer Bibliotheksvorlage
- Ändern der Berechtigungsebene einer Bibliotheksvorlage
- Kopieren, Bearbeiten und Speichern einer freigegebenen Vorlage
- Herunterladen der aggregierten Felddaten für eine Bibliotheksvorlage
- Übertragen des Eigentums an Webformularen und Bibliotheksvorlagen
-
Power Automate-Workflows
- Überblick über die Power Automate-Integration und die enthaltenen Berechtigungen
- Aktivieren der Power Automate-Integration
- Kontextbasierte Aktionen auf der Seite „Verwalten“
- Verfolgen der Nutzung von Power Automate
- Erstellen eines neuen Flows (Beispiele)
- Auslöser für Flows
- Importieren von Flows von außerhalb von Acrobat Sign
- Verwalten von Flows
- Bearbeiten von Flows
- Freigeben von Flows
- Deaktivieren oder Aktivieren von Flows
- Löschen von Flows
-
Nützliche Vorlagen
- Nur Administration
- Archivierung von Vereinbarungen
- Archivierung von Webformularvereinbarungen
- Extraktion von Vereinbarungsdaten
- Vereinbarungsbenachrichtigungen
- Vereinbarungsgenerierung
- Selbstdefinierte Sende-Workflows
- Freigeben von Benutzenden und Vereinbarungen
Integration in andere Produkte
- Acrobat Sign für Salesforce
- Acrobat Sign für Microsoft
- Weitere Integrationen
- Von Partnern verwaltete Integrationen
- Erstellen eines Integrationsschlüssels
Acrobat Sign-Entwickler
- REST-APIs
- Webhooks
Support und Fehlerbehebung
Adobe Acrobat Sign includes SAML authentication for customers that desire a federated log in system.
The below document pertains to customer accounts that manage their user licensing directly within the Acrobat Sign application.
Customers that manage user entitlement in the Adobe Admin Console must follow a different process found here.
Introduction
The identity federation standard Security Assertion Markup Language (SAML) 2.0 enables the secure exchange of user authentication data between web applications and identity service providers.
When you use the SAML 2.0 protocol to enable single sign-on (SSO), security tokens containing assertions pass information about an end user (principal) between a SAML authority - an identity
provider (IdP), and a SAML consumer - a service provider (SP).
Acrobat Sign, acting as the service provider (SP), supports single sign-on through SAML using external identity providers (IdPs) such as Okta, OneLogin, Oracle Federated Identity (OIF), and Microsoft Active Directory Federation Service. Acrobat Sign is compatible with all external IdPs that support SAML 2.0.
More information on integrating with these identity providers (IdPs), can be found in the following guides:
- Enabling SAML Single Sign On for Microsoft Active Directory Federation Service
- Enabling SAML Single Sign On for Okta
- Enabling SAML Single Sign On for OneLogin
- Enabling SAML Single Sign-on with Oracle Identity Federation
You can also configure Acrobat Sign for single sign-on (SSO) with other systems already used in your organization, for example, Salesforce.com, or other providers that support SAML 2.0.
Acrobat Sign uses federated authentication as opposed to delegated authentication. Federated authentication does not validate the user's actual password in Acrobat Sign. Instead, Acrobat Sign receives a SAML assertion in an HTTP POST request. Acrobat Sign also supports encrypted assertions.
The SAML assertion has a limited validity period, contains a unique identifier, and is digitally signed. If the assertion is still within its validity period, has an identifier that has not been used before, and has a valid signature from a trusted identity provider, the user is granted access to Acrobat Sign.
A summary of the Acrobat Sign authentication specification is included in the table below:
|
Value |
Federation Protocol |
SAML 2.0 |
Federation Profile |
Browser Post |
Federation Unique Identifier |
Email Address |
Relay State |
Not Needed. Acrobat Sign has the logic to know where to point the User after they are authenticated. |
Prerequisites
To enable SSO, your corporate network must support the SAML 2.0 protocol. If your corporate network does not support SAML, contact Adobe Acrobat Sign Support to discuss other options to enable Single Sign On in your account.
Before beginning to set up SAML SSO, you must do the following:
- Claim and establish your Domain Name (For the examples in this guide, this will be rrassoc.com.)
- Claiming your Domain is a multi-step process that you should start right away
- Enable SAML for your domain using a provider such as Microsoft Active Directory Federation, Okta, Onelogin, Oracle Identity Federation, or others. You may need to open an Acrobat Sign support ticket to get your domain enabled from the backend
- Create or verify that you have an administrator account with your IdP using an email address
- If you do not have an Okta account, you can create a free Okta Developer Edition organization using this link: https://www.okta.com/developer/signup/
- If you do not have a OneLogin account, you can create a free trials account using this link: https://www.onelogin.com/ and clicking the FREE TRIAL button in the upper right corner
- (Optional) Add an additional email id for User Provisioning in both IdP and SP. This will allow you to add more users who can log in to Acrobat Sign with their SSO credentials
- (Required) Verify that you have an admin user for Acrobat Sign and an Admin user for the IdP
(Optional) Create or verify that you have an Acrobat Sign administrator account that uses the same email address as the account for your IdP (For the examples in this guide, this email address will be susan@rrassoc.com.) This will make it easier for you to administer the accounts - In Acrobat Sign, set your SAML Mode to “SAML Allowed” (See Working with the SAML Settings
for more information.)
When setting up SAML SSO, we recommend that you set the SAML Mode to SAML Allowed until the entire setup process is complete and you’ve verified it is working correctly. Once verified, you can change the SAML Mode to SAML Mandatory.
Enabling Single Sign On using SAML
At a high level, enabling SAML SSO between Acrobat Sign (the SP) and your IdP involves the following high-level steps:
1. If required (by your IdP), set up your IdP using the Acrobat Sign Service Provider (SP) Information
2. Set up Acrobat Sign using information from your IdP
3. Verify that the SAML SSO has been properly set up
Working with SAML Settings
Navigate to Account > Account Settings > SAML Settings
To view the options for User Creation, Login Page Customization, Identity Provider (IdP) Configuration, and Acrobat Sign Service Provider (SP) Information, scroll to the bottom of the SAML Settings page.
SAML Mode Settings
In Acrobat Sign, there are three SAML Mode options and one additional option that works with the SAML Mandatory option.
- SAML Disabled—Disables SAML authentication for the account. When selected, the rest of the SAML configuration page becomes inaccessible.
- SAML Allowed— This option allows users to authenticate to Acrobat Sign by both SAML and the native Acrobat Sign authentication
- SAML Mandatory—Requires that all users authenticate to Acrobat Sign with SAML SSO
- Allow Acrobat Sign Account Administrators to log in using their Acrobat Sign Credentials - When SAML Mandatory is enabled, this option allows Acrobat Sign administrators to be an exception to the SAML rule and authenticate with Acrobat Sign native authentication.
- Admins authenticated using their Acrobat Sign credentials will need to log out twice to log out of the service through the UI controls. (After a successful logout, the admin is taken to their IdP, and because they are logged in to the IdP, the admin gets redirected back to Acrobat Sign and is logged in.)
- Admins authenticated using their Acrobat Sign credentials will need to log out twice to log out of the service through the UI controls. (After a successful logout, the admin is taken to their IdP, and because they are logged in to the IdP, the admin gets redirected back to Acrobat Sign and is logged in.)
- Allow Acrobat Sign Account Administrators to log in using their Acrobat Sign Credentials - When SAML Mandatory is enabled, this option allows Acrobat Sign administrators to be an exception to the SAML rule and authenticate with Acrobat Sign native authentication.
It is strongly recommended that you set the SAML Mode to SAML Allowed until you’ve verified your SAML SSO is working as expected.
Hostname
The Hostname is your domain name. (See Prerequisites above.) When entered, your hostname
becomes part of the Assertion Consumer URL, the Single Log Out (SLO) URL, and Single
Sign-On (Login) URL.
User Creation Settings
Only the first of the two User Creation settings is directly connected with SAML Setup. The second setting pertains to all pending users, whether or not they are added as a result of authenticating through SAML.
- Automatically add users authenticated through SAML—If this option is enabled, users who are authenticated through your IdP are automatically added as pending users in Acrobat Sign
- Automatically make pending users in my account active—If the Require signers in my account to log in to Acrobat Sign before signing setting (Security Settings > Signer Identity Verification), is enabled, this setting should also be enabled. When a signature is requested from a new user, this user is created as a pending user in your account. If this option is not enabled, these users are prevented from signing agreements sent to them for signature
- Allow users who authenticate with SAML to change their email address in their profile - Enable this option to allow your users to change the email address on their Acrobat Sign profile
Login Page Customization Settings
You can customize the sign-on message that users see on the Acrobat Sign Sign In page when SAML Single Sign On is enabled.
- Single Sign On Login Message— Enter a message to display above the SSO Sign In button on the Acrobat Sign Sign In page
- Place the SAML login button at the top of the page when other login options are available - When enabled, the SSO login button will be placed above any other authentication method enabled
Identity Provider (IdP) Configuration Within Acrobat Sign
To set up most IdPs, except as noted for Okta, you must enter information from your IdP into the IdP configuration fields in Acrobat Sign.
- Entity ID/Issuer URL—This value is provided by the IdP to uniquely identify your domain.
- Login URL/SSO Endpoint—The URL that Acrobat Sign will call to request a user login from the IdP. The IdP is responsible for authenticating and logging the user in.
- Logout URL/SLO Endpoint—When someone logs out of Acrobat Sign, this URL is called to log them out of the IdP as well.
- IdP Certificate—The authentication certificate issued by your IdP.
Acrobat Sign SAML Service Provider (SP) Information
The SP information section displays the default information for Acrobat Sign. Once you’ve entered and saved your hostname and IdP Configuration information, the information in the SP information section is updated to include your hostname.
(In our example, https://secure.na1.adobesign.com/public/samlConsume
becomes https://caseyjonez.na1.adobesign.com/public/samlConsume.)
The SP Information provided is as follows:
- Entity ID/SAML Audience—A URL that describes the entity that is expected to receive the SAML message. In this case, it is the URL for Acrobat Sign
- SP Certificate—Some providers require a certificate to be used to identify the Service Provider. The link in this view points to the Acrobat Sign Service Provider certificate
- Assertion Consumer URL— This is the callback that the IdP will send to tell Acrobat Sign to log in a user
- Single Log Out (SLO) URL—The URL that users are redirected to when they log out
- Single Sign-On (Login) URL— This is the URL that the IdP will send login requests to
Microsoft Active Directory Federation Services Configuration
Okta Configuration
OneLogin Configuration
Oracle Identity Federation Configuration
Known Issues
©2022 Adobe Systems Incorporated. All Rights Reserved.
Products mentioned in this document, such as the services of identity providers Microsoft Active Directory Federation, Okta, Onelogin, and Oracle Identity Federation, and Salesforce software retain all of the copyrights and trademark rights of their specific corporations.