Log in to Acrobat Sign as an account-level administrator.
Adobe Acrobat Sign Service Accounts
Service Accounts are a vehicle to enable users in an enterprise-level account to send agreements under the authority of a userID explicitly generated for that purpose (vs. using their personal userID).
For example, a Service Account can be created to send legal documents. The user's profile can be designed to provide a functional name and email address that identify the Legal department and not an individual sender. All users that need to send NDA agreements (for example) can switch to the Legal Service Account and send under that profile, affording the transaction a more consistent and authoritative look. Additionally, agreements of a specific nature can be limited to the Service Account's group, constraining all agreements of a functional type to that one user instead of being distributed throughout the user base.
Service Accounts are available to enterprise customers that have enabled advanced sharing and manage their accounts through the Adobe Admin Console.
The below process describes the use of Service Accounts accessed by users manually from the Acrobat Sign environment. Organizations that want to enable the API to send agreements on behalf of a centralized party should refer to the Technical Accounts for the API documentation.
Prerequisites
To enable a Service Account, your Acrobat Sign account must:
- Have enterprise tier ETLA service
- Manage users on the Adobe Admin Console*
- Have Advanced Account Sharing enabled with Sending permissions enabled.
- Users in Multiple Groups (strongly recommended).
* A note on the Adobe Admin Console
The Adobe Admin Console provides a framework for user management and license allocation. Most customers have only one Admin Console.
However, some customers with complex user/licensing requirements can have multiple Admin Consoles, which may become confusing in a process like Service Account creation, where one Admin Console may govern the federated user management, and another manages the Acrobat Sign licensing.
If you know you have multiple accounts or aren't sure, please read the below:
Overview
Creating a Service Account is a multi-step process that requires administrator-level access to the Adobe Acrobat Console and account-level administrator authority in Acrobat Sign.
The process requires the admin to:
- (Optional) Create a new Group in the Acrobat Sign system.
- Creating a dedicated group for the Service Account allows a very tight configuration of the agreement properties that may be too strict or different from other group configurations.
- Create a new Service Account in the Adobe Admin Console.
- This creates a Service Account that other users can switch to (via advanced account sharing) and send agreements.
- This creates a Service Account that other users can switch to (via advanced account sharing) and send agreements.
- Share the Service Account's account with the users and groups that should be allowed to use the Service Account.
- Sharing the Service Account with other users and groups allows those users to switch to the Service Account and generate new agreements that will be sent under that userIDs profile.
Consider generating a unique group in Acrobat Sign for the application
Adding a Service Account to a unique group allows the function of the Service Account to dictate the sending and signing parameters of the group, as well as the available workflows, templates, and reporting features.
In the example of a Service Account designed for Legal transactions, the group can define the default authentication requirement, expiration date, automatic CC parties, and PDF attachment rules, all of which would likely not be suitable for Sales transactions.
Additionally, constraining specific library templates to the Service Account's group ensures that all agreements using that template are associated with only the Service Account and not distributed throughout your user base.
To create a discrete group:
If your organization is
- using the User Sync Tool (UST) to automatically sync users between Adobe and your Active Directory
- not permitting users to be manually added or created in Acrobat Sign
you must create an exception group to be the primary group for all Service Account userIDs.
The name of the group is added to your UST configuration to ensure the sync process does not impact the userIDs, causing them to be deactivated or to have their entitlement removed.
Before creating the new Service Account, you must identify an email address that can be used for inbound replies/questions from your recipients. (e.g., legal_agreements@my_domain.dom)
To create the new Service Account:
-
Log in to your (Federated Sync) Admin Console as an administrator.
-
Log in to your Licensing Admin Console (if you are working with multiple Admin Consoles).
-
Configure your new Service Account with:
- Email or username: Use the email address that you want to capture any reply-to eamils from your recipients.
- ID Type: Federated ID
- First/Last name: this value is used in the Acrobat Sign system and is reflected in the audit report. Use a value that provides context. e.g.: Legal Department
- SSO username: Use the same email value.
- Country/Region: Select the appropriate country or region for your company.
- Select the Acrobat Sign product profile.
- Set the users role to User.
Click Save when done.
Share the Service Account with the groups or users that are authorized to use the Service Account
Creating a share to a group establishes a sharing connection with all users in the group, thereby allowing the group's users to switch into the Service Account interface and create agreements.
Sharing directly to one user establishes a connection to just that user.
-
Select the group or user to share the Service Account account with:
- Click the three lines icon to the right of the search box..
- Click the plus icon
next to the group or user to select it.
- Individual users can be added by expanding a group and then selecting an individual user form that group.
- Enable Sending unser the Additional Permission beyond Viewing options.
- Click Save.
Test your new Service Account
To test that your users can access the Service Account: