Specification (Standard Name)
Novità
Introduzione
- Guida introduttiva per gli amministratori
- Guida introduttiva per gli utenti
- Libreria tutorial video
- Domande frequenti
Amministrazione
- Panoramica su Admin Console
-
Gestione degli utenti
- Aggiunta di utenti
- Creare utenti con funzioni specifiche
- Verificare la presenza di utenti con errori di provisioning
- Modificare il nome/l’indirizzo e-mail
- Modificare l’iscrizione a un gruppo di un utente
- Promuovere un utente a un ruolo di amministratore
- Tipi di identità utente e SSO
- Cambiare l’identità utente
- Autenticare gli utenti con Microsoft Azure
- Autenticare gli utenti con la Federazione Google
- Profili di prodotti
- Esperienza di accesso
-
Linee guida per i requisiti normativi
- Accessibilità
- HIPAA
- GDPR
- 21 CFR parte 11 ed EudraLex Annex 11
- Clientela del settore sanitario
- Supporto IVES
- Accordi di “archiviazione”
- Considerazioni UE/Regno Unito
- Richiedere il proprio dominio
- Collegamenti Segnala abuso
Inviare, firmare e gestire gli accordi
-
Opzioni destinatari
- Annullare un promemoria tramite e-mail
-
Opzioni disponibili nella pagina di firma elettronica
- Panoramica della pagina di firma elettronica
- Aprire per leggere l’accordo senza campi
- Rifiutare di firmare un accordo
- Delegare autorizzazioni di firma
- Scaricare un file PDF dell’accordo
- Visualizzare la cronologia dell’accordo
- Visualizzare i messaggi dell’accordo
- Convertire una firma elettronica in una manuale
- Convertire una firma da manuale a elettronica
- Aggiungere i campi modulo
- Cancellare i dati dai campi modulo
- Navigazione e ingrandimento della pagina Firma elettronica
- Cambiare la lingua utilizzata nelle informazioni e negli strumenti per gli accordi
- Rivedere le note legali
- Regolare le preferenze dei cookie Acrobat Sign
-
Inviare gli accordi
- Panoramica sulla pagina Invia
- Inviare un accordo solo a se stessi
- Inviare un accordo agli altri
- Firme manuali
- Ordine di firma del destinatario
-
Invia in modalità collettiva
- Panoramica della funzione Invia in modalità collettiva
- Invio in modalità collettiva: configurare un modello principale
- Invio in modalità collettiva: configurare un file CSV
- Annullare una transazione per l’invio in modalità collettiva
- Aggiungere promemoria all’invio in modalità collettiva
- Reporting per Invia in modalità collettiva
-
Authoring dei campi nei documenti
-
Ambiente di authoring in-app
- Rilevamento automatico dei campi
- Trascinare i campi utilizzando l’ambiente di authoring
- Assegnare i campi modulo ai destinatari
- Ruolo di precompilazione
- Applicare campi con un modello per campi riutilizzabili
- Trasferire i campi in un nuovo modello libreria
- Ambiente di authoring aggiornato durante l’invio degli accordi
- Creare moduli e tag di testo
- Creare moduli con Acrobat (AcroForms)
- Campi
- Domande frequenti sull’authoring
-
Ambiente di authoring in-app
- Firmare gli accordi
-
Gestire gli accordi
- Panoramica della pagina Gestisci
- Delegare gli accordi
- Sostituire i destinatari
- Limitare la visibilità del documento
- Annullare un accordo
- Creare nuovi promemoria
- Revisione dei promemoria
- Annullare un promemoria
- Accedere ai flussi Power Automate
-
Altre azioni...
- Come funziona la ricerca
- Visualizzare un accordo
- Creare un modello da un accordo
- Nascondere/Mostrare gli accordi nella visualizzazione
- Caricare un accordo firmato
- Modificare i file e i campi di un accordo inviato
- Modificare il metodo di autenticazione di un destinatario
- Aggiungere o modificare una data di scadenza
- Aggiungere una nota a un accordo
- Condividere un singolo accordo
- Annullare la condivisione di un accordo
- Scaricare un singolo accordo
- Scaricare i singoli file di un accordo
- Scaricare il report di audit di un accordo
- Scaricare il contenuto dei campi di un accordo
- Report di audit
- Rapporti ed esportazioni di dati
Funzionalità e flussi di lavoro avanzati per gli accordi
- Moduli web
-
Modelli riutilizzabili
- Moduli per la Pubblica amministrazione degli Stati Uniti nella libreria Acrobat Sign
- Creare un modello libreria
- Modificare il nome di un modello libreria
- Modificare il tipo di un modello libreria
- Modificare il livello di autorizzazione di un modello libreria
- Copiare, modificare e salvare un modello condiviso
- Scaricare i dati dei campi aggregati per un modello libreria
- Trasferire la proprietà dei moduli web e dei modelli libreria
-
Flussi di lavoro Power Automate
- Panoramica dell’integrazione Power Automate e diritti inclusi
- Abilitare l’integrazione di Power Automate
- Azioni nel contesto sulla pagina Gestisci
- Tracciare l’utilizzo di Power Automate
- Creare un nuovo flusso (esempi)
- Trigger utilizzati per i flussi
- Importazione di flussi dall’esterno di Acrobat Sign
- Gestire i flussi
- Modificare i flussi
- Condividere i flussi
- Disabilitare o abilitare i flussi
- Eliminare i flussi
-
Modelli utili
- Solo per l’amministratore
- Archiviazione dell’accordo
- Archiviazione del modulo web dell’accordo
- Estrazione dati dall’accordo
- Notifiche per l’accordo
- Generazione degli accordi
- Flussi di lavoro di invio personalizzati
- Condividere utenti e accordi
Integrazione con altri prodotti
- Panoramica delle integrazioni di Acrobat Sign
- Acrobat Sign per Salesforce
- Acrobat Sign per Microsoft
- Altre integrazioni
- Integrazioni gestite dai partner
- Come ottenere una chiave di integrazione
Acrobat Sign per sviluppatori
- API REST
- Webhook
Supporto e risoluzione dei problemi
Adobe Acrobat Sign includes SAML authentication for customers that desire a federated log in system.
The below document pertains to customer accounts that manage their user licensing directly within the Acrobat Sign application.
Customers that manage user entitlement in the Adobe Admin Console must follow a different process found here.
Introduction
The identity federation standard Security Assertion Markup Language (SAML) 2.0 enables the secure exchange of user authentication data between web applications and identity service providers.
When you use the SAML 2.0 protocol to enable single sign-on (SSO), security tokens containing assertions pass information about an end user (principal) between a SAML authority - an identity
provider (IdP), and a SAML consumer - a service provider (SP).
Acrobat Sign, acting as the service provider (SP), supports single sign-on through SAML using external identity providers (IdPs) such as Okta, OneLogin, Oracle Federated Identity (OIF), and Microsoft Active Directory Federation Service. Acrobat Sign is compatible with all external IdPs that support SAML 2.0.
More information on integrating with these identity providers (IdPs), can be found in the following guides:
- Enabling SAML Single Sign On for Microsoft Active Directory Federation Service
- Enabling SAML Single Sign On for Okta
- Enabling SAML Single Sign On for OneLogin
- Enabling SAML Single Sign-on with Oracle Identity Federation
You can also configure Acrobat Sign for single sign-on (SSO) with other systems already used in your organization, for example, Salesforce.com, or other providers that support SAML 2.0.
Acrobat Sign uses federated authentication as opposed to delegated authentication. Federated authentication does not validate the user's actual password in Acrobat Sign. Instead, Acrobat Sign receives a SAML assertion in an HTTP POST request. Acrobat Sign also supports encrypted assertions.
The SAML assertion has a limited validity period, contains a unique identifier, and is digitally signed. If the assertion is still within its validity period, has an identifier that has not been used before, and has a valid signature from a trusted identity provider, the user is granted access to Acrobat Sign.
A summary of the Acrobat Sign authentication specification is included in the table below:
|
Value |
Federation Protocol |
SAML 2.0 |
Federation Profile |
Browser Post |
Federation Unique Identifier |
Email Address |
Relay State |
Not Needed. Acrobat Sign has the logic to know where to point the User after they are authenticated. |
Prerequisites
To enable SSO, your corporate network must support the SAML 2.0 protocol. If your corporate network does not support SAML, contact Adobe Acrobat Sign Support to discuss other options to enable Single Sign On in your account.
Before beginning to set up SAML SSO, you must do the following:
- Claim and establish your Domain Name (For the examples in this guide, this will be rrassoc.com.)
- Claiming your Domain is a multi-step process that you should start right away
- Enable SAML for your domain using a provider such as Microsoft Active Directory Federation, Okta, Onelogin, Oracle Identity Federation, or others. You may need to open an Acrobat Sign support ticket to get your domain enabled from the backend
- Create or verify that you have an administrator account with your IdP using an email address
- If you do not have an Okta account, you can create a free Okta Developer Edition organization using this link: https://www.okta.com/developer/signup/
- If you do not have a OneLogin account, you can create a free trials account using this link: https://www.onelogin.com/ and clicking the FREE TRIAL button in the upper right corner
- (Optional) Add an additional email id for User Provisioning in both IdP and SP. This will allow you to add more users who can log in to Acrobat Sign with their SSO credentials
- (Required) Verify that you have an admin user for Acrobat Sign and an Admin user for the IdP
(Optional) Create or verify that you have an Acrobat Sign administrator account that uses the same email address as the account for your IdP (For the examples in this guide, this email address will be susan@rrassoc.com.) This will make it easier for you to administer the accounts - In Acrobat Sign, set your SAML Mode to “SAML Allowed” (See Working with the SAML Settings
for more information.)
When setting up SAML SSO, we recommend that you set the SAML Mode to SAML Allowed until the entire setup process is complete and you’ve verified it is working correctly. Once verified, you can change the SAML Mode to SAML Mandatory.
Enabling Single Sign On using SAML
At a high level, enabling SAML SSO between Acrobat Sign (the SP) and your IdP involves the following high-level steps:
1. If required (by your IdP), set up your IdP using the Acrobat Sign Service Provider (SP) Information
2. Set up Acrobat Sign using information from your IdP
3. Verify that the SAML SSO has been properly set up
Working with SAML Settings
Navigate to Account > Account Settings > SAML Settings
To view the options for User Creation, Login Page Customization, Identity Provider (IdP) Configuration, and Acrobat Sign Service Provider (SP) Information, scroll to the bottom of the SAML Settings page.
SAML Mode Settings
In Acrobat Sign, there are three SAML Mode options and one additional option that works with the SAML Mandatory option.
- SAML Disabled—Disables SAML authentication for the account. When selected, the rest of the SAML configuration page becomes inaccessible.
- SAML Allowed— This option allows users to authenticate to Acrobat Sign by both SAML and the native Acrobat Sign authentication
- SAML Mandatory—Requires that all users authenticate to Acrobat Sign with SAML SSO
- Allow Acrobat Sign Account Administrators to log in using their Acrobat Sign Credentials - When SAML Mandatory is enabled, this option allows Acrobat Sign administrators to be an exception to the SAML rule and authenticate with Acrobat Sign native authentication.
- Admins authenticated using their Acrobat Sign credentials will need to log out twice to log out of the service through the UI controls. (After a successful logout, the admin is taken to their IdP, and because they are logged in to the IdP, the admin gets redirected back to Acrobat Sign and is logged in.)
- Admins authenticated using their Acrobat Sign credentials will need to log out twice to log out of the service through the UI controls. (After a successful logout, the admin is taken to their IdP, and because they are logged in to the IdP, the admin gets redirected back to Acrobat Sign and is logged in.)
- Allow Acrobat Sign Account Administrators to log in using their Acrobat Sign Credentials - When SAML Mandatory is enabled, this option allows Acrobat Sign administrators to be an exception to the SAML rule and authenticate with Acrobat Sign native authentication.
It is strongly recommended that you set the SAML Mode to SAML Allowed until you’ve verified your SAML SSO is working as expected.
Hostname
The Hostname is your domain name. (See Prerequisites above.) When entered, your hostname
becomes part of the Assertion Consumer URL, the Single Log Out (SLO) URL, and Single
Sign-On (Login) URL.
User Creation Settings
Only the first of the two User Creation settings is directly connected with SAML Setup. The second setting pertains to all pending users, whether or not they are added as a result of authenticating through SAML.
- Automatically add users authenticated through SAML—If this option is enabled, users who are authenticated through your IdP are automatically added as pending users in Acrobat Sign
- Automatically make pending users in my account active—If the Require signers in my account to log in to Acrobat Sign before signing setting (Security Settings > Signer Identity Verification), is enabled, this setting should also be enabled. When a signature is requested from a new user, this user is created as a pending user in your account. If this option is not enabled, these users are prevented from signing agreements sent to them for signature
- Allow users who authenticate with SAML to change their email address in their profile - Enable this option to allow your users to change the email address on their Acrobat Sign profile
Login Page Customization Settings
You can customize the sign-on message that users see on the Acrobat Sign Sign In page when SAML Single Sign On is enabled.
- Single Sign On Login Message— Enter a message to display above the SSO Sign In button on the Acrobat Sign Sign In page
- Place the SAML login button at the top of the page when other login options are available - When enabled, the SSO login button will be placed above any other authentication method enabled
Identity Provider (IdP) Configuration Within Acrobat Sign
To set up most IdPs, except as noted for Okta, you must enter information from your IdP into the IdP configuration fields in Acrobat Sign.
- Entity ID/Issuer URL—This value is provided by the IdP to uniquely identify your domain.
- Login URL/SSO Endpoint—The URL that Acrobat Sign will call to request a user login from the IdP. The IdP is responsible for authenticating and logging the user in.
- Logout URL/SLO Endpoint—When someone logs out of Acrobat Sign, this URL is called to log them out of the IdP as well.
- IdP Certificate—The authentication certificate issued by your IdP.
Acrobat Sign SAML Service Provider (SP) Information
The SP information section displays the default information for Acrobat Sign. Once you’ve entered and saved your hostname and IdP Configuration information, the information in the SP information section is updated to include your hostname.
(In our example, https://secure.na1.adobesign.com/public/samlConsume
becomes https://caseyjonez.na1.adobesign.com/public/samlConsume.)
The SP Information provided is as follows:
- Entity ID/SAML Audience—A URL that describes the entity that is expected to receive the SAML message. In this case, it is the URL for Acrobat Sign
- SP Certificate—Some providers require a certificate to be used to identify the Service Provider. The link in this view points to the Acrobat Sign Service Provider certificate
- Assertion Consumer URL— This is the callback that the IdP will send to tell Acrobat Sign to log in a user
- Single Log Out (SLO) URL—The URL that users are redirected to when they log out
- Single Sign-On (Login) URL— This is the URL that the IdP will send login requests to
Microsoft Active Directory Federation Services Configuration
Okta Configuration
OneLogin Configuration
Oracle Identity Federation Configuration
Known Issues
©2022 Adobe Systems Incorporated. All Rights Reserved.
Products mentioned in this document, such as the services of identity providers Microsoft Active Directory Federation, Okta, Onelogin, and Oracle Identity Federation, and Salesforce software retain all of the copyrights and trademark rights of their specific corporations.