Acrobat Sign Authentication

Adobe Acrobat Sign Authentication is a first-factor identity verification method that requires the recipient to authenticate to the Adobe Acrobat Sign identity system.

For recipients with an existing Acrobat Sign identity, this is an easy verification request that automatically populates the recipient's email into the authentication panel, requiring the user to provider only their password. Additionally, there is an option to allow internal recipients to bypass the authentication process entirely if they are already logged into Acrobat Sign when opening the agreement. These qualities make Acrobat Sign authentication the smoothest experience for internal recipients required to provide an authenticated signature.

External recipients that are unknown to the Adobe identity system are required to create an account before they can authenticate. In this case, Adobe automatically directs the recipient to create a new user so the authentication process can be completed.

All users authenticating with Acrobat Sign authentication recieve the same email, indicating that they must sign in to Adobe Acrobat Sign.

Once the authentication is passed, the recipient is granted access to view and interact with the agreement.

If the recipient closes the agreement window for any reason before completing their action, they will have to re-authenticate to resume.

Configuring the Acrobat Sign authentication method when composing a new agreement

When Acrobat Sign authentication is enabled, the sender can select it from the Authentication drop-down just to the right of the recipient's email address:

Audit Report

The audit report clearly indicates the recipient identity verification with Acrobat Sign authentication:

Best Practices and Considerations

• Acrobat Sign Authentication is not a second-factor authentication and should not be used when the signature requires additional authentication (beyond email authentication).
  
• Acrobat Sign Authentication requires that the recipient have an Acrobat Sign Identity. If they don't, a new account must be created before the recipient can authenticate, and that level of friction is likely to cause frustration. For this reason, it is not recommended to use Acrobat Sign Authentication for external recipients.
• The Acrobat Sign Authentication method is best used for internal authentication as all internal recipients are known to have Adobe IDs.
• Customers that manage their users in the Adobe Admin Console can configure their organization to leverage their SSO solution through Acrobat Sign authentication, removing the requirement for recipients in the customer's company to have a licensed user in the Acrobat Sign system.
  
• Before configuring your account to auto-populate the recipient's email or bypass the re-authentication process, check with your legal team to understand your requirements for a valid signature. Ensure the options you configure still comply with the need of the resultant document.
• Be advised that when recipients access agreements directly from the Acrobat Sign Manage page, Acrobat Sign Authentication acts as the primary (and only) authentication factor. The email link (which typically provides the default primary authentication element) is bypassed and replaced with the authenticated session to Acrobat Sign. In this scenario, Acrobat Sign Authentication duplicates the primary authentication factor.
• Accounts that purchase premium authentication transactions may want to consider setting the Account-level settings to limit internal recipients only to use the Acrobat Sign Authentication method if extra authentication is not required for the internal signers. This could prevent the accidental usage of premium assets. Groups can always be configured for other authentication methods as needed:
  

Configuration Options

Group and account-level admins can enable and configure the Acrobat Sign Authentication method by navigating to Send Settings > Signer Identification Options.

There are five controls relevant to the Acrobat Sign Authentication method:

• Acrobat Sign Authentication - The core feature; checking this box enables access to the authentication method for senders when composing agreements.
• By default, use the following method - Defines the default value inserted into the recipient's Authentication option.
• Identity authentication for internal recipients - Enabling this option allows internal recipients to be configured with different authentication options and defaults.
  • Generally, it is recommended that Acrobat Sign Authentication be used only for internal recipients.
  • Both the Acrobat Sign Authentication access option and the By default selector are replicated for setting the internal recipient experience.
    
• Allow Acrobat Sign to auto-populate the Signers email address for each authentication challenge - When enabled, the recipient's email is imported from the agreement into the authentication panel. The imported email value is fixed, and the recipient may not change it.
  
• Don't challenge the signer to re-authenticate if they are already logged in to Acrobat Sign - When enabled, the recipient is not challenged to re-authenticate when opening an agreement if they are already authenticated to the Acrobat Sign service
  • This requires the agreement to be opened in the same browser as the authenticated session to Acrobat Sign.