When your account or group is configured to accept cloud signatures (a digital signature where the signer’s digital certificate is securely stored in the cloud), Adobe Acrobat Sign account or group admins can pre-select the cloud signature provider(s) to simplify the process of signing. Identity providers (IdP) and trust service providers (TSPs) with Cloud Signature Consortium standard integrations to Acrobat Sign are available to be pre-selected for use with cloud signatures.
Pre-selecting one or more cloud signature providers allows admins to:
Any limits on identity solutions permitted to be used sign an agreement are locked into the agreement at the time it is sent.
The settings for preselecting cloud signature providers are enabled at the account level by an Acrobat Sign account admin. If group level settings are permitted, please note that they will override any account level values.
Once the settings are saved in the Acrobat Sign admin UI, any provider enabled (as shown by the checkbox below) will be available to the signer at the time of signing. Senders do not need to do anything to have the setting take effect, and changing the cloud signature provider settings does not impact agreements already in progress.
The cloud signature provider settings are in the UI by navigating to: Account > Account Settings > Digital Signatures
Then, at the time of signing, the signer is presented with a drop-down list of identity solutions to select from to authenticate their identity and complete the signature process.
If the signer has not been previously verified or has an existing digital identity with one of the acceptable identity solution providers, there is a configurable link provided on this screen.
Please note that the default link is configured to a page on Adobe.com.
Acrobat Sign admins can configure different cloud signature providers for use by internal and external signers.
The section highlighted in yellow below establishes the default cloud signature provider settings for all signers. Admins have the option to enable a different set of controls for external recipients by checking the option to Use different digital signature settings for external signers (highlighted in teal below).
When signers apply a signature, the preferred cloud signature provider option is displayed as preselected for them. If more than one cloud signature provider is enabled, the signer can change their selection to another approved cloud signature provider.
There are some identity providers (IdPs) that restrict access to their commercial service to pre-authorized customers. This means that the service will not be accessible until the provider has authorized the account to use it. To activate a restricted IdP requires the subscribing account to provide their “Account ID” (as shown below highlighted in yellow) to the IdP to configure their cloud signature service.
Until authorized by the restricted IdP, signers will typically see an error message from the provider if trying to use a restricted cloud signature provider. Examples of restricted IdPs include BankID Sweden and NEM ID. Custom corporate cloud signature providers are also restricted to authorized accounts.
The Account ID is a property at the account level. All groups from an account share the same Account ID, so once the restricted IdP is authorized for an account, it becomes authorized for all groups of that account.