Use enforced identity authentication


The Enforce identity authentication feature defines the trigger events that prompt a recipient to re-authenticate when interacting with an agreement.

Opening the agreement is the primary authentication trigger.

  • This authentication must be enabled if either of the other triggers is enabled.

Other triggers force authentication when a signature is applied and/or when the signature process is completed.

The triggers enabled encompass all signers included in the agreement (internal and external).

Access to the feature is on the Bio-Pharma Settings page and is available to all customers with an enterprise or business service plan.

How it's used


For Enforce identity authentication to work, the signer must be authenticating their identity with either:

The agreement processes normally if any other authentication method is defined, but Enforced identity authentication is not applied for that recipient. Configuring some recipients to apply Enforced identity authentication and others to bypass it by leveraging different authentication methods in the same transaction is permissible.

The authentication method is defined on the Send Settings page in the Identity Authentication Methods section.

The recipient experience

The recipient is presented with the authentication UI upon triggering an authentication challenge.
The two authentication options are:

  • Phone authentication - A Voice or SMS-based text that provides a five-digit code that the signer must enter before affixing the signature
Recipient's challenge for phone authentication


  • Acrobat Sign authentication - A request to provide the signer's Acrobat Sign password. Because authentication to Adobe is required, this method is primarily recommended for internal recipients where the sender can reasonably expect such an account exists.

Accounts that configure their Admin Console organization to allow SSO authentication will authenticate against their configured identity provider, removing the requirement for their internal recipients to be entitled with a license for Acrobat Sign.

Acrobat Sign authentication challenge

Once the authentication is passed, the recipient can continue the form-filling/signing process.



Enforce identity authentication is limited to enterprise license plans.

Configuration scope:

The features can be enabled at the account and group levels.

Configuration options

To enable Enforce identity authentication options, navigate to Account Settings > Bio-Pharma Settings > Enforce identity authentication.

When enabled, Enforced identity authentication requires the signer to authenticate when opening the agreement.

Additional authentication triggers can be configured:

  • Challenge the user to authenticate themselves when the signer clicks a signature field in the agreement - When enabled, all recipients must authenticate every time a signature field is selected (before the signature can be applied).
    • Only signature and signature block fields are re-authenticated; initial fields are not.
    • The setting impacts both required and optional signature and signature block fields.
  • Challenge the user to authenticate themselves when the Click to Sign button is selected after the signing ceremony is complete - When enabled, the recipient must reauthenticate after selecting the Click to Sign button (when they have completed their interaction with the agreement).


Navigate to teh Enforced Identity Authentication controls on the Bio-Pharma tab

Related settings

The option to Challenge the user to authenticate themselves when the agreement is opened can be suspended for recipients in your account if they are logged in to Acrobat Sign when the agreement is opened. This can eliminate some of the friction for your internal signers.

To allow your users to skip the agreement opening authentication if logged in:

  1. Navigate to Account Settings > Send Settings > Signer Identification Options.
  2. Enable Don’t challenge the signer to re-authenticate if they are already logged in to Acrobat Sign.
  3. Save the page configuration.
Enable the option to suppress the authentication if the user is logged in to Acrobat Sign.

Audit report changes

When any of the Enforce identity authentication options are enabled, the audit report explicitly logs every authentication in the audit report, and to a lesser degree, in the activity panel of the agreement.

Additional logging of authentication events in teh audit log and Activity panel

Things to keep in mind...

  • Enforced Identity works with authenticated self-signing.
  • Enforced identity authentication works with digital and electronic signature fields.
    • Each signer can have only ten digital signature fields and multiple electronic signature fields.
  • Enforced authentication does not apply when only a Stamp is used as a signature.
Acrobat Sign authentication challenge

Adobe logo

Sign in to your account