Specification (Standard Name)
Handboek voor Adobe Acrobat Sign
Nieuwe functies
Aan de slag
- Snelstartgids voor beheerders
- Handleiding om snel aan de slag te gaan voor gebruikers
- Bibliotheek voor videotutorial
- Veelgestelde vragen
Beheerder
- Overzicht Admin Console
-
User Management
- Gebruikers toevoegen
- Op functies gerichte gebruikers maken
- Controleren op gebruikers met provisioningfouten
- Naam/e-mailadres wijzigen
- Groepslidmaatschap van een gebruiker bewerken
- Een gebruiker tot een beheerdersrol bevorderen
- Typen gebruikersidentiteiten en SSO
- Gebruikersidentiteit wisselen
- Gebruikers verifiëren met MS Azure
- Gebruikers verifiëren met Google Federation
- Productprofielen
- Aanmeldingservaring
-
Begeleiding voor regelgevingsvereisten
- Toegankelijkheid
- HIPAA
- AVG
- 21 CFR deel 11 en EudraLex bijlage 11
- Klanten in de gezondheidszorg
- IVES-ondersteuning
- Overeenkomsten archiveren
- Overwegingen voor EU/VK
- Uw domein claimen
- Koppelingen voor het melden van misbruik
Overeenkomsten verzenden, ondertekenen en beheren
-
Opties voor ontvangers
- Een e-mailherinnering annuleren
-
Opties op de pagina voor elektronisch ondertekenen
- Overzicht van de pagina voor elektronisch ondertekenen
- Openen om de overeenkomst zonder velden te lezen
- Weigeren om een overeenkomst te ondertekenen
- Ondertekeningsbevoegdheid delegeren
- Een PDF van de overeenkomst downloaden
- Geschiedenis van de overeenkomst weergeven
- Berichten over de overeenkomst weergeven
- Een elektronische handtekening naar een geschreven handtekening converteren
- Een geschreven handtekening naar een elektronische handtekening converteren
- Door formuliervelden navigeren
- De gegevens uit de formuliervelden wissen
- Vergroting en navigatie van de pagina voor elektronisch ondertekenen
- De taal wijzigen die wordt gebruikt in de tools en informatie van de overeenkomst
- Juridische kennisgevingen controleren
- Cookievoorkeuren voor Acrobat Sign aanpassen
- Overeenkomsten verzenden
-
Velden in documenten opnemen
-
In-app authoringomgeving
- Automatische velddetectie
- Velden slepen en neerzetten met de authoringomgeving
- Formuliervelden toewijzen aan ontvangers
- De rol Vooraf invullen
- Velden aanbrengen met een herbruikbare veldsjabloon
- Overdracht van velden naar een nieuwe bibliotheeksjabloon
- Bijgewerkte authoringomgeving bij het verzenden van overeenkomsten
- Formulieren met tekstlabels maken
- Formulieren maken met Acrobat (AcroForms)
- Velden
- Veelgestelde vragen over ontwerpen
-
In-app authoringomgeving
- Overeenkomsten ondertekenen
-
Overeenkomsten beheren
- Overzicht pagina Beheren
- Overeenkomsten delegeren
- Ontvangers vervangen
- Documentzichtbaarheid beperken
- Een overeenkomst annuleren
- Nieuwe herinneringen maken
- Herinneringen voor beoordeling
- Een herinnering annuleren
- Toegang verkrijgen tot Power Automate-flows
-
Meer handelingen...
- De werking van de zoekfunctie
- Een overeenkomst weergeven
- Een sjabloon maken op basis van een overeenkomst
- Overeenkomsten verbergen/zichtbaar maken
- Een ondertekend document uploaden
- Bestanden en velden van een verzonden overeenkomst wijzigen
- De verificatiemethode van een ontvanger bewerken
- Een vervaldatum toevoegen of wijzigen
- Een opmerking toevoegen aan een overeenkomst
- Een individuele overeenkomst delen
- Delen van een overeenkomst ongedaan maken
- Een individuele overeenkomst downloaden
- De afzonderlijke bestanden van een overeenkomst downloaden
- Het controlerapport van een overeenkomst downloaden
- De veldinhoud van een overeenkomst downloaden
- Controlerapport
- Rapportage en gegevensexports
Geavanceerde voorzieningen en workflows voor overeenkomsten
- Webformulieren
-
Herbruikbare sjablonen
- US Government-formulieren in de Acrobat Sign-bibliotheek
- Een bibliotheeksjabloon maken
- De naam van een bibliotheeksjabloon wijzigen
- Het type van een bibliotheeksjabloon wijzigen
- Het machtigingsniveau van een bibliotheeksjabloon wijzigen
- Een gedeelde sjabloon kopiëren, bewerken en opslaan
- De verzamelde veldgegevens voor een bibliotheeksjabloon downloaden
- Eigendom van webformulieren en bibliotheeksjablonen overdragen
-
Power Automate-workflows
- Overzicht van de Power Automate-integratie en opgenomen rechten
- De Power Automate-integratie inschakelen
- Contextuele acties op de pagina Beheren
- Gebruik van Power Automate bijhouden
- Een nieuwe flow maken (voorbeelden)
- Triggers die worden gebruikt voor flows
- Flows van buiten Acrobat Sign importeren
- Flows beheren
- Flows bewerken
- Flows delen
- Flows in- of uitschakelen
- Flows verwijderen
-
Nuttige sjablonen
- Alleen beheerder
- Archivering van overeenkomst
- Archivering van webformulierovereenkomst
- Data-extractie van de overeenkomst
- Overeenkomstmeldingen
- Overeenkomst genereren
- Workflows op maat verzenden
- Gebruikers en overeenkomsten delen
Integreren met andere producten
- Acrobat Sign voor Salesforce
- Acrobat Sign voor Microsoft
- Overige integraties
- Door partners beheerde integraties
- Een integratiesleutel verkrijgen
Acrobat Sign Developer
- REST-API's
- Webhooks
Ondersteuning en probleemoplossing
Adobe Acrobat Sign includes SAML authentication for customers that desire a federated log in system.
The below document pertains to customer accounts that manage their user licensing directly within the Acrobat Sign application.
Customers that manage user entitlement in the Adobe Admin Console must follow a different process found here.
Introduction
The identity federation standard Security Assertion Markup Language (SAML) 2.0 enables the secure exchange of user authentication data between web applications and identity service providers.
When you use the SAML 2.0 protocol to enable single sign-on (SSO), security tokens containing assertions pass information about an end user (principal) between a SAML authority - an identity
provider (IdP), and a SAML consumer - a service provider (SP).
Acrobat Sign, acting as the service provider (SP), supports single sign-on through SAML using external identity providers (IdPs) such as Okta, OneLogin, Oracle Federated Identity (OIF), and Microsoft Active Directory Federation Service. Acrobat Sign is compatible with all external IdPs that support SAML 2.0.
More information on integrating with these identity providers (IdPs), can be found in the following guides:
- Enabling SAML Single Sign On for Microsoft Active Directory Federation Service
- Enabling SAML Single Sign On for Okta
- Enabling SAML Single Sign On for OneLogin
- Enabling SAML Single Sign-on with Oracle Identity Federation
You can also configure Acrobat Sign for single sign-on (SSO) with other systems already used in your organization, for example, Salesforce.com, or other providers that support SAML 2.0.
Acrobat Sign uses federated authentication as opposed to delegated authentication. Federated authentication does not validate the user's actual password in Acrobat Sign. Instead, Acrobat Sign receives a SAML assertion in an HTTP POST request. Acrobat Sign also supports encrypted assertions.
The SAML assertion has a limited validity period, contains a unique identifier, and is digitally signed. If the assertion is still within its validity period, has an identifier that has not been used before, and has a valid signature from a trusted identity provider, the user is granted access to Acrobat Sign.
A summary of the Acrobat Sign authentication specification is included in the table below:
|
Value |
Federation Protocol |
SAML 2.0 |
Federation Profile |
Browser Post |
Federation Unique Identifier |
Email Address |
Relay State |
Not Needed. Acrobat Sign has the logic to know where to point the User after they are authenticated. |
Prerequisites
To enable SSO, your corporate network must support the SAML 2.0 protocol. If your corporate network does not support SAML, contact Adobe Acrobat Sign Support to discuss other options to enable Single Sign On in your account.
Before beginning to set up SAML SSO, you must do the following:
- Claim and establish your Domain Name (For the examples in this guide, this will be rrassoc.com.)
- Claiming your Domain is a multi-step process that you should start right away
- Enable SAML for your domain using a provider such as Microsoft Active Directory Federation, Okta, Onelogin, Oracle Identity Federation, or others. You may need to open an Acrobat Sign support ticket to get your domain enabled from the backend
- Create or verify that you have an administrator account with your IdP using an email address
- If you do not have an Okta account, you can create a free Okta Developer Edition organization using this link: https://www.okta.com/developer/signup/
- If you do not have a OneLogin account, you can create a free trials account using this link: https://www.onelogin.com/ and clicking the FREE TRIAL button in the upper right corner
- (Optional) Add an additional email id for User Provisioning in both IdP and SP. This will allow you to add more users who can log in to Acrobat Sign with their SSO credentials
- (Required) Verify that you have an admin user for Acrobat Sign and an Admin user for the IdP
(Optional) Create or verify that you have an Acrobat Sign administrator account that uses the same email address as the account for your IdP (For the examples in this guide, this email address will be susan@rrassoc.com.) This will make it easier for you to administer the accounts - In Acrobat Sign, set your SAML Mode to “SAML Allowed” (See Working with the SAML Settings
for more information.)
When setting up SAML SSO, we recommend that you set the SAML Mode to SAML Allowed until the entire setup process is complete and you’ve verified it is working correctly. Once verified, you can change the SAML Mode to SAML Mandatory.
Enabling Single Sign On using SAML
At a high level, enabling SAML SSO between Acrobat Sign (the SP) and your IdP involves the following high-level steps:
1. If required (by your IdP), set up your IdP using the Acrobat Sign Service Provider (SP) Information
2. Set up Acrobat Sign using information from your IdP
3. Verify that the SAML SSO has been properly set up
Working with SAML Settings
Navigate to Account > Account Settings > SAML Settings
To view the options for User Creation, Login Page Customization, Identity Provider (IdP) Configuration, and Acrobat Sign Service Provider (SP) Information, scroll to the bottom of the SAML Settings page.
SAML Mode Settings
In Acrobat Sign, there are three SAML Mode options and one additional option that works with the SAML Mandatory option.
- SAML Disabled—Disables SAML authentication for the account. When selected, the rest of the SAML configuration page becomes inaccessible.
- SAML Allowed— This option allows users to authenticate to Acrobat Sign by both SAML and the native Acrobat Sign authentication
- SAML Mandatory—Requires that all users authenticate to Acrobat Sign with SAML SSO
- Allow Acrobat Sign Account Administrators to log in using their Acrobat Sign Credentials - When SAML Mandatory is enabled, this option allows Acrobat Sign administrators to be an exception to the SAML rule and authenticate with Acrobat Sign native authentication.
- Admins authenticated using their Acrobat Sign credentials will need to log out twice to log out of the service through the UI controls. (After a successful logout, the admin is taken to their IdP, and because they are logged in to the IdP, the admin gets redirected back to Acrobat Sign and is logged in.)
- Admins authenticated using their Acrobat Sign credentials will need to log out twice to log out of the service through the UI controls. (After a successful logout, the admin is taken to their IdP, and because they are logged in to the IdP, the admin gets redirected back to Acrobat Sign and is logged in.)
- Allow Acrobat Sign Account Administrators to log in using their Acrobat Sign Credentials - When SAML Mandatory is enabled, this option allows Acrobat Sign administrators to be an exception to the SAML rule and authenticate with Acrobat Sign native authentication.
It is strongly recommended that you set the SAML Mode to SAML Allowed until you’ve verified your SAML SSO is working as expected.
Hostname
The Hostname is your domain name. (See Prerequisites above.) When entered, your hostname
becomes part of the Assertion Consumer URL, the Single Log Out (SLO) URL, and Single
Sign-On (Login) URL.
User Creation Settings
Only the first of the two User Creation settings is directly connected with SAML Setup. The second setting pertains to all pending users, whether or not they are added as a result of authenticating through SAML.
- Automatically add users authenticated through SAML—If this option is enabled, users who are authenticated through your IdP are automatically added as pending users in Acrobat Sign
- Automatically make pending users in my account active—If the Require signers in my account to log in to Acrobat Sign before signing setting (Security Settings > Signer Identity Verification), is enabled, this setting should also be enabled. When a signature is requested from a new user, this user is created as a pending user in your account. If this option is not enabled, these users are prevented from signing agreements sent to them for signature
- Allow users who authenticate with SAML to change their email address in their profile - Enable this option to allow your users to change the email address on their Acrobat Sign profile
Login Page Customization Settings
You can customize the sign-on message that users see on the Acrobat Sign Sign In page when SAML Single Sign On is enabled.
- Single Sign On Login Message— Enter a message to display above the SSO Sign In button on the Acrobat Sign Sign In page
- Place the SAML login button at the top of the page when other login options are available - When enabled, the SSO login button will be placed above any other authentication method enabled
Identity Provider (IdP) Configuration Within Acrobat Sign
To set up most IdPs, except as noted for Okta, you must enter information from your IdP into the IdP configuration fields in Acrobat Sign.
- Entity ID/Issuer URL—This value is provided by the IdP to uniquely identify your domain.
- Login URL/SSO Endpoint—The URL that Acrobat Sign will call to request a user login from the IdP. The IdP is responsible for authenticating and logging the user in.
- Logout URL/SLO Endpoint—When someone logs out of Acrobat Sign, this URL is called to log them out of the IdP as well.
- IdP Certificate—The authentication certificate issued by your IdP.
Acrobat Sign SAML Service Provider (SP) Information
The SP information section displays the default information for Acrobat Sign. Once you’ve entered and saved your hostname and IdP Configuration information, the information in the SP information section is updated to include your hostname.
(In our example, https://secure.na1.adobesign.com/public/samlConsume
becomes https://caseyjonez.na1.adobesign.com/public/samlConsume.)
The SP Information provided is as follows:
- Entity ID/SAML Audience—A URL that describes the entity that is expected to receive the SAML message. In this case, it is the URL for Acrobat Sign
- SP Certificate—Some providers require a certificate to be used to identify the Service Provider. The link in this view points to the Acrobat Sign Service Provider certificate
- Assertion Consumer URL— This is the callback that the IdP will send to tell Acrobat Sign to log in a user
- Single Log Out (SLO) URL—The URL that users are redirected to when they log out
- Single Sign-On (Login) URL— This is the URL that the IdP will send login requests to
Microsoft Active Directory Federation Services Configuration
Okta Configuration
OneLogin Configuration
Oracle Identity Federation Configuration
Known Issues
©2022 Adobe Systems Incorporated. All Rights Reserved.
Products mentioned in this document, such as the services of identity providers Microsoft Active Directory Federation, Okta, Onelogin, and Oracle Identity Federation, and Salesforce software retain all of the copyrights and trademark rights of their specific corporations.