Enable a method of recipient authentication through the Adobe identity management system.
Overview
Adobe Acrobat Sign Authentication is a single-factor identity verification method that requires the recipient to authenticate to the Acrobat Sign identity system. For recipients with an existing Acrobat Sign identity, this is an easy verification request to a known entity.
Additionally, there are options that can pre-fill the recipient's email address into the verification panel when challenged or even bypass the manual re-authentication process entirely if the recipient is already authenticated to Acrobat Sign. These qualities make Acrobat Sign Authentication the smoothest experience for internal recipients required to provide an authenticated signature.
Recipients who don't have an Adobe account tied to the email address the agreement is sent to will be required to create a new Adobe user account to complete the verification process.
Availability:
Acrobat Sign authentication is available for enterprise license plans only.
Configuration scope:
The feature can be enabled at the account and group levels.
Acrobat Sign authentication is not a metered service. There is no charge for use, regardless of volume.
How it works
The default verification process challenges the recipient to validate their identity by authenticating to the Acrobat Sign service. A button to the authentication panel is provided:
After selecting the button, the authentication panel allows the recipient to authenticate to their Acrobat Sign account.
- Options are available for the native Acrobat Sign identity system and the Adobe Admin Console.
Once the authentication is passed, the recipient can interact with the agreement.
If the recipient closes the agreement window before completing their action, they must re-authenticate to resume.
Configuring the Acrobat Sign Authentication method when composing a new agreement
When Acrobat Sign authentication is enabled, the sender can select it from the Authentication drop-down just to the right of the recipient's email address:
Audit Report
The audit report clearly indicates the recipient identity verification with Adobe Acrobat Sign:
Best Practices and Considerations
- Acrobat Sign Authentication isn't a second-factor authentication and should not be used when the signature requires additional authentication (beyond email authentication).
- Acrobat Sign Authentication requires that the recipient have an Acrobat Sign Identity. If they don't, a new account must be created before the recipient can authenticate, and that level of friction is likely to cause frustration. For this reason, using Acrobat Sign Authentication for external recipients isn't recommended.
- The Acrobat Sign Authentication method is best used for internal authentication as all internal recipients are known to have Adobe IDs.
- Customers who manage their users in the Adobe Admin Console can configure their organization to leverage their SSO solution through Acrobat Sign authentication, removing the requirement for recipients in the customer's company to have a licensed user in the Acrobat Sign system.
- Before configuring your account to auto-populate the recipient's email or bypass the re-authentication process, check with your legal team to understand your requirements for a valid signature. Ensure the options you configure still comply with the needs of the resultant document.
- When recipients access agreements directly from the Acrobat Sign Manage page, Acrobat Sign Authentication is the primary (and only) authentication factor. The email link (typically providing the default primary authentication element) is bypassed and replaced with the authenticated session to Acrobat Sign. In this scenario, Acrobat Sign Authentication duplicates the primary authentication factor.
- Accounts that purchase premium authentication transactions may want to consider setting the account-level settings to limit internal recipients to only using the Acrobat Sign Authentication method if extra authentication isn't required for the internal signers. This could prevent the accidental usage of premium assets. Groups can always be configured for other authentication methods as needed:
Configuration Options
Configure the Acrobat Sign Authentication method by navigating to Send Settings > Signer Identification Options
There are five controls relevant to the Acrobat Sign Authentication method:
- Acrobat Sign Authentication - The core feature; checking this box enables access to the authentication method for senders when composing agreements
- By default, use the following method - Defines the default value inserted into the recipient's Authentication option
- Identity authentication for internal recipients - Enabling this option allows internal recipients to be configured with different authentication options and defaults.
- Generally, it's recommended that Acrobat Sign Authentication be used only for internal recipients.
- The Acrobat Sign Authentication access option and the By default selector are replicated to set the internal recipient experience.
- Allow Acrobat Sign to auto-populate the Signers email address for each authentication challenge - When enabled, the recipient's email is imported from the agreement into the authentication panel. The imported email value is fixed, and the recipient may not change it.
- Don't challenge the signer to re-authenticate if they are already logged in to Acrobat Sign - When enabled, the recipient isn't challenged to re-authenticate when opening an agreement if they are already authenticated to the Acrobat Sign service.
- This requires the agreement to be opened in the same browser as the authenticated session to Acrobat Sign.
- This requires the agreement to be opened in the same browser as the authenticated session to Acrobat Sign.
