User Guide Cancel

Enforce identity authentication

 

Adobe Acrobat Sign Guide

What's New

Get Started

Administer

Send, Sign, and Manage Agreements

Advanced Agreement Capabilities and Workflows

Integrate with other products

Acrobat Sign Developer

Support and Troubleshooting

Overview

The Enforce identity authentication feature defines the trigger events that prompt a recipient to re-authenticate when interacting with an agreement. There are three independently selectable options:

  • Authenticate when opening the agreement.
  • Authenticate when applying a signature.
  • Authenticate when completing the agreement.

The triggers that are enabled encompass all signers included in the agreement (internal and external).

Availability:

Enforce identity authentication is limited to enterprise license plans.

Configuration scope:

The features can be enabled at the account and group levels.

How it's used

Prerequisites

For Enforce identity authentication to work, the signer must be authenticating their identity with either:

The agreement processes normally if any other authentication method is defined, but Enforced identity authentication isn't applied for that recipient. Configuring some recipients to apply Enforced identity authentication and others to bypass it by leveraging different authentication methods in the same transaction is permissible.

The authentication method is defined on the Send Settings page in the Identity Authentication Methods section.

The recipient experience

The recipient is presented with the authentication UI upon triggering an authentication challenge.
The two authentication options are:

  • Phone authentication - An SMS-based text that provides a five-digit code that the signer must enter before affixing the signature
Recipient's challenge for phone authentication

 

  • Acrobat Sign authentication - A request to authenticate to Acrobat Sign through the Adobe identity management system. Because authentication to Adobe is required, this method is primarily recommended for internal recipients where the sender can reasonably expect such an account exists.
Note:

Recipients that authenticate using the Acrobat Sign authentication method must authenticate through the Acrobat identity management system. All social authentication options (Google, Facebook, and Apple) are removed during the authentication process.

Accounts that configure their Admin Console organization to allow SSO authentication will authenticate against their configured identity provider, removing the requirement for their internal recipients to be entitled with a license for Acrobat Sign.

Acrobat Sign authentication challenge

Once the authentication is passed, the recipient can continue the form-filling/signing process.

  • One-Time Password via Email - A password is sent to the recipient's email address that must be entered to gain access to interact with the agreement.
    Because the password is sent to the same email address as the recipient's email notification, this authentication method only serves as a single-factor authentication method. This may be acceptable for some use cases (such as internal recipient workflows). It's recommended to pair this method with cloud-based digital signatures when a more robust authentication assurance is required.
OTPvEm challenge for the code

Configuration

To enable Enforce identity authentication options, navigate to Bio-Pharma Settings > Enforce identity authentication.

Enforce identity authentication contains three independently selectable options:

  • Challenge the user to authenticate themselves when the agreement is opened - When enabled, each recipient must authenticate before the agreement is opened for viewing.
  • Challenge the user to authenticate themselves when the signer clicks a signature field in the agreement - When enabled, all recipients must authenticate every time a signature field is selected (before the signature can be applied).
    • Only signature and signature block fields are re-authenticated; initial fields are not.
    • The setting impacts both required and optional signature and signature block fields.
  • Challenge the user to authenticate themselves when the Click to Sign button is selected after the signing ceremony is complete - When enabled, the recipient must reauthenticate after selecting the Click to Sign button (when they have completed their interaction with the agreement).
Navigate to teh Enforced Identity Authentication controls on the Bio-Pharma tab

Related settings

The option to Challenge the user to authenticate themselves when the agreement is opened can be suspended for recipients in your account if they are logged in to Acrobat Sign when the agreement is opened. This can eliminate some of the friction for your internal signers.

To allow your users to skip the agreement opening authentication if logged in:

  1. Navigate to Account Settings > Send Settings > Signer Identification Options.
  2. Enable Don’t challenge the signer to re-authenticate if they are already logged in to Acrobat Sign.
  3. Save the page configuration.
Enable the option to suppress the authentication if the user is logged in to Acrobat Sign.

Audit report changes

When any of the Enforce identity authentication options are enabled, the audit report explicitly logs every authentication in the audit report, and to a lesser degree, in the activity panel of the agreement.

Additional logging of authentication events in teh audit log and Activity panel

Things to keep in mind...

  • Enforced Identity works with authenticated self-signing.
  • Enforced identity authentication works with digital and electronic signature fields.
  • Enforced authentication does not apply when only a Stamp is used as a signature.

Get help faster and easier

New user?