Overview

Adobe Sign Authentication is an identity authentication method that requires the recipient to authenticate to the Adobe Sign identity system. For recipients with an existing Adobe Sign identity, this is an easy authentication request to a known entity, securing a second-factor authentication with very low friction.

Additionally, there are options that can pre-fill the recipient's email address into the authentication panel when challenged or even bypass the manual re-authentication process entirely if the recipient is already authenticated to Adobe Sign. These qualities make Adobe Sign Authentication the smoothest experience for internal recipients required to provide an authenticated signature.

The default authentication process challenges the recipient to validate their identity by authenticating to the Adobe Sign service. A button to the authentication panel is provided:

Adobe Sign authentication.png

After clicking the button, the authentication panel allows the recipient to authenticate to their Adobe Sign account.

  • Options are available for both the native Adobe Sign identity system and the Adobe Admin Console
adobe_sign_authenticationgump

Once the authentication is passed, the recipient is granted access to view and interact with the agreement.

If the recipient closes the agreement window for any reason before completing their action, they will have to re-authenticate to resume.

Note:

The Adobe Sign Authentication method is available to the business and enterprise service plans only.

Adobe Sign Authentication is not a metered service. There is no charge for use, regardless of volume.


Configuring the Adobe Sign Authentication method when composing a new agreement

When Adobe Sign Authentication is enabled, the sender can select it from the Authentication drop-down just to the right of the recipient's email address:

Select the authenticaation method


Audit Report

The audit report clearly indicates the recipient identity verification with Adobe Sign authentication:

adobe_authenticationauditreport


Best Practices and Considerations

  • Adobe Sign Authentication requires that the recipient have an Adobe Sign Identity. If they don't, a new account must be created before the recipient can authenticate, and that level of friction is likely to cause frustration. For this reason, it is not recommended to use Adobe Sign Authentication for external recipients
  • The Adobe Sign Authentication method is best used for internal authentication as all internal recipients are known to have Adobe IDs
  • Before configuring your account to auto-populate the recipient's email or bypass the re-authentication process, check with your legal team to understand your requirements for a valid signature. Ensure the options you configure still comply with the need of the resultant document
  • Be advised that when recipients access agreements directly from the Adobe Sign Manage page, Adobe Sign Authentication acts as the primary (and only) authentication factor. The email link (which typically provides the default primary authentication element) is bypassed and replaced with the authenticated session to Adobe Sign.  in this scenario, Adobes Sign Authentication duplicates the primary authentication factor
  • Accounts that purchase premium authentication transactions may want to consider setting the Account-level settings to limit internal recipients only to use the Adobe Sign Authentication method. This could prevent the accidental usage of the premium assets. Groups can always be configured for other authentication methods as needed:
Internal config


Configuration Options

Group and account-level admins can enable and configure the Adobe Sign Authentication method by navigating to Send Settings > Identity Authentication Methods.

There are five controls relevant to the Adobe Sign Authentication method:

  • Adobe Sign Authentication - The core feature; checking this box enables access to the authentication method for senders when composing agreements
  • By default, use the following method - Defines the default value inserted into the recipient's Authentication option
  • Identity authentication for internal recipients - Enabling this option allows internal recipients to be configured with different authentication options and defaults
    • Generally, it is recommended that Adobe Sign Authentication be used only for internal recipients
    • Both the Adobe Sign Authentication access option and the By default selector are replicated for setting the internal recipient experience
  • Allow Adobe Sign to auto-populate the Signers email address for each authentication challenge - When enabled, the recipient's email is imported from the agreement into the authentication panel. The imported email value is fixed, and the recipient may not change it
  • Don't challenge the signer to re-authenticate if they are already logged in to Adobe Sign - When enabled, the recipient is not challenged to re-authenticate when opening an agreement if they are already authenticated to the Adobe Sign service
    • This requires the agreement to be opened in the same browser as the authenticated session to Adobe Sign
Adobe sign identity authentication controls