Overview
Adobe Acrobat Sign Authentication is a first-factor identity verification method that requires the recipient to authenticate to the Acrobat Sign identity system. For recipients with an existing Acrobat Sign identity, this is an easy verification request to a known entity.
Additionally, there are options that can pre-fill the recipient's email address into the verification panel when challenged or even bypass the manual re-authentication process entirely if the recipient is already authenticated to Acrobat Sign. These qualities make Acrobat Sign Authentication the smoothest experience for internal recipients required to provide an authenticated signature.
The default verification process challenges the recipient to validate their identity by authenticating to the Acrobat Sign service. A button to the authentication panel is provided:
Recipients that do not have an Adobe account tied to the email address the agreement is sent to will be required to create a new Adobe user account to complete the verification process.
After clicking the button, the authentication panel allows the recipient to authenticate to their Acrobat Sign account.
- Options are available for both the native Acrobat Sign identity system and the Adobe Admin Console
Once the authentication is passed, the recipient is granted access to view and interact with the agreement.
If the recipient closes the agreement window for any reason before completing their action, they will have to re-authenticate to resume.
The Acrobat Sign Authentication method is available to the business and enterprise service plans only.
Acrobat Sign Authentication is not a metered service. There is no charge for use, regardless of volume.
Configuring the Acrobat Sign Authentication method when composing a new agreement
When Acrobat Sign Authentication is enabled, the sender can select it from the Authentication drop-down just to the right of the recipient's email address:
Audit Report
The audit report clearly indicates the recipient identity verification with Acrobat Sign authentication:
Best Practices and Considerations
- Acrobat Sign Authentication is not a second-factor authentication and should not be used when the signature requires additional authentication (beyond email authentication).
- Acrobat Sign Authentication requires that the recipient have an Acrobat Sign Identity. If they don't, a new account must be created before the recipient can authenticate, and that level of friction is likely to cause frustration. For this reason, it is not recommended to use Acrobat Sign Authentication for external recipients.
- The Acrobat Sign Authentication method is best used for internal authentication as all internal recipients are known to have Adobe IDs.
- Customers that manage their users in the Adobe Admin Console can configure their organization to leverage their SSO solution through Acrobat Sign authentication, removing the requirement for recipients in the customer's company to have a licensed user in the Acrobat Sign system.
- Before configuring your account to auto-populate the recipient's email or bypass the re-authentication process, check with your legal team to understand your requirements for a valid signature. Ensure the options you configure still comply with the need of the resultant document.
- Be advised that when recipients access agreements directly from the Acrobat Sign Manage page, Acrobat Sign Authentication acts as the primary (and only) authentication factor. The email link (which typically provides the default primary authentication element) is bypassed and replaced with the authenticated session to Acrobat Sign. In this scenario, Acrobat Sign Authentication duplicates the primary authentication factor.
- Accounts that purchase premium authentication transactions may want to consider setting the Account-level settings to limit internal recipients only to use the Acrobat Sign Authentication method if extra authentication is not required for the internal signers. This could prevent the accidental usage of premium assets. Groups can always be configured for other authentication methods as needed:
Configuration Options
Group and account-level admins can enable and configure the Acrobat Sign Authentication method by navigating to Send Settings > Identity Authentication Methods.
There are five controls relevant to the Acrobat Sign Authentication method:
- Acrobat Sign Authentication - The core feature; checking this box enables access to the authentication method for senders when composing agreements
- By default, use the following method - Defines the default value inserted into the recipient's Authentication option
- Identity authentication for internal recipients - Enabling this option allows internal recipients to be configured with different authentication options and defaults
- Generally, it is recommended that Acrobat Sign Authentication be used only for internal recipients
- Both the Acrobat Sign Authentication access option and the By default selector are replicated for setting the internal recipient experience
- Allow Acrobat Sign to auto-populate the Signers email address for each authentication challenge - When enabled, the recipient's email is imported from the agreement into the authentication panel. The imported email value is fixed, and the recipient may not change it
- Don't challenge the signer to re-authenticate if they are already logged in to Acrobat Sign - When enabled, the recipient is not challenged to re-authenticate when opening an agreement if they are already authenticated to the Acrobat Sign service
- This requires the agreement to be opened in the same browser as the authenticated session to Acrobat Sign
- This requires the agreement to be opened in the same browser as the authenticated session to Acrobat Sign
Prihláste sa do svojho účtu