This article contains prerelease information. Release dates, features, and other information are subject to change without notice.
Apply identity-based authentication through approved providers to support controlled, policy-driven signing workflows.
Digital Identity authentication lets you use external identity providers, integrated through the Digital Identity Gateway, as authentication methods for recipients in Adobe Acrobat Sign. Once enabled, these providers can be selected as default authentication methods and enforced consistently across agreements.
This capability allows you to align signer authentication with organizational identity systems while keeping the sending and signing experience consistent with other authentication methods.
Configuration
Availability
- Acrobat Standard and Acrobat Pro: Supported
- Acrobat Sign Solutions: Supported
- Acrobat Sign for Government: Supported
Configuration scope
Authentication methods can be configured at the group and account levels.
- Enabling the authentication method must first be done on the Digital Identity page.
- Configuring the method as a default is done by navigating to Send Settings > Signer Identification Options.
How this works at a glance
Administrators:
- Configure and enable identity providers in the Digital Identity Gateway.
- Use Send Settings to control how those enabled providers are applied.
- Decide whether senders can change the authentication method.
Senders:
- The authentication method is applied automatically when it is set as the default.
- Can change the method only if the sender override is allowed.
Recipients:
- Authenticate with the selected identity provider.
- Return to Acrobat Sign to complete signing after passing authentication.
Where this is configured
Digital Identity authentication depends on configuration in two required areas.
You must first configure and enable one or more identity providers on the Digital Identity page. Until at least one provider is enabled, Digital Identity authentication is not available and cannot be selected as a default authentication method.
After one or more identity providers are enabled, you use Send Settings to control how those providers are applied during agreement creation.
From Send Settings, you can:
- Require senders to specify an authentication method for recipients.
- Control whether senders can change the authentication method.
- Select an Identity Provider as the default authentication method.
If no identity providers are enabled on the Digital Identity page, this authentication option does not appear in Send Settings.
When providers are enabled:
- Enabled providers appear as disabled checkboxes in the authentication method list.
- These indicate availability but cannot be configured from Send Settings.
- Providers are grouped under the "Digital Identity Gateway" section in the default method dropdown.
- Each provider appears as an available authentication method
- Provider names reflect the configured identity providers.
Configuration can be applied separately for internal and external recipients.
Default authentication behavior
When you select an Identity Provider as the default authentication method:
- The provider is applied automatically during agreement creation.
- The behavior follows existing default authentication rules.
- Enforcement depends on sender override settings:
- If sender override is disabled:
- Senders must use the configured default authentication method
- Other authentication methods are hidden
- If sender override is enabled:
- Senders can choose from all enabled authentication methods, including other Identity Providers.
Interaction with sender enforcement controls
Digital Identity authentication follows the same enforcement rules as other authentication methods.
If you require senders to specify an authentication method:
- At least one authentication method must remain enabled.
- Enabled Identity Providers count as valid authentication methods.
- Acrobat Sign blocks configurations that would prevent agreements from being sent.
This prevents agreements from being created without a valid authentication method.
Sender and signer experience
For senders, Digital Identity authentication behaves like other authentication methods:
- Applied automatically when configured as the default.
- Changed only when allowed by policy.
- Applied per recipient.
For signers:
- The signer is redirected to the selected Identity Provider.
- After successful authentication, the signing process continues in Acrobat Sign.
Acrobat Sign does not display provider-specific instructions or collect provider credentials.
Audit trail and agreement history
When a Digital Identity authentication is used:
- The provider name is recorded as the recipient authentication method.
- Authentication events are logged in the agreement audit trail.
- The audit trail confirms that authentication occurred using a Digital Identity Gateway provider.
No external identity attributes, credentials, or provider-specific details are stored in the audit trail.
Web forms support
Digital Identity authentication can also be used with web forms.
Behavior is consistent with agreements created through the Request Signatures process.
Limitations and constraints
- This capability does not manage identity providers.
- Identity providers must be configured and enabled on the Digital Identity page before they can be used.
- Provider onboarding and lifecycle management occur outside of Send Settings.
- No compliance outcomes or certification claims are implied.
- Existing authentication error handling and messaging apply.
