- 4.246.0.144/28
- 13.55.51.87
- 13.55.172.219
- 13.55.174.148
- 20.36.219.136
- 20.36.220.46
- 20.197.114.7
- 20.197.115.164
- 35.154.168.186
- 35.154.250.71
- 35.156.156.191
- 35.157.18.96
- 51.105.160.39
- 51.105.163.48
System requirements
What's New
Get Started
- Quick start guide for administrators
- Quick start guide for users
- For Developers
- Video tutorial library
- FAQ
Administer
- Admin Console Overview
- User Management
- Adding users
- Create function-focused users
- Check for users with provisioning errors
- Change Name/Email Address
- Edit a user's group membership
- Edit a user's group membership through the group interface
- Promote a user to an admin role
- User Identity Types and SSO
- Switch User Identity
- Authenticate Users with MS Azure
- Authenticate Users with Google Federation
- Product Profiles
- Login Experience
- Account/Group Settings
- Settings Overview
- Global Settings
- Account tier and ID
- New Recipient Experience
- Self Signing Workflows
- Send in Bulk
- Web Forms
- Custom Send Workflows
- Power Automate Workflows
- Library Documents
- Collect form data with agreements
- Limited Document Visibility
- Attach a PDF copy of the signed agreement
- Include a link in the email
- Include an image in the email
- Files attached to email will be named as
- Attach audit reports to documents
- Merge multiple documents into one
- Download individual documents
- Upload a signed document
- Delegation for users in my account
- Allow external recipients to delegate
- Authority to sign
- Authority to send
- Power to add Electronic Seals
- Set a default time zone
- Set a default date format
- Users in Multiple Groups (UMG)
- Group Administrator Permissions
- Replace recipient
- Audit Report
- Transaction Footer
- In Product Messaging and Guidance
- Accessible PDFs
- New authoring experience
- Healthcare customer
- Account Setup
- Add logo
- Customize company Hostname/URL
- Add company name
- Post agreement URL redirect
- Signature Preferences
- Well formatted signatures
- Allow recipients to sign by
- Signers can change their name
- Allow recipients to use their saved signature
- Custom Terms of Use and Consumer Disclosure
- Navigate recipients through form fields
- Restart agreement workflow
- Decline to sign
- Allow Stamps workflows
- Require signers to provide their Title or Company
- Allow signers to print and place a written signature
- Show messages when e-signing
- Require signers to use a mobile device to create their signature
- Request IP address from signers
- Exclude company name and title from participation stamps
- Apply Adaptive Signature Draw scaling
- Digital Signatures
- Electronic Seals
- Digital Identity
- Report Settings
- New report experience
- Classic report settings
- Security Settings
- Single Sign-on settings
- Remember-me settings
- Login password policy
- Login password strength
- Web session duration
- PDF encryption type
- API
- User and group info access
- Allowed IP Ranges
- Account Sharing
- Account sharing permissions
- Agreement sharing controls
- Signer identity verification
- Agreement signing password
- Document password strength
- Block signers by Geolocation
- Phone Authentication
- Knowledge-Based Authentication (KBA)
- Allow page extraction
- Document link expiration
- Upload a client certificate for webhooks/callbacks
- Timestamp
- Send Settings
- Show Send page after login
- Require recipient name when sending
- Lock name values for known users
- Allowed recipient roles
- Allow e-Witnesses
- Recipient groups
- CCs
- Recipient Agreement Access
- Required fields
- Attaching documents
- Field flattening
- Modify Agreements
- Agreement name
- Languages
- Private messages
- Allowed signature types
- Reminders
- Signed document password protection
- Send Agreement Notification through
- Signer identification options
- Content Protection
- Enable Notarize transactions
- Document Expiration
- Preview, position signatures, and add fields
- Signing order
- Liquid mode
- Custom workflow controls
- Upload options for the e-sign page
- Post-sign confirmation URL redirect
- Message Templates
- Bio-Pharma Settings
- Workflow Integration
- Notarization Settings
- Payments Integration
- Signer Messaging
- SAML Settings
- SAML Configuration
- Install Microsoft Active Directory Federation Service
- Install Okta
- Install OneLogin
- Install Oracle Identity Federation
- SAML Configuration
- Data Governance
- Time Stamp Settings
- External Archive
- Account Languages
- Email Settings
- Migrating from echosign.com to adobesign.com
- Configure Options for Recipients
- Guidance for regulatory requirements
- Accessibility
- HIPAA
- GDPR
- 21 CFR part 11 and EudraLex Annex 11
- Healthcare customers
- IVES support
- "Vaulting" agreements
- EU/UK considerations
- Download Agreements in Bulk
- Claim your domain
- Report Abuse links
- System Requirements and Limitations
Send, Sign, and Manage Agreements
- Recipient Options
- Cancel an email reminder
- Options on the e-signing page
- Overview of the e-sign page
- Open to read the agreement without fields
- Decline to sign an agreement
- Delegate signing authority
- Restart the agreement
- Download a PDF of the agreement
- View the agreement history
- View the agreement messages
- Convert from an electronic to a written signature
- Convert from a written to an electronic signature
- Navigate the form fields
- Clear the data from the form fields
- E-sign page magnification and navigation
- Change the language used in the agreement tools and information
- Review the Legal Notices
- Adjust Acrobat Sign Cookie Preferences
- Send Agreements
- Send (Compose) page
- Overview of landmarks and features
- Group selector
- Adding files and templates
- Agreement name
- Global Message
- Completion Deadline
- Reminders
- Password protect the PDF
- Signature type
- Locale for the recipient
- Recipient signature order/flow
- Recipient roles
- Recipient authentication
- Private message for the recipient
- Recipient agreement access
- CC'd parties
- Identity check
- Send an agreement only to yourself
- Send an agreement to others
- Written Signatures
- Recipient signing order
- Send in Bulk
- Send (Compose) page
- Authoring fields into documents
- In-app authoring environment
- Create forms with text tags
- Create forms using Acrobat (AcroForms)
- Fields
- Field types
- Common field types
- E-signature fields
- Initials field
- Recipient name field
- Recipient email field
- Date of signing field
- Text field
- Date field
- Number field
- Checkbox
- Radio button
- Drop-down menu
- Link overlay
- Payment field
- Attachments
- Participation stamp
- Transaction number
- Image
- Company
- Title
- Stamp
- Field content appearance
- Field validations
- Masked fields values
- Setting show/hide conditions
- Calculated fields
- Field types
- Authoring FAQ
- Sign Agreements
- Manage Agreements
- Manage page overview
- Delegate agreements
- Replace Recipients
- Limit Document Visibility
- Cancel an Agreement
- Create new reminders
- Review reminders
- Cancel a reminder
- Access Power Automate flows
- More Actions...
- How search works
- View an agreement
- Create a template from an agreement
- Hide/Unhide agreements from view
- Upload a signed agreement
- Modify a sent agreement's files and fields
- Edit a recipient's authentication method
- Add or modify an expiration date
- Add a Note to the agreement
- Share an individual agreement
- Unshare an agreement
- Download an individual agreement
- Download the individual files of an agreement
- Download the Audit Report of an agreement
- Download the field content of an agreement
- Audit Report
- Reporting and Data exports
- Overview
- Grant users access to reporting
- Report charts
- Data Exports
- Rename a report/export
- Duplicate a report/export
- Schedule a report/export
- Delete a report/export
- Check Transaction Usage
Advanced Agreement Capabilities and Workflows
- Webforms
- Reusable Templates (Library templates)
- Transfer ownership of web forms and library templates
- Power Automate Workflows
- Overview of the Power Automate integration and included entitlements
- Enable the Power Automate integration
- In-Context Actions on the Manage page
- Track Power Automate usage
- Create a new flow (Examples)
- Triggers used for flows
- Importing flows from outside Acrobat Sign
- Manage flows
- Edit flows
- Share flows
- Disable or Enable flows
- Delete flows
- Useful Templates
- Administrator only
- Agreement archival
- Webform agreement archival
- Save completed web form documents to SharePoint Library
- Save completed web form documents to OneDrive for Business
- Save completed documents to Google Drive
- Save completed web form documents to Box
- Agreement data extraction
- Agreement notifications
- Send custom email notifications with your agreement contents and signed agreement
- Get your Adobe Acrobat Sign notifications in a Teams Channel
- Get your Adobe Acrobat Sign notifications in Slack
- Get your Adobe Acrobat Sign notifications in Webex
- Agreement generation
- Generate document from Power App form and Word template, send for signature
- Generate agreement from Word template in OneDrive, and get signature
- Generate agreement for selected Excel row, send for review and signature
- Custom Send workflows
- Share users and agreements
Integrate with other products
- Acrobat Sign integrations overview
- Acrobat Sign for Salesforce
- Acrobat Sign for Microsoft
- Other Integrations
- Partner managed integrations
- How to obtain an integration key
Acrobat Sign Developer
- REST APIs
- Webhooks
- Sandbox
Support and Troubleshooting
The following system requirements apply to Adobe Acrobat Sign (formerly Echosign and Adobe Sign).
Supported Operating Systems
- Microsoft Windows 10 or newer
- MacOS 11 (Big Sur) or newer
Supported Browsers
The latest versions of:
- Safari
- Chrome
- Edge
- Firefox
The Microsoft Edge browser does not natively support 256-bit AES encryption of PDF files. If you are using the Edge browser, please ensure you are running the latest version of Adobe Reader.
Mobile app
Acrobat Sign mobile apps support the most recent released versions of iOS and Android:
- iOS version 15 and above
- Android version 10 and above
Language versions
US English
UK English
French
German
Spanish
Catalan
Basque
Brazilian Portuguese
Portuguese
Japanese
Chinese (Simplified)
Chinese (Traditional)
Korean
Indonesian
Malay
Thai
Vietnamese
Croatian
Czech
Polish
Romanian
Russian
Slovenian
Slovakian
Turkish
Ukrainian
Danish
Dutch
Finnish
Hungarian
Icelandic
Italian
Norwegian
Swedish
Supported document formats
- Adobe PDF (.pdf)
- Microsoft Word (.doc and .docx)
- Microsoft Excel (.xls and .xlsx)
- Microsoft PowerPoint (.ppt and .pptx)
- Text (.txt)
- Rich Text (.rtf)
- Graphics (.tif, .jpg, .jpeg, .gif, .bmp, and .png)
- Web (.htm or .html)
Software required to view a signed document
- Adobe Reader 9.0 or later for documents secured with AES 128-bit encryption or lower
- Adobe Reader 10 or later for documents secured with AES 256-bit encryption
Adobe online services are available only to users 13 and older and require agreement to additional terms and the Adobe Privacy Policy. Online services are not available in all countries or languages, may require user registration, and may be discontinued or modified in whole or in part without notice. Additional fees or subscription charges may apply.
Software required to sign a document
- Electronic signatures: Applied via any supported browser
- Cloud-based digital signatures: Applied via any supported browser
- Digital signatures via “Download and Sign with Acrobat”: Must use Adobe Acrobat or Adobe Acrobat Reader XI v11.0.7 or later
Domains to explicitly allow
Users with restrictive email security will need to explicitly permit inbound email from adobesign@adobesign.com to avoid filtering.
The out-bound email IP ranges for Adobe Acrobat Sign can be found here >
Accounts with restrictive network security will need to explicitly permit Adobe required domain names. The following domains must be allowed to ensure basic functionality:
- adobesign.com
- adobesigncdn.com
- documentcloud.adobe.com (This is required for the Manage and Home pages)
- echosign.com
- echocdn.com
Accounts with very restrictive network security will need to explicitly permit the large lists below
Comprehensive domain name lists (Updated February 27th, 2024)
Customers should first grant access to all of the domains on the Adobe Minimal Allowlist and then allow the Acrobat Sign-specific domains below:
Core Adobe Acrobat Sign
*.adobesign.com
*.adobesigncdn.com
*.echocdn.com
*.echosign.com
acrs.adobe.com
fonts.googleapis.com
fonts.gstatic.com
p.typekit.net
p13n.adobe.io
use.typekit.net
www.adobe.com
Document Cloud
acrobat.adobe.com
cloud.acrobat.com
files.acrobat.com
*.documents.adobe.com
acroipm2.adobe.com
adobesearch-sec-uss.adobe.io
ans.oobesaas.adobe.com
byof.adobe.io
cc-api-behance.adobe.io
cc-api-data.adobe.io
cc-collab.adobe.io
ccext.adobe.io
commerce.adobe.com
dc-api.adobecontent.io
documentcloud.adobe.com
geo.adobe.com
geo2.adobe.com
notify.adobe.io
pdfnow.adobe.io
pgc.adobe.io
prod.acp.adobeoobe.com
send.acrobat.com
server.messaging.adobe.com
ui.messaging.adobe.com
Identity and sign-in
adobeid-na1.services.adobe.com
adobeid.services.adobe.com
auth.services.adobe.com
federatedid-na1.services.adobe.com
na1e-acc.services.adobe.com
acc.adobeoobe.com
accounts.adobe.com
acp-ss-ue1.adobe.io
*.account.adobe.com
api.typekit.com
ars.oobesaas.adobe.com
assets.adobedtm.com
cdn-ffc.oobesaas.adobe.com
data.typekit.net
ffc-static-cdn.oobesaas.adobe.com
fonts.adobe.com
ims-na1.adobelogin.com
ims-prod06.adobelogin.com
ims-prod07.adobelogin.com
lcs-cops.adobe.io
lcs-entitlement.adobe.io
lcs-robs.adobe.io
lcs-ulecs.adobe.io
licensing.adobe.com
lm.licenses.adobe.com
mir-s3-cdn-cf.behance.net
*.onelogin.com
oobe.adobe.com
polka.typekit.com
prod-rel-ffc-ccm.oobesaas.adobe.com
prod.adobeccstatic.com
public.adobecc.com
scss.adobesc.com
sso.behance.net
state.typekit.net
static.adobelogin.com
wwwimages.adobe.com
wwwimages2.adobe.com
CSC provider:
globalsign.time4mind.com
services.time4mind.com
bnkidse.time4mind.com
amazon.time4mind.com
ftn.time4mind.com
adobe.time4mind.com
nemid.time4mind.com
bnkidno.time4mind.com
idin.time4mind.com
amazon.time4mind.com
ress.infocert.it
cloudsign.webnotarius.pl
service.csctest.online
msign.transsped.ro
cloud-ref.sign-me.de
esign.digidentity.eu
cloud.sign-me.de
idp.quovadisglobal.com
sign.prd.itsme.services
s1-server.remotesign.entrust.net
one.ch.digicert.com
wlcsc.worldline-solutions.com
connect.cleverbase.com
qs.prime-sign.com
one.digicert.com
one.nl.digicert.com
core-hermes.zealid.com
csc.universign.com
csc.sk.ee
cscservice.adobe.com
csc.isignet.cn
csc.vida.id
csc.trustpro.eu
cscproxy01.seiko-cybertime.jp
csc-demo.trustpro.eu
uidai.gov.in
api.singpass.gov.sg
Signer authentication using social:
login.yahoo.com
api.twitter.com
facebook.com
Payments Integration:
api.sandbox.braintreegateway.com
origin-analytics-sand.sandbox.braintree-api.com
assets.braintreegateway.com
paypal.com
paypalobjects.com
s3-us-west-2.amazonaws.com
dc-api.adobe.io
Widgets:
app.box.com
login.microsoftonline.com
echosign.zendesk.com
adminconsole.adobe.com
auth.services.adobe.com
Administrative and Help pages (Admin Console and helpx)
adminconsole.adobe.com
bps-il.adobe.io
helpx.adobe.com
video.tv.adobe.com
Acrobat Package downloads from Admin Console
s3.amazonaws.com/tron-ffc-icons-prod/
tron-prod-customized-user-packages.s3.amazonaws.com
Analytics and Tracking
*.aptrinsic.com
js-agent.newrelic.com
cdn.cookielaw.org
geolocation.onetrust.com
ec.walkme.com
sstats.adobe.com
adobe.tt.omtrdc.net
privacyportal.onetrust.com
bam-cell.nr-data.net:443
bam.nr-data.net
cdn.tt.omtrdc.net
adobemobiledev.demdex.net
api.demandbase.com
cm.everesttech.net
*.demdex.net
Integrations:
echosignforsalesforce.com
adobesignforsalesforce.com
Google Login / Drive
*.google.com
*.googleusercontent.com
*.googleapis.com
Microsoft Power Automate
management.azure.com
login.microsoft.com
login.windows.net
login.microsoftonline.com
login.live.com
secure.aadcdn.microsoftonline-p.com
graph.microsoft.com
*.azure-apim.net
*.flow.microsoft.com
*.powerautomate.com
*.powerapps.com
*.azureedge.net
nps.onyx.azure.net
webshell.suite.office.com
*.dynamics.com
go.microsoft.com
download.microsoft.com
Sandbox:
*.adobesignsandbox.com
*.adobesignsandboxcdn.com
*.documentssandbox.adobe.com
*.echocdnsandbox.com
*.echosignsandbox.com
Others:
service.csctest.online
s1-server.remotesign.entrust.net
msign-test.transsped.ro
echosigntestaccount.onelogin.com
Core Adobe Acrobat Sign
gps.na1.adobesign.com
gps.adobesign.com
gps.na1.echosign.com
gps.echosign.com
secure.adobesign.com
secure.na1.adobesign.com
api.na1.adobesign.com
secure.na2.adobesign.com
api.na2.adobesign.com
secure.na3.adobesign.com
api.na3.adobesign.com
secure.na4.adobesign.com
api.na4.adobesign.com
secure.eu1.adobesign.com
api.eu1.adobesign.com
secure.eu2.adobesign.com
api.eu2.adobesign.com
secure.au1.adobesign.com
api.au1.adobesign.com
secure.jp1.adobesign.com
api.jp1.adobesign.com
secure.in1.adobesign.com
api.in1.adobesign.com
svs.na1.adobesign.com
svs.na2.adobesign.com
svs.na3.adobesign.com
svs.na4.adobesign.com
svs.jp1.adobesign.com
svs.au1.adobesign.com
svs.sg1.adobesign.com
svs.in1.adobesign.com
svs.eu1.adobesign.com
svs.eu2.adobesign.com
secure.adobesigncdn.com
static.adobesigncdn.com
secure.na1.adobesigncdn.com
secure.na2.adobesigncdn.com
secure.na3.adobesigncdn.com
secure.na4.adobesigncdn.com
secure.eu1.adobesigncdn.com
secure.eu2.adobesigncdn.com
secure.au1.adobesigncdn.com
secure.jp1.adobesigncdn.com
secure.in1.adobesigncdn.com
secure.echocdn.com
static.echocdn.com
secure.na1.echocdn.com
secure.na2.echocdn.com
secure.na3.echocdn.com
secure.na4.echocdn.com
secure.eu1.echocdn.com
secure.eu2.echocdn.com
secure.au1.echocdn.com
secure.jp1.echocdn.com
secure.in1.echocdn.com
secure.echosign.com
secure.na1.echosign.com
api.na1.echosign.com
secure.na2.echosign.com
api.na2.echosign.com
secure.na3.echosign.com
api.na3.echosign.com
secure.na4.echosign.com
api.na4.echosign.com
secure.eu1.echosign.com
api.eu1.echosign.com
secure.eu2.echosign.com
api.eu2.echosign.com
secure.au1.echosign.com
api.au1.echosign.com
secure.jp1.echosign.com
api.jp1.echosign.com
secure.in1.echosign.com
api.in1.echosign.com
fonts.googleapis.com
fonts.gstatic.com
p.typekit.net
p13n.adobe.io
use.typekit.net
www.adobe.com
Document Cloud
acrobat.adobe.com
acrs.adobe.com
cloud.acrobat.com
files.acrobat.com
na1.documents.adobe.com
api.na1.documents.adobe.com
na2.documents.adobe.com
api.na2.documents.adobe.com
na3.documents.adobe.com
api.na3.documents.adobe.com
na4.documents.adobe.com
api.na4.documents.adobe.com
eu1.documents.adobe.com
api.eu1.documents.adobe.com
eu2.documents.adobe.com
api.eu2.documents.adobe.com
au1.documents.adobe.com
api.au1.documents.adobe.com
jp1.documents.adobe.com
api.jp1.documents.adobe.com
in1.documents.adobe.com
api.in1.documents.adobe.com
acroipm2.adobe.com
adobesearch-sec-uss.adobe.io
ans.oobesaas.adobe.com
byof.adobe.io
cc-api-behance.adobe.io
cc-api-data.adobe.io
cc-collab.adobe.io
ccext.adobe.io
commerce.adobe.com
dc-api.adobecontent.io
documentcloud.adobe.com
geo.adobe.com
geo2.adobe.com
notify.adobe.io
pdfnow.adobe.io
pgc.adobe.io
prod.acp.adobeoobe.com
send.acrobat.com
server.messaging.adobe.com
ui.messaging.adobe.com
Identity and sign-in
adobeid-na1.services.adobe.com
adobeid.services.adobe.com
auth.services.adobe.com
federatedid-na1.services.adobe.com
na1e-acc.services.adobe.com
acc.adobeoobe.com
accounts.adobe.com
acp-ss-ue1.adobe.io
api.account.adobe.com
ids-proxy.account.adobe.com
api.typekit.com
ars.oobesaas.adobe.com
assets.adobedtm.com
cdn.onelogin.com
cdn-ffc.oobesaas.adobe.com
data.typekit.net
ffc-static-cdn.oobesaas.adobe.com
fonts.adobe.com
ims-na1.adobelogin.com
ims-prod06.adobelogin.com
ims-prod07.adobelogin.com
lcs-cops.adobe.io
lcs-entitlement.adobe.io
lcs-robs.adobe.io
lcs-ulecs.adobe.io
licensing.adobe.com
lm.licenses.adobe.com
mir-s3-cdn-cf.behance.net
oobe.adobe.com
polka.typekit.com
portal-cdn.onelogin.com
prod-rel-ffc-ccm.oobesaas.adobe.com
prod.adobeccstatic.com
public.adobecc.com
scss.adobesc.com
sso.behance.net
state.typekit.net
static.adobelogin.com
web-login-v2-cdn.onelogin.com
www.onelogin.com
wwwimages.adobe.com
wwwimages2.adobe.com
Signer authentication using social:
login.yahoo.com
api.twitter.com
facebook.com
CSC provider:
globalsign.time4mind.com
services.time4mind.com
bnkidse.time4mind.com
amazon.time4mind.com
ftn.time4mind.com
adobe.time4mind.com
nemid.time4mind.com
bnkidno.time4mind.com
idin.time4mind.com
amazon.time4mind.com
ress.infocert.it
cloudsign.webnotarius.pl
service.csctest.online
msign.transsped.ro
cloud-ref.sign-me.de
esign.digidentity.eu
cloud.sign-me.de
idp.quovadisglobal.com
sign.prd.itsme.services
s1-server.remotesign.entrust.net
one.ch.digicert.com
wlcsc.worldline-solutions.com
connect.cleverbase.com
qs.prime-sign.com
one.digicert.com
one.nl.digicert.com
core-hermes.zealid.com
csc.universign.com
csc.sk.ee
cscservice.adobe.com
csc.isignet.cn
csc.vida.id
csc.trustpro.eu
cscproxy01.seiko-cybertime.jp
csc-demo.trustpro.eu
uidai.gov.in
api.singpass.gov.sg
Payments Integration:
api.sandbox.braintreegateway.com
origin-analytics-sand.sandbox.braintree-api.com
assets.braintreegateway.com
paypal.com
paypalobjects.com
s3-us-west-2.amazonaws.com
dc-api.adobe.io
Widgets:
app.box.com
login.microsoftonline.com
echosign.zendesk.com
adminconsole.adobe.com
auth.services.adobe.com
Administrative and Help pages (Admin Console and helpx)
adminconsole.adobe.com
bps-il.adobe.io
helpx.adobe.com
video.tv.adobe.com
Acrobat Package downloads from Admin Console
s3.amazonaws.com/tron-ffc-icons-prod/
tron-prod-customized-user-packages.s3.amazonaws.com
Analytics and Tracking
esp.aptrinsic.com
web-sdk.aptrinsic.com
app-be.aptrinsic.com
js-agent.newrelic.com
cdn.cookielaw.org
geolocation.onetrust.com
ec.walkme.com
sstats.adobe.com
adobe.tt.omtrdc.net
privacyportal.onetrust.com
bam-cell.nr-data.net:443
bam.nr-data.net
cdn.tt.omtrdc.net
adobemobiledev.demdex.net
api.demandbase.com
cm.everesttech.net
adobe.demdex.net
adobedc.demdex.net
Integrations:
echosignforsalesforce.com
adobesignforsalesforce.com
Google Login / Drive
accounts.google.com
adservice.google.com
android.clients.google.com
apis.google.com
docs.google.com
lh3.google.com
lh3.googleusercontent.com
lh4.googleusercontent.com
mtalk.google.com
play.google.com
storage.googleapis.com
update.googleapis.com
www.google.com
www.googleapis.com
www-onepick-opensocial.googleusercontent.com
Microsoft Power Automate
management.azure.com
login.microsoft.com
login.windows.net
login.microsoftonline.com
login.live.com
secure.aadcdn.microsoftonline-p.com
graph.microsoft.com
*.azure-apim.net
*.flow.microsoft.com
*.powerautomate.com
*.powerapps.com
*.azureedge.net
nps.onyx.azure.net
webshell.suite.office.com
*.dynamics.com
go.microsoft.com
download.microsoft.com
Sandbox:
gps.echosignsandbox.com
gps.na1.echosignsandbox.com
gps. adobesignsandbox.com
gps.na1.adobesignsandbox.com
secure.adobesignsandbox.com
secure.echosignsandbox.com
secure.na1.adobesignsandbox.com
secure.na1.adobesignsandboxcdn.com
secure.adobesignsandboxcdn.com
api.na1.adobesignsandbox.com
secure.na1.documentssandbox.adobe.com
documentssandbox.adobe.com
na1.documentssandbox.adobe.com
api.na1.documentssandbox.adobe.com
secure.na1.echocdnsandbox.com
secure.echocdnsandbox.com
secure.na1.echosignsandbox.com
api.na1.echosignsandbox.com
Others:
service.csctest.online
s1-server.remotesign.entrust.net
msign-test.transsped.ro
echosigntestaccount.onelogin.com
If your security policy is designed to explicitly allow IP addresses on your network, identify the region in which your account is deployed and add the associated IP ranges to your firewall.
- Ingress addresses (previously referred to as Core addresses) should be applied to all use cases.
- Egress addresses (previously referred to as Webhook and Callback addresses) are only required if using the webhook service or callback URLs. (Both in Production and Sandbox environment.) The webhook and callback services use the same IP addresses.
- Sandbox address only pertains to the entitled Sandbox environment.
Acrobat Sign will deploy a WAF (Web Application Firewall) integration to the Acrobat Sign Production environment in the first half of 2025
This enhancement routes traffic to Acrobat Sign application servers through a WAF infrastructure, improving the service security and robustness. As a result, web service and API frontend servers will no longer use specific fixed IP addresses.
If your network security rules restrict outbound connections based on IP allow lists, this integration with the WAF will make the Acrobat Sign service inaccessible. Therefore, any IP-based restrictions for outbound connections to the Acrobat Sign services must be removed.
Note that this does not affect the IP addresses used by Acrobat Sign servers to connect to your servers for webhooks/callbacks.
Sandbox IP address:
- 52.204.112.48
- 52.205.27.150
- 52.24.229.94
- 52.24.62.165
- 52.25.112.104
- 52.184.233.100
- 52.184.233.96/28
- 52.199.157.146
- 52.211.233.170
- 52.213.27.89
- 52.213.4.207
- 54.64.99.195
- 54.205.20.91
- 4.152.152.80/28
- 4.152.152.112/28
- 4.152.152.160/28
- 4.152.153.16/28
- 4.152.153.64/28
- 4.152.153.224/28
- 4.152.154.0/28
- 4.152.154.48/28
- 4.152.154.80/28
- 4.152.154.96/28
- 4.152.154.176/28
- 4.152.154.224/28
- 4.152.155.64/28
- 4.152.155.96/28
- 20.7.230.176/28
- 20.7.230.192/28
- 20.1.216.176/28
- 20.1.217.128/28
- 20.1.217.224/28
- 20.1.217.240/28
- 20.1.218.0/28
- 20.1.218.16/28
- 20.1.218.64/28
- 20.1.218.80/28
- 20.1.218.192/28
- 20.1.218.208/28
- 20.1.219.0/28
- 20.1.219.16/28
- 20.1.219.32/28
- 20.1.219.48/28
- 20.1.219.96/28
- 20.1.219.112/28
North America:
Core addresses:
- 3.236.206.64/27
- 4.152.91.192/28
- 4.152.91.208/28
- 4.152.91.224/28
- 4.152.91.240/28
- 4.152.92.0/28
- 4.152.92.16/28
- 4.152.92.32/28
- 4.152.92.48/28
- 4.152.92.64/28
- 4.152.92.80/28
- 4.152.92.96/28
- 4.152.92.112/28
- 4.152.92.128/28
- 4.152.92.144/28
- 4.152.92.160/28
- 4.152.92.176/28
- 4.152.210.201
- 20.7.248.208/28
- 20.7.249.0/28
- 20.7.249.16/28
- 20.7.249.64/28
- 20.7.249.80/28
- 20.7.249.128/28
- 20.7.249.144/28
- 20.7.250.112/28
- 20.7.250.128/28
- 20.7.250.144/28
- 20.7.250.96/28
- 20.7.251.0/28
- 20.7.251.112/28
- 20.7.251.16/28
- 20.7.251.32/28
- 20.7.251.96/28
- 20.115.179.0/28
- 20.115.179.48/28
- 20.115.179.112/28
- 20.115.179.128/28
- 20.115.179.160/28
- 20.115.179.176/28
- 20.115.179.192/28
- 20.115.179.224/28
- 20.115.180.32/28
- 20.115.180.48/28
- 20.115.180.64/28
- 20.115.180.80/28
- 20.115.180.96/28
- 20.115.180.112/28
- 20.115.180.192/28
- 20.115.180.224/28
- 40.67.155.147/32
- 40.67.154.249/32
- 40.67.155.185/32
- 40.67.155.112/32
- 44.234.124.128/27
- 52.71.63.224/27
- 52.35.253.64/27
- 52.236.2.148
- 52.250.85.48/28
Webhook/Callback addresses:
- 4.246.0.0/28
- 4.246.0.16/28
- 4.246.0.32/28
- 4.246.0.48/28
- 4.246.0.64/28
- 4.246.0.80/28
- 4.246.0.96/28
- 4.246.0.112/28
- 4.246.0.128/28
- 4.246.0.144/28
- 20.36.220.138
- 20.36.222.77
- 20.94.104.176/28
- 20.94.104.240/28
- 20.94.105.160/28
- 20.94.105.208/28
- 20.94.105.240/28
- 20.94.105.32/28
- 20.94.105.96/28
- 20.94.106.16/28
- 20.94.106.160/28
- 20.94.106.176/28
- 20.94.106.192/28
- 20.94.106.208/28
- 20.94.106.224/28
- 20.94.106.240/28
- 20.94.107.176/28
- 20.94.107.96/28
- 20.115.199.160/28
- 20.115.199.176/28
- 20.115.199.192/28
- 20.115.199.208/28
- 20.115.199.224/28
- 20.115.199.240/28
- 34.214.40.128
- 35.162.126.140
- 44.212.163.32
- 52.1.219.111
- 52.33.110.59
- 52.36.18.134
- 52.36.239.65
- 52.37.6.204
- 52.44.57.50
- 52.73.234.82
- 54.161.158.12
- 100.25.241.25
Europe:
Core addresses:
- 4.175.107.32/28
- 4.175.108.80/28
- 4.175.110.0/28
- 4.175.111.0/28
- 4.208.52.80/28
- 4.208.52.96/28
- 4.208.52.112/28
- 4.208.52.160/28
- 4.208.53.48/28
- 4.208.53.64/28
- 4.208.53.80/28
- 4.208.53.96/28
- 4.208.53.112/28
- 4.208.53.128/28
- 4.208.53.144/28
- 4.208.53.160/28
- 4.208.53.176/28
- 4.208.53.192/28
- 4.208.53.208/28
- 4.208.53.224/28
- 20.56.238.208/28
- 20.56.239.128/28
- 20.56.239.96/28
- 20.61.137.144/28
- 20.61.139.192/28
- 20.61.140.128/28
- 20.61.140.144/28
- 20.61.140.224/28
- 20.61.140.240/28
- 20.61.140.48/28
- 20.61.141.0/28
- 51.105.155.160/28
- 51.105.221.160/27
- 51.105.221.164
- 51.145.184.32/28
- 51.145.186.160/28
- 51.145.190.176/28
- 51.145.190.192/28
- 52.48.127.160/27
- 52.58.63.192/27
- 52.236.2.144/28
- 52.236.2.148
- 108.141.8.0/28
- 108.141.9.0/28
- 108.141.9.112/28
- 108.141.9.128/28
- 108.141.9.144/28
- 108.141.9.160/28
- 108.141.9.176/28
- 108.141.9.192/28
- 108.141.9.208/28
- 108.141.9.224/28
- 108.141.9.240/28
- 108.141.10.0/28
Webhook/Callback addresses:
- 3.66.122.19
- 3.77.229.112
- 3.79.169.198
- 4.207.3.96/28
- 4.207.4.160/28
- 4.208.68.176/28
- 4.208.68.208/28
- 4.208.68.224/28
- 4.208.69.64/28
- 4.208.75.176/28
- 4.208.75.80/28
- 4.208.79.192/28
- 4.208.79.208/28
- 4.245.45.176/28
- 4.245.45.192/28
- 4.245.45.208/28
- 4.245.45.224/28
- 4.245.45.240/28
- 4.245.46.128/28
- 4.245.85.80/28
- 20.23.101.224/28
- 20.31.209.192/28
- 20.31.209.240/28
- 20.31.210.16/28
- 20.31.210.48/28
- 20.50.247.192/28
- 20.50.247.208/28
- 20.54.200.16/28
- 20.54.201.96/28
- 20.105.66.176/28
- 20.166.106.144/28
- 20.166.107.112/28
- 20.166.107.240/28
- 20.166.107.32/28
- 34.249.199.85
- 34.249.201.52
- 34.249.204.33
- 35.156.67.184
- 35.157.85.76
- 40.74.45.150
- 40.127.244.64/28
- 51.105.176.127
- 52.215.99.205
- 54.217.241.182
- 54.246.37.130
Japan:
Core addresses:
- 52.196.191.224/27
Webhook/Callback addresses:
- 13.112.55.30
- 13.112.107.255
- 35.79.243.232
- 52.198.1.183
- 52.195.144.38
Australia:
Core addresses:
- 52.65.255.192/27
Webhook/Callback addresses:
- 3.24.56.173
- 3.105.122.20
- 13.55.59.190
- 13.55.147.165
- 13.55.162.104
- 13.238.64.177
Singapore:
Core addresses:
- 20.205.219.224/28
- 20.205.220.112/28
- 20.205.220.80/28
- 20.205.220.96/28
- 20.205.222.128/28
- 20.205.223.224/28
- 20.205.223.240/28
- 20.247.200.240/28
- 20.247.201.240/28
- 20.247.202.48/28
- 20.247.202.112/28
- 20.247.202.128/28
- 20.247.202.160/28
- 20.247.202.240/28
- 20.247.203.0/28
- 20.247.203.32/28
- 20.247.203.64/28
- 20.247.203.112/28
- 20.247.203.208/28
- 20.247.203.224/28
- 20.247.204.0/28
- 20.247.204.112/28
- 20.247.204.128/28
- 20.247.204.144/28
- 20.247.204.16/28
- 20.247.204.176/28
- 20.247.204.224/28
- 20.247.204.240/28
- 20.247.205.0/28
- 20.247.205.64/28
- 20.247.205.80/28
- 20.247.205.96/28
- 40.119.212.48/28
- 40.119.212.52
Webhook/Callback addresses:
- 4.144.129.160/28
- 4.144.129.176/28
- 4.144.130.192/28
- 4.144.130.96/28
- 4.144.131.0/28
- 4.144.131.112/28
- 4.144.131.144/28
- 4.144.131.16/28
- 4.144.131.32/28
- 4.144.131.48/28
- 4.144.131.64/28
- 4.144.131.80/28
- 4.144.131.96/28
- 4.144.132.16/28
- 4.144.132.80/28
- 20.6.7.240/28
- 20.197.104.9
- 20.197.104.124
India:
Core addresses:
- 13.126.23.0/27
Webhook/Callback addresses:
- 3.6.197.59
- 13.126.189.196
- 13.200.122.115
- 35.154.72.83
- 35.154.248.184
If you have IP restrictions configured under the Security Settings tab in your Acrobat Sign account, we will allow logins only from those IPs. For more information, refer to this documentation.
IP ranges for outbound mail relays
If your organization explicitly lists IP addresses to control connection to your inbound mail servers, add the following IP addresses to your allowed list of IP ranges:
- 40.65.170.152/30
- 40.67.157.141/32
- 40.67.154.24/32
- 40.67.158.131/32
51.105.221.64/30
- 52.205.63.172/30
- 52.41.255.236/30
- 52.149.27.228/30
- 52.208.255.252/30
- 52.236.0.204/30
- 52.59.244.0/30
- 52.197.127.252/30
- 52.65.63.248/30
- 13.126.23.32/30
Transport Layer Security (TLS) is the most widely deployed security protocol used today for Web browsers and other applications that require data to be securely exchanged over a network. Connections to Acrobat Sign require the use of TLS 1.2 and support for at least one of the cipher suites below. These requirements apply both to inbound traffic to Acrobat Sign servers (browsers, API) and outbound traffic from Acrobat Sign servers to customer servers (API callbacks used for retrieving agreement source documents, returning status, and webhooks).
For browsers: as long as you adhere to the OS/Browser requirements, you should have no browser-related issues. All these OS/browsers are fully compliant with our TLS requirements.
For applications using the Acrobat Sign API, these frameworks support TLS 1.2:
- Java: use Java 8 or later
- .NET: use .NET 4.6 or later
- OpenSSL: use OpenSSL 1.0.1 or later
For servers used to receive callbacks or webhook requests from Acrobat Sign:
- Support TLS 1.2 and at least one of the cipher suites listed below
- Have a valid TLS certificate, and include all intermediate certificates.
Customers who wish to test that their server is compliant can use a variety of free or commercial tools, including the Qualys SSLLabs Server Test, to ensure that their server accepts TLSv1.2, supports at least one of the cipher suites below, and has a valid certificate.
TLS Cipher Suites Supported:
IANA Name | OpenSSL Name |
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 | ECDHE-ECDSA-AES128-GCM-SHA256 |
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | ECDHE-RSA-AES128-GCM-SHA256 |
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | ECDHE-ECDSA-AES256-GCM-SHA384 |
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | ECDHE-RSA-AES256-GCM-SHA384 |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | ECDHE-ECDSA-AES128-SHA256 |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | ECDHE-RSA-AES128-SHA256 |
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 | ECDHE-ECDSA-AES256-SHA384 |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 | ECDHE-RSA-AES256-SHA384 |