User Guide Cancel

Acrobat Sign for Government Administrator Processes Overview

  1. Welcome to Adobe Acrobat Sign for Government
    1. First steps for new accounts
    2. Claiming an email domains
    3. Connecting Okta to a federated identity solution
    4. Manually create/edit users in Okta
      1. Creating individual users manually
      2. Creating multiple users via CSV import
      3. Add or Remove a group from a user profile
      4. Elevating a user to Account/Privacy administrator status
      5. Changing your Okta password
  2. Configure Acrobat Sign
    1. Configuration Overview
    2. System requirements
    3. Branding
      1. Company and Hostname
      2. Logos
      3. Email header/footer images
    4. User access to features
    5. User experience within the application
      1. Allowed Signature types
      2. Signature order options
      3. Self Signing workflows
    6. Recipient experience when interacting with agreements
    7. Transaction security
    8. Compliance information
      1. GDPR
      2. HIPAA
      3. eVaulting Chattle paper
      4. IVES
  3. Administrator processes
    1. Admin guide overview
    2. Users
      1. Manage users in the Gov CloudCreating users
      2. Add users to a group
      3. Remove a user from group membership
      4. Update users in bulk
      5. Users in Multiple Groups (UMG)
        1. Overview
        2. Differences in UMG enabled accounts
    3. Groups
      1. Create a group
      2. Delete a group
      3. Modify a group name
      4. Modify group-level settings
    4. Templates
      1. Edit shared templates
      2. Transfer template ownership
    5. Custom workflow designer
      1. Create a custom workflow
    6. GDPR deletion processes
      1. Delete a user
      2. Delete agreements
    7. Sandbox
  4. User environment and processes
    1. Support resources
    2. Transaction limits
    3. Page layouts
      1. Home page
      2. Send page
      3. Manage page
      4. Reports page
    4. Configure your profile
      1. "My Profile" overview
      2. Change your email address
      3. Define your signature
      4. Configure your event and alert notifications
      5. Define your language preferences
      6. Define your personal email footer
      7. Review account sharing
      8. Configure auto delegation
    5. Send agreements
      1. Compose an agreement to send for signature
      2. Recipient signing order
        1. Sequential or parallel signing
        2. Hybrid signing (Both sequential and parallel)
        3. Recipient groups
      3. Written signatures
      4. Send an agreement to yourself only
      5. Send in Bulk
      6. Sending from a template on the Manage page
      7. Sign agreements
      8. Fill and Sign a document
      9. Self Signing
      10. Signing a document from an email link
      11. Sign a document from the Manage page
    6. Custom workflow designer
      1. Overview
      2. Create a new sending workflow
      3. Edit a sending workflow
      4. Activate/Deactivate a workflow
      5. Send agreements using a workflow
    7. Manage agreements
      1. Search for agreements
      2. View Agreements
      3. Activity history and Audit Report
      4. Add a note to an agreement
      5. Set a reminder
      6. Cancel a reminder
      7. Add an expiration date
      8. Modify/Delete an expiration date
      9. Modify the files of a sent agreement
      10. Replace the current recipient
      11. Upload a signed agreement
      12. Share an individual agreement
      13. Download an agreement
      14. Download the individual files of an agreement
      15. Download the audit report
      16. Download the signer identity report
      17. Download the field data from an agreement
      18. Cancel an agreement
      19. Hide an agreement from view
    8. Reporting
      1. Create a report with classic reporting
      2. Report charts and data exports
        1. Overview
        2. User permissions for report charts and exports
      3. Data Exports
        1. Create a data export
        2. Open and edit a data export
        3. Refresh the data in an existing export
        4. Download the CSV from a data export
      4. Report Charts
        1. Create a report chart
        2. Open and edit a report chart
        3. Rename a data export/report chart
        4. Duplicate a data export/report chart
        5. Delete a data export/report chart
    9. API
      1. API Swagger documentation
      2. Webhooks

Welcome to Adobe Acrobat Sign for Government

The Acrobat Sign environment for government use is engineered to be FedRAMP Moderate compliant and has significant changes from the commercially available environments. For this reason, it is strongly recommended that administrators setting up a new account in this environment read the below overview, even if you are familiar with previous Acrobat Sign trials or production accounts.

To provide for a FedRAMP Moderate compliant authentication portal, Adobe has partnered with Okta, a leader in the Identity as a Service space. Okta is used as the user management system, gating access to Acrobat Sign. All users must be provisioned in Okta before their userID can be provisioned in Acrobat Sign. Customers can elect to use Okta as their stand-alone authentication service or configure their existing directory service/SAML 2.0. compliant identity provider to manage user identity.

Once Adobe provisions the account, the first administrator receives an email from Okta that includes a one-use activation link to the account's Okta portal and the domain-claiming token needed to provision users on the Acrobat Sign system.

It is recommended that upon receiving this email, the following six steps be taken as soon as possible:

  1. Use the one-time activation link to log in to the Okta system and set your password. The link expires in seven days, and if the password isn't set in that time, the account will need to be reprovisioned.
    • Bookmark the Okta portal when you authenticate. Your Okta portal URL is unique for your account, not a general access portal that you can discover in public documentation.
  2. Contact your network administrators and start the process of claiming your domains. The environment is designed to prevent creating users with email addresses in domains that are not explicitly claimed by the account. The domain claiming process can take longer than you might expect, so starting early is recommended.
  3. Create a second administrator in the Okta system manually. Don't risk having something happen to the first admin that locks the system in a way that requires the account to be reprovisioned. Don't invest a lot of time in making users manually. They can't be provisioned in Acrobat Sign until the domains are fully claimed, and you are better served by hooking your directory or identity system into the Okta system (step 5 below).
  4. Review the system requirements, particularly the network configurations. If you have significant network security, you should get your network administrators in the loop as soon as possible to ensure that you can properly connect and function in the Acrobat Sign environment.
  5. Connect your directory or SAML 2.0 compliant identity provider to the Okta user management system.
  6. Start configuring the account level of the Acrobat Sign system. Keep in mind that property inheritance passes from Account to Group to Users/Agreements. Configuring the account level seeds those values into all subsequently created groups. Consider the two most common philosophies when defining the account-level settings:
    • Configure the most common use case, minimizing the amount of group-level configuration required.
    • Configure for the most stringent security requirements, safeguarding against missed setting options, and force an explicit weakening of the safeguards at the group level.

Also worth considering is defining default values where you can and reducing the number of options for users to select from. This will reduce questions about features you don't intend to use and streamline training.

Caution:

A word of caution around adding users early.

The process of creating a user in Acrobat Sign is triggered by adding the “Adobe Sign” group to a user in Okta. <Insert URL for instructions>

The first thing the process checks is the domain of the email against the list of claimed domains for the account.

  • If the domain isn't listed as claimed in the account, the user isn't created in Acrobat Sign. However, it is active in Okta, with the group assigned, giving the appearance of a created user.
  • If the domain is later claimed, the user will not automatically be provisioned because the trigger is the action of adding the group. An admin would have to remove the group and re-add it to each impacted user to start the provisioning process.

Once the email domains are claimed, you can link your directory/IdP to Okta or manually add users as you wish, and the users should be created without issue.