User Guide Cancel

Acrobat Sign for Salesforce: Configure the package

  1. Adobe Acrobat Sign Integrations
  2. What's New
  3. Product Versions and Lifecycle
  4. Acrobat Sign for Salesforce
    1. Install the Package
    2. Configure the Package
    3. User Guide
    4. Enable Digital Authentication
    5. Developer Guide
    6. Advanced Customization Guide
    7. Field Mapping and Templates Guide
    8. Mobile App User Guide
    9. Flows Automation Guide
    10. Document Builder Guide
    11. Configure Large Documents
    12. Upgrade Guide
    13. Release Notes
    14. FAQs
    15. Troubleshooting Guide
    16. Additional Articles
  5. Acrobat Sign for Microsoft
    1. Acrobat Sign for Microsoft 365
      1. Installation Guide
    2. Acrobat Sign for Outlook
      1. User Guide
    3. Acrobat Sign for Word/PowerPoint
      1. User Guide
    4. Acrobat Sign for Teams
      1. User Guide
      2. Live Sign Guide
      3. Mobile User Guide
      4. Release Notes
      5. Microsoft Teams Approvals
    5. Acrobat Sign for Microsoft PowerApps and Power Automate
      1. User Guide
      2. Release Notes
    6. Acrobat Sign Connector for Microsoft Search
      1. User Guide
      2. Release Notes
    7. Acrobat Sign for Microsoft Dynamics 
      1. Overview
      2. Dynamics Online: Installation Guide 
      3. Dynamics Online: User Guide 
      4. Dynamics On-Prem: Installation Guide 
      5. Dynamics On-Prem: User Guide
      6. Dynamics Workflow Guide
      7. Dynamics 365 for Talent
      8. Upgrade Guide
      9. Release Notes
    8. Acrobat Sign for Microsoft SharePoint 
      1. Overview
      2. SharePoint On-Prem: Installation Guide
      3. SharePoint On-Prem: Template Mapping Guide
      4. SharePoint On-Prem: User Guide
      5. SharePoint On-Prem: Release Notes
      6. SharePoint Online: Installation Guide
      7. SharePoint Online: Template Mapping Guide
      8. SharePoint Online: User Guide
      9. SharePoint Online: Web Form Mapping Guide
      10. SharePoint Online: Release Notes
  6. Acrobat Sign for ServiceNow
    1. Overview
    2. Installation Guide
    3. User Guide
    4. Release Notes
  7. Acrobat Sign for HR ServiceNow
    1. Installation Guide (Deprecated)
  8. Acrobat Sign for SAP SuccessFactors
    1. Cockpit Installation Guide (Deprecated)
    2. Recruiting Installation Guide (Deprecated)
    3. Recruiting User Guide
    4. Cloud Foundry Installation Guide
    5. Release Notes
  9. Acrobat Sign for Workday
    1. Installation Guide
    2. Quick Start Guide
    3. Configuration Tutorial
  10. Acrobat Sign for NetSuite
    1. Installation Guide
    2. Release Notes
  11. Acrobat Sign for SugarCRM
  12. Acrobat Sign for VeevaVault
    1. Installation Guide
    2. User Guide
    3. Upgrade Guide
    4. Release Notes
  13. Acrobat Sign for Coupa BSM Suite
    1. Installation Guide
  14. Acrobat Sign Developer Documentation
    1. Overview
    2. Webhooks
    3. Text Tags

Overview

Welcome to the comprehensive guide on configuring the 'Acrobat Sign for Salesforce package. This document provides step-by-step instructions to seamlessly set up and enhance the integration between Adobe Acrobat Sign and Salesforce. Using the powerful capabilities of both platforms, you can streamline your document signing processes and enhance your productivity.

Adobe Acrobat Sign allows for a wide array of optional configuration options to elevate your e-signing experience. Refer to the following topics to learn how to:

To learn about the optional and valuable configurations, refer to the Advanced Configuration guide.

Control Adobe Acrobat Sign access

The custom objects included in the Adobe Acrobat Sign for Salesforce package have a default access level of "Private" at the organization level. This default setting is implemented to ensure adherence to Salesforce Security guidelines and maintain proper security levels.

As an administrator, it is essential to thoroughly read and understand Salesforce's Record Level Sharing and other permission models

If your business requirements demand a less restrictive environment, you have the option to make adjustments. Here's how you can achieve that:

  1. Go to Setup > Security > Sharing Settings.
  2. Edit the sharing permission for the objects according to your requirements, setting it to Public Read/Write if needed.
  3. Select Save.

By changing the objects to "Public" access, all authenticated users can view and edit the records. However, instead of modifying the Organization-wide default, we recommend utilizing other mechanisms such as role hierarchy, groups, profile permissions, and permission sets to achieve your desired access control.

These alternative methods provide more granular control over record access, ensuring a well-structured and secure environment within your Salesforce instance.

Enable Salesforce settings

The following settings are not specific to the Acrobat Sign for Salesforce application, but they are resources that are utilized by it:

  • Application Vulnerable to Clickjacking
  • HttpOnly Attribute Not Set on Sensitive Cookies
  • HTTPS Strict Transport Security (HSTS) Not Enforced

It's important to note that any modifications made to these settings will impact the entire organization, including other applications installed in the org, as well as custom code. As a result, Adobe Acrobat Sign does not want to override the settings configured by the administrator.

But we highly recommend enabling these settings for the following reasons:

Clickjacking attacks typically use a combination of stylesheets, iframes, and form elements to convince a targeted user that they are interacting with an innocuous page when instead, they are typing into or clicking on an invisible frame controlled by an attacker.

A successful clickjacking attack could circumvent cross-site request forgery (CSRF) protections that attempt to confirm transactions with the user, resulting in an unwanted transaction.

This can be prevented by modifying session security settings and enabling:

  • Enable clickjack protection for Setup pages
  • Enable clickjack protection for non-Setup Salesforce pages
  • Enable clickjack protection for customer Visualforce pages with standard headers
  • Enable clickjack protection for customer Visualforce pages with headers disabled

https://developer.salesforce.com/docs/atlas.en-us.securityImplGuide.meta/securityImplGuide/admin_sessions.htm#SLS_s1

Without the HttpOnly attribute set on a cookie, an attacker can use client-side JavaScript for a cross-site scripting attack and capture the cookie's value via the injected script.

Note that the restrictions imposed by the HttpOnly attribute can potentially be circumvented in some circumstances and that numerous other serious attacks can be delivered by the client-side script injection, aside from simple cookie stealing.

You can prevent this threat by modifying session security settings and enabling Require HttpOnly attribute.

https://developer.salesforce.com/docs/atlas.en-us.securityImplGuide.meta/securityImplGuide/admin_sessions.htm#SLS_s1

This setting commands the web client (i.e., browser) to ensure that all subsequent requests are forced to use HTTPS, thereby helping prevent man-in-the-middle attacks that can occur if the user or application ever initiates any HTTP requests.

Enable HSTS for Sites and Communities.

https://developer.salesforce.com/docs/atlas.en-us.securityImplGuide.meta/securityImplGuide/admin_sessions.htm#SLS_s1

 

Link to Acrobat Sign Sandbox environment 

The Acrobat Sign for Salesforce package has been updated to include support for the Acrobat Sign Sandbox environment. This enhancement allows administrators to test package configurations and workflows before deploying them in production.

Contact your customer success manager if your organization can't access Acrobat Sign Sandbox.

To link to the Acrobat Sign Sandbox environment:

  1. On the Setup page, go to Custom Settings

  2. From the list of custom settings, locate Adobe Sign Environment Settings and select Manage for the listing.

  3. On the Manage custom settings page, select Edit.

  4. In the Environment Name field, enter 'Sandbox' and select Save.

    Admins can now connect to the Sandbox environment. Once done, the Acrobat Sign Admin tab, Agreements, and Agreements Template page displays a Sandbox banner, as shown in the image. The Acrobat Sign Sandbox environment also supports Document Builder.

    sandbox-banner
    Acrobat Sign Sandbox environment displays a banner.

Add 'Agreements' Object to Page Layouts

You can improve the usability of Adobe Acrobat Sign by adding the Agreement object to the page layouts. Users need to interact with the Agreements object most when sending documents for signature.

  1. Go to the Adobe Acrobat Sign Admin tab and select Send for Signature Components.

  2. On the dialog that appears, select a page layout that you want to modify from the given options: Account, Opportunity, Contract, Lead, and Contact.  

    add-send-for-sginature-component

  3. From the left panel of the object page that appears, select Page Layouts.

  4. Select the page layout that you want to edit.

  5. From the left panel, select Related Lists, then drag and drop the Agreements object to the desired place on the page layout.

    opportunity-drag-agreements

  6. Select Save.

    Opportunity view with Agreement

    With the Agreement object in place, you can see all agreements related to the Salesforce object, or send new agreements directly from the relevant record.

Enable Delegator Roles for Recipients

Note:

Delegator roles are only supported in the Lightning environment

The Delegator roles are a placeholder for the situations where you know someone will have to interact with the agreement, but you can’t determine who that will be at the time you are sending the agreement.  The Delegator is not expected to act, so no fields are available to them when they receive the document.  Once they have delegated the agreement, the delegatee will have full access to all of the fields designated for their access.

There are delegator options for all five of the standard roles (signer, approver, acceptor, form filler, and certified recipient).

To enable the Delegator roles:

  1. Navigate to Setup > Platform Tools > Custom Code > Custom Settings.

  2. On the Custom Settings page, select Adobe Sign Settings.

    custom-settings

  3. On the Adobe Sign Settings page, select Manage.

    custom-settings-manage

  4. Select New (or Edit, if you have configured settings before).

  5. Select the checkboxes for values you want to adjust with the “Find” function (cmd/ctrl + f):

    • Enable Delegate Acceptor Role - Needed when you want to delegate an Acceptor role.
    • Enable Delegate Certified Recipient Role - Needed when you plan to delegate a certified recipient.
    • Enable Delegate Form Filler Role - Used when you have to delegate a Form Filler role.
    • Enable Recipient Delegate Approver Role – Needed when you plan to delegate to Approvers.
    • Enable Recipient Delegate Signer Role – Needed when you are going to delegate to Signers.
    edit-custom-settings

  6. Select Save.

Add 'Agreements' to other Salesforce Objects

You may associate Adobe Acrobat Sign Agreements with Salesforce objects of your choosing (standard or custom objects). This enables you to create Agreements that are linked to those objects and shows all the related Agreements on that object’s page.

Follow the steps below to associate Agreements with an object:

  1. Navigate to Setup > Platform Tools > Objects and Fields > Object Manager.

  2. Select Agreement.

  3. From the lef panel, select Fields & Relationships.

  4. Select New.

  5. In Step 1. Choose the field type, select Lookup Relationship, then select Next

    Select Lookup Relationship

  6. In Step 2. Choose the related object, select your object (Order in this example) from the drop-down, then select Next.

  7. In Step 3. Enter the label and name for the lookup field, enter a Field Name and select Next.  

  8. In Step 4 and Step 5, select Next.

  9. In Step 6. Add custom related lists, ensure that the Add Related List option is enabled then select Save.

Enable advanced identity authentication methods

Legally, authenticating to an email account (and thus the signing URL on the email) is sufficient to capture a binding signature. However, in many cases, a second-factor authentication for the signer’s identity is desired.

Adobe Acrobat Sign provides the following second-factor identity verification methods (US-based customers have five options when KBA is included):

  • Password (enabled by default) —Recipients enter a password to view and sign the agreement. Password must be separately communicated to the recipients. Enabled by Default
  • Phone Authentication—Recipients are sent an automated text (SMS) message or phone call with the required code. It has a per-transaction cost involved. The setting is disabled by default.
  • Government ID Authentication - Recipients submit an image of a passport or government-issued ID/Driver's License. It has a per-transaction cost involved. The setting is disabled by default and must be enabled by your success manager in the Acrobat Sign system.
  • Knowledge-Based Authentication—Recipients answer questions taken from publically accessible databases to verify their identity. It has a per-transaction cost involved. The setting is applicable only for US-based users and is disabled by default.

You can enforce the same authentication method for all signers or set a per-recipient verification.

You can also specify different authentication methods for internal recipients (whose email address is included in your Acrobat Sign account) and for external recipients (whose email address is not included in your Acrobat Sign account).

Note: Since Phone, KBA, and Government ID authentications involve a per-transaction cost, they should be enabled only if the contract permits their usage.

  1. Log in to Adobe Acrobat Sign with your Account Administrator userID.

  2. Navigate to Account Settings > Send Settings > Signer Identification Options.

    Identity authentication methods

  3. Check the options you want to enable.

  4. Select Save.

Customers who enable second-factor verification may prefer to activate distinct signer identity methods to avoid excessive challenges for their internal signers.

The configurable settings for these methods can be found in the same location.

  1. Log in to Adobe Acrobat Sign with your Account Administrator userID.

  2. Navigate to Account Settings > Send Settings > Identity Authentication for Internal Recipients.

  3. Select Enable different identity authentication methods for internal recipients.

  4. Check the verification options you want to allow for internal signers.

  5. Select Save.

  1. Navigate to Setup > Platform Tools > Custom Code > Custom Settings.

  2. On the Custom Settings page, select Adobe Sign Settings.

    custom-settings

  3. Select Manage.

    custom-settings-manage

  4. Select New (or Edit).

  5. Find the values you need to adjust using the “Find” function (cmd/ctrl + f).

    Method

    Setting

    Default

    Password

    Hide Signing Password

    Disabled

    Phone

    Enable Phone Authentication

    Disabled

    KBA

    Disable Knowledge Based

    Enabled

    Government ID

    Enable Government ID Authentication

    Disabled

  6. To mandate the recipient name for KBA authentication for all agreements, you can enable the 'KBA Recipient Name Required' custom setting, as shown below.

    kba-recipient-name-setting

    Once you enable this setting and select KBA as the signer verification method, the "Recipient name required" checkbox is automatically checked and disabled in the "Identity Verification" dialog.

    kba-recipient-name

  7. Once you've made the changes, select Save

  1. Navigate to Setup > Platform Tools > Custom Code > Custom Settings.

  2. On the Custom Settings page, select Adobe Sign Settings.

    custom-settings-page

  3. Select Manage.

    custom-settings-manage

  4. Select New (or Edit).

    It loads the Adobe Sign Settings page.

  5. Find the values you need to adjust:

    • Enable Separate Signer Identity Methods— Select the checkbox if you want to enable different identity verification methods for recipients within your organization and for recipients outside your organization.
      For example, you can require that a customer be verified with Knowledge Based Identity before signing the document but require that your sales manager provide no second-factor verification.
    • Enable Per Signer Identity Verification—Enable this setting to allow each signer to have a different identity verification method, such as password, phone, KBA, or Government ID.

    If you enable both Separate and Per Signer methods, the Per Signer Identify Verification setting is observed.

  6. Select Save.

Grant access to additional profiles

During installation, you may have only granted Administrators access to Adobe Acrobat Sign for Salesforce.

To extend access to additional user profiles, refer to Adobe Acrobat Sign for Salesforce: Granting Profile Access.

Update email address or password

Change Admin account password

If the Salesforce password or username has changed for the account linked to Adobe Acrobat Sign for your Salesforce Org, remember to update it so that status updates continue to work appropriately for agreements in your Org.

  1. Navigate to the Adobe Acrobat Sign Admin page and select Enable Automatic Status Updates.
  2. Select Enable.
  3. When prompted, allow access to Adobe Acrobat Sign.
enable-automatic-status-updates

Update user email addresses in Adobe Acrobat Sign

If a user in your Salesforce organization has an email address change, that user’s email address must also be changed in Adobe Acrobat Sign.

Acrobat Sign users can change their own email addresses. See how to change email address in Acrobat Sign.

Acrobat Sign account administrators can also change the email addresses of users using the bulk update feature. See how to make bulk updates in Acrobat Sign.

Enable/Disable analytics collection (For commercial cloud only)

An optional Analytics setting is implemented to allow Adobe Acrobat Sign to collect usage data to improve the product. This data is used only for development and not for marketing purposes.

Note that:

  • The analytics setting is enabled by default for most customers.
  • The analytics setting is disabled by default for customers in Canada and the European Union.
  • You can disable/enable the analytics setting by selecting Analytics Settings on the Adobe Acrobat Sign Admin tab.
  • Only Commercial Cloud users can disable or enable the analytics setting. The functionality is not available for Government Cloud.
analytics-settings

Get help faster and easier

New user?