Okta

How to Configure SAML 2.0 for Adobe Sign


Read this before you enable SAML

Customer accounts that are currently configured on the echosign.com domain will be migrated to adobesign.com in 2021.

If you already have an existing instance of Adobe Sign in your Okta tenant that uses the echosign.com domain and would like to use the adobesign.com domain, update the value for your Adobe Sign domain field in your Adobe Sign instance. Make sure to enter a value that follows the following format: acme.environment.adobesign.com.

    Contents


    Supported Features

    The Okta/AdobeSign SAML integration currently supports the following features:

    For more information on the listed features, visit the Okta Glossary.


    Configuration Steps

    Note: Adobe Sign SAML app requires that you claim your Adobe domain in order to be able to enable Single Sign On for the instance. See Adobe Sign Domain Claiming for more information.

    1. Login to Adobe Sign as an administrator.

    2. Navigate Account > Account Settings > SAML Settings:

      adobesign_new_1.png

    3. For SAML Mode, choose either SAML Allowed or SAML Mandatory.

      Note: If you choose SAML Mandatory, select the Allow Adobe Sign Account Administrators to log in using their Adobe Sign Credentials checkbox. You will still be able to login with an admin account here: Adobe Sign.

    4. Enter a dedicated Hostname value.

      The Hostname is your Adobe domain name. When entered, your hostname becomes part of the Assertion Consumer URL, the Single Log Out (SLO) URL, and Single Sign-On (Login) URL.

    5. In the User Creation section:

      1. Check the Automatically add users authenticated through SAML checkbox in order to enable SAML-based provisioning.

      2. Optional: Check the Automatically make pending users in my account active checkbox.

      adobesign_new_2.png

    6. In the Identity Provider (IdP) Configuration section, enter the following:

      1. Entity ID/Issuer URL: Copy and paste the following:

        Sign in to the Okta Admin app to generate this variable.

      2. Login URL/SSO Endpoint: Copy and paste the following:

        Sign in to the Okta Admin app to generate this variable.

      3. Logout URL/SLO Endpoint: Copy and paste the following:

        Sign in to the Okta Admin app to generate this variable.

      4. IdP Certificate: Copy and paste the following:

        Sign in to the Okta Admin app to generate this variable.
    7. In the Adobe Sign SAML Service Provider (SP) Information section save the domain value from the Assertion Consumer URL.

      For example if your Assertion Consumer URL is https://acme.echosign.com/public/samlConsume, you need to save acme.adobesign.com value.

    8. Click Save.

    9. adobesign_new_3.png

    10. Done!


    Notes

    Make sure that you entered the correct value in the Your Adobe Sign domain field under the General tab in Okta. Using the wrong value will prevent you from authenticating via SAML to Adobe Sign.

    SP-initiated SSO

    CASE 1: SAML Mode is SAML Mandatory:

    Open your login URL: https://[yourDomain]/


    CASE 2: SAML Mode is SAML Allowed:

    1. Open your login URL: https://[yourDomain]/

    2. Click Sign In using your corporate credentials:

    3. adobesign_new_4.png