Adobe Sign. Enabling Single Sign-On with SAML Reference Guide



Similar documents
LogMeIn Rescue Web SSO via SAML 2.0 Configuration Guide

FINRA Regulation Filing Application Batch Submissions

ISAM TO SQL MIGRATION IN SYSPRO

MaaS360 Cloud Extender

Helpdesk Support Tickets & Knowledgebase

990 e-postcard FAQ. Is there a charge to file form 990-N (e-postcard)? No, the e-postcard system is completely free.

Remote Setup and Configuration of the Outlook Program Information Technology Group

Connecting to

Ten Steps for an Easy Install of the eg Enterprise Suite

The user authentication process varies from client to client depending on internal resource capabilities, and client processes and procedures.

ca Securecenter Federation Runbook for Pivotal Cloud Foundry

How to put together a Workforce Development Fund (WDF) claim 2015/16

INTEGRATION OVERVIEW. Introduction Authentication methods Learning management system (LMS) integration methods AICC standard...

GETTING STARTED With the Control Panel Table of Contents

CallRex 4.2 Installation Guide

Installation Guide Marshal Reporting Console

Installation Guide Marshal Reporting Console

Preparing to Deploy Reflection : A Guide for System Administrators. Version 14.1

Copyright 2013, SafeNet, Inc. All rights reserved. We have attempted to make these documents complete, accurate, and

Password Reset for Remote Users

Organisational self-migration guide an overview V1-5 April 2014

Access EEC s Web Applications... 2 View Messages from EEC... 3 Sign In as a Returning User... 3

STIOffice Integration Installation, FAQ and Troubleshooting

Using PayPal Website Payments Pro UK with ProductCart

Setup O365 mailbox access on MACs

SBClient and Microsoft Windows Terminal Server (Including Citrix Server)

Spamguard SPAM Filter

Lab 12A Configuring Single Sign On Service

Webalo Pro Appliance Setup

Introduction LIVE MAPS UNITY PORTAL / INSTALLATION GUIDE Savision B.V. savision.com All rights reserved.

Pronestor Room & Catering

Configuring and Monitoring AS400 Servers. eg Enterprise v5.6

User Guide Version 3.9

Learn More Cloud Extender Requirements Cheat Sheet

Using Sentry-go Enterprise/ASPX for Sentry-go Quick & Plus! monitors

Introduction to Mindjet MindManager Server

Configuring an Client for your Hosting Support POP/IMAP mailbox

CenterPoint Accounting for Agriculture Network (Domain) Installation Instructions

Treasury Gateway Getting Started Guide

Cloud Services MDM. Windows 8 User Guide

HarePoint HelpDesk for SharePoint. For SharePoint Server 2010, SharePoint Foundation User Guide

PENNSYLVANIA SURPLUS LINES ASSOCIATION Electronic Filing System (EFS) Frequently Asked Questions and Answers

3. Change the Incoming Mail (POP3) information to the POP3 or Incoming Mail Server Name provided when your account is setup.

Configuring BMC AREA LDAP Using AD domain credentials for the BMC Windows User Tool

Telelink 6. Installation Manual

TaskCentre v4.5 Send Message (SMTP) Tool White Paper

Instructions for Configuring a SAFARI Montage Managed Home Access Expansion Server

iphone Mobile Application Guide Version 2.2.2

Server Settings

PS+ Assurance. User Guide Version: 1.0. Page 1

Regions File Transmission

This guide is intended for administrators, who want to install, configure, and manage SAP Lumira, server for BI Platform

ROSS RepliWeb Operations Suite for SharePoint. SSL User Guide

ViPNet VPN in Cisco Environment. Supplement to ViPNet Documentation

Junos Pulse Instructions for Windows and Mac OS X

KronoDesk Migration and Integration Guide Inflectra Corporation

USF Remote Desktop Gateway

Shelby County Schools Online Employee Accident Reporting User Manual

Software Distribution

Deployment Overview (Installation):

Customers FAQs for Webroot SecureAnywhere Identity Shield

Integrating With incontact dbprovider & Screen Pops

Avatier Identity Management Suite

How to Set Up Your POP3 / IMAP Account. 1. Set up your POP3 account

Durango Merchant Services QuickBooks SyncPay

Merchant Management System. New User Guide CARDSAVE

MDSB. MemberDirect Small Business. User Guide

FAQs for Webroot SecureAnywhere Identity Shield

Setup Instructions Glion Online

esupport Quick Start Guide

Serv-U Distributed Architecture Guide

Service Desk Self Service Overview

Firewall/Proxy Server Settings to Access Hosted Environment. For Access Control Method (also known as access lists and usually used on routers)

BASIC TECHNICAL FEATURE DESCRIPTION

TECHNICAL BULLETIN. Title: Remote Access Via Internet Date: 12/21/2011 Version: 1.1 Product: Hikvision DVR Action Required: Information Only

CREDIT REPORTING USER GUIDE

WatchDox for Windows User Guide

Custom Portlets. an unbiased review of the greatest Practice CS feature ever. Andrew V. Gamet

Employee Self Service (ESS) Quick Reference Guide ESS User

Mobile Device Manager Admin Guide. Reports and Alerts

MITEL MC FOR ANDROID FEATURE OVERVIEW PREPARATION INSTALLATION DOWNLOAD CONFIGURATION (REDIRECT) QUICK REFERENCE GUIDE

Client Application Installation Guide

BackupAssist SQL Add-on

Connector for Microsoft Dynamics Installation Guide

Net Conferencing User Guide: Advanced and Customized Net Conference with Microsoft Office Live Meeting Event Registration

April 3, Release Notes

E2E Express 3.0. Requirements

How To Upgrade A Crptocard To A 6.4 Migratin Tl (Cpl) For A 6Th Generation Of A Crntl (Cypercoder) On A Crperd (Cptl) 6.

Pexip Infinity and Cisco UCM Deployment Guide

Volume THURSTON COUNTY CLERK S OFFICE. e-file SECURE FTP Site (January 2011) User Guide

Getting Started Guide

Configuring and Monitoring SysLog Servers

Transcription:

Enabling Single Sign-On with SAML Reference Guide 2016 Adbe Systems Incrprated. All Rights Reserved. Prducts mentined in this dcument, such as the services f identity prviders Micrsft Active Directry Federatin, Okta, Onelgin, and Oracle Identity Federatin, and Salesfrce sftware retain all f the cpyrights and trademark rights f their specific crpratins. Last Updated: June 17, 2016

Table f Cntents Intrductin... 3 Prerequisites... 4 Enabling Single Sign On using SAML... 5 Wrking with SAML Settings... 6 SAML Mde Settings... 7 Hstname... 7 User Creatin Settings... 8 Lgin Page Custmizatin Settings... 8 Identity Prvider (IdP) Cnfiguratin... 10 Adbe Sign SAML Service Prvider (SP) Infrmatin... 11 Adbe Sign Enabling Single Sign On with SAML Guide 2

Intrductin The identity federatin standard Security Assertin Markup Language (SAML) 2.0 enables the secure exchange f user authenticatin data between web applicatins and identity service prviders. When yu use the SAML 2.0 prtcl t enable single sign-n (SSO), security tkens cntaining assertins pass infrmatin abut an end user (principal) between a SAML authrity - an identity prvider (IdP), and a SAML cnsumer - a service prvider (SP). (See fr mre infrmatin abut the SAML prtcl.) Adbe Sign, acting as the service prvider (SP), supprts single sign-n thrugh SAML using external identity prviders (IdPs) such as Okta, OneLgin, Oracle Federated Identity (OIF), and Micrsft Active Directry Federatin Service. Adbe Sign is cmpatible with all external IdPs that supprt SAML 2.0. Mre infrmatin n integrating with these identity prviders (IdPs), can be fund in the fllwing guides: Enabling SAML Single Sign On fr Micrsft Active Directry Federatin Service Reference Guide Enabling SAML Single Sign On fr Okta Reference Guide Enabling SAML Single Sign On fr OneLgin Reference Guide Enabling SAML Single Sign-n with Oracle Identity Federatin Reference Guide Yu can als cnfigure Adbe Sign fr single sign-n (SSO) with ther systems already used in yur rganizatin, fr example Salesfrce.cm, r ther prviders that supprt SAML 2.0. Adbe Sign uses federated authenticatin as ppsed t delegated authenticatin. Federated authenticatin des nt validate the user's actual passwrd in Adbe Sign. Instead, Adbe Sign receives a SAML assertin in an HTTP POST request. Adbe Sign als supprts encrypted assertins. The SAML assertin has a limited validity perid, cntains a unique identifier, and is digitally signed. If the assertin is still within its validity perid, has an identifier that has nt been used befre, and has a valid signature frm a trusted identity prvider, the user is granted access t Adbe Sign. A summary f the Adbe Sign authenticatin specificatin is included in the table belw: Specificatin (Standard Name) Value Federatin prtcl SAML 2.0 Federatin prfile Federatin unique identifier Relay State Brwser Pst Email Address Adbe Sign already has the lgic t knw where t pint the User after they are authenticated s Relay State is nt needed. Adbe Sign Enabling Single Sign On with SAML Guide 3

The fllwing diagram shws hw the request and respnse are prcessed. Prerequisites T enable SSO, yur crprate netwrk must supprt the SAML 2.0 prtcl. If yur crprate netwrk des nt supprt SAML, cntact Adbe Sign Supprt at supprt@echsign.cm t discuss ther ptins t enable Single Sign On in yur accunt. Befre beginning t set up SAML SSO, yu must d the fllwing: Establish a Dmain Name. (Fr the examples in this guide, this will be rrassc.cm.) Enable SAML fr yur dmain using a prvider such as Micrsft Active Directry Federatin, Okta, Onelgin, Oracle Identity Federatin, r thers. Yu may need t pen an Adbe Sign supprt ticket t get yur dmain enabled frm the backend.a Create r verify that yu have an administratr accunt with yur IdP using an email address (Fr the examples in this guide, this email address will be susan@rrassc.cm.) If yu d nt have an Okta accunt, yu can create a free Okta Develper Editin rganizatin using this link: https://www.kta.cm/develper/signup/. Adbe Sign Enabling Single Sign On with SAML Guide 4

If yu d nt have a OneLgin accunt, yu can create a free trials accunt using this link: https://www.nelgin.cm/ and clicking the FREE TRIAL buttn in the upper right crner. (Optinal) Add an additinal email id fr User Prvisining in bth IdP and SP. This will allw yu t add mre users wh can lg int Adbe Sign with their SSO credentials. (Required) Verify that yu have an admin user fr Adbe Sign and an Admin user fr the IdP. (Optinal) Create r verify that yu have an Adbe Sign administratr accunt that uses the same email address as the accunt fr yur IdP (Fr the examples in this guide, this email address will be susan@rrassc.cm.) This will make it easier fr yu t administer the accunts. In Adbe Sign, set yur SAML Mde t SAML Allwed. (See Wrking with the SAML Settings fr mre infrmatin.) Nte: When setting up SAML SSO, we recmmend that yu set the SAML Mde t SAML Allwed until the entire setup prcess is cmplete and yu ve verified it is wrking crrectly. Once verified, yu can change the SAML Mde t SAML Mandatry. Enabling Single Sign On using SAML At a high level, enabling SAML SSO between Adbe Sign (the SP) and yur IdP invlves the fllwing highlevel steps: 1. If required (by yur IdP), set up yur IdP using the Adbe Sign Service Prvider (SP) Infrmatin. 2. Set up Adbe Sign using infrmatin frm yur IdP. 3. Verify that the SAML SSO has been prperly set up. Adbe Sign Enabling Single Sign On with SAML Guide 5

Wrking with SAML Settings T lcate yur Adbe Sign SAML Settings, lg in as an accunt administratr r grup administratr, then click Accunt. Under Accunt Settings, click SAML Settings. Adbe Sign Enabling Single Sign On with SAML Guide 6

T view the ptins fr User Creatin, Lgin Page Custmizatin, Identity Prvider (IdP) Cnfiguratin, and Adbe Sign Service Prvider (SP) Infrmatin, scrll t the bttm f the SAML Settings page. SAML Mde Settings In Adbe Sign, there are three SAML Mde ptins and ne additinal ptin that wrks with the SAML Mandatry ptin. SAML Disabled Enable this ptin that yu are nt using SAML fr yur accunt. When selected, nne f the SAML Settings are accessible. SAML Allwed Enable this ptin t allw all users, including accunt administratrs, t use SAML SSO. Users can als cntinue using their Adbe Sign credentials as well. SAML Mandatry Enable this ptin t enfrce lg in with SAML SSO fr all users. If this ptin is selected, the Allw Adbe Sign Administratrs t lg in using their Adbe Sign Credentials ptin will be greyed ut (disabled). As nted abve under Prerequisites, we recmmend that yu set the SAML Mde t SAML Allwed until yu ve verified yur SAML SSO set up. Hstname The Hstname is yur dmain name. (See Prerequisites abve.) When entered, yur hstname becmes part f the Assertin Cnsumer URL, the Single Lg Out (SLO) URL, and Single Sign-On (Lgin) URL. Adbe Sign Enabling Single Sign On with SAML Guide 7

User Creatin Settings Only the first f the tw User Creatin settings is directly cnnected with SAML Setup. The secnd setting pertains t all pending users, whether r nt they are added as a result f authenticating thrugh SAML. Autmatically add users authenticated thrugh SAML If this ptin is enabled, users wh are authenticated thrugh yur IdP are autmatically added as pending users in Adbe Sign. Autmatically make pending users in my accunt active If the Require signers in my accunt t lg in t Adbe Sign befre signing setting, under Signer Identity Verificatin (Security Settings), is enabled, this setting shuld als be enabled. When a signature is requested frm a new user, this user is created as a pending user in yur accunt. If this ptin is nt enabled, these users are prevented frm signing agreements sent t them fr signature. Lgin Page Custmizatin Settings Yu can custmize the sign n message that users see n the Adbe Sign Sign In page when SAML Single Sign On is enabled. Single Sign On Lgin Message Optinally, enter a message t display abve the SSO Sign In buttn n the Adbe Sign Sign In page. Belw are examples f a custm SSO Lgin Message and the default SSO lgin message, in this case fr Okta, and the default message. Adbe Sign Enabling Single Sign On with SAML Guide 8

Custm SSO Lgin Message Default SSO Lgin Message Adbe Sign Enabling Single Sign On with SAML Guide 9

Identity Prvider (IdP) Cnfiguratin T set up mst IdPs, except as nted fr Okta, yu must enter infrmatin frm yur IdP int the IdP cnfiguratin fields in Adbe Sign. Entity ID/Issuer URL This value is prvided by the IdP t uniquely identify yur dmain. Lgut URL/SLO Endpint When smene lgs ut f Adbe Sign, this URL is called t lg them ut f the IdP as well. Lgin URL/SSO Endpint The URL that Adbe Sign will call t request a user lgin frm the IdP. The IdP is respnsible fr authenticating and lgging in the user. IdP Certificate The authenticatin certificate issued by yur IdP. Adbe Sign Enabling Single Sign On with SAML Guide 10

Adbe Sign SAML Service Prvider (SP) Infrmatin The SP infrmatin sectin displays the default infrmatin fr Adbe Sign. Once yu ve entered and saved yur hst name and IdP Cnfiguratin infrmatin, the infrmatin in the SP infrmatin sectin is updated t include yur hstname. (In ur example, https://secure.echsign.cm/public/samlcnsume becmes https://glbalcrp.na1.echsign.cm/public/samlcnsume.) The SP Infrmatin prvided is as fllws: Entity ID/SAML Audience A URL that describe the entity that is expected t receive the SAML message. In this case, it is the URL fr Adbe Sign. SP Certificate Sme prviders require a certificate t be used t identify the Service Prvider. The link in this view pints t the Adbe Sign Service Prvider certificate. Assertin Cnsumer URL This is the callback that the IdP will send t tell Adbe Sign t lg in a user. Single Lg Out (SLO) URL The URL that users are redirected t when they lg ut. Single Sign-On (Lgin) URL This is the URL that the IdP will send lgin requests t. Adbe Sign Enabling Single Sign On with SAML Guide 11

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information