Overview
Adobe Sign uses email as the default authentication method. This is sufficient for most agreements, but certain documents may require heightened levels of authentication. If your agreement requires heightened levels of authentication, please email adobe@tamu.edu. Please note: Some options may incur additional fees.
Please ensure that any agreements you’re sending on behalf of Texas A&M have been approved. If you have questions about the authentication required for your agreement, contact the compliance office overseeing your unit.
Recipient Authentication Options
There are two categories of options.
Single-Factor Authentication
Single-Factor Authentication (SFA) is the simplest form of authentication method. With SFA, a person matches one credential to verify themselves online. The most popular example of this would be a signee using their email address and email password to log in to their email client. Most verification today uses this type of authentication.
None (Email)
Authentication method available to internal and external recipients.
Adobe Sign Account
Authentication method available only to NetID email recipients.
One-Time Password via Email (Email OTP)
Authentication method available to external recipients.
None (Email Authentication)
Selecting None as the authentication type relies solely on email verification to verify the recipient. Email verification requires that the recipient:
- Access the agreement from their email box
- Click the link in the email to access the agreement view
- Complete any designated actions (Filling form fields, signature) on the agreement
- Click the final Click to Sign button to finalize the recipient's action
Note: Older versions of the Adobe Sign interface listed this option as "Email Authentication." This was changed to "None" in version 15.0.
Adobe Sign Account Authentication
Adobe Sign Account Authentication prompts the recipient to authenticate to the Acrobat Sign system.
This method is primarily used as a "low-friction" counter-signature option for your internal recipients when you have signature requirements that require a logged/authenticated event for each signature.
One-Time Password via Email (Email OTP)
The email OTP authentication is a single-factor identity verification that involves entering a passcode retrieved from the recipient's email box. Since the one-time passcode is sent to the same email address as the original signature link, this method is categorized as single-factor authentication. However, email OTP does not require the user to create an account or otherwise log in to another application (as Acrobat Sign and Email authentication do). Access to the email box is all that is required, making this method lower friction in many cases, particularly for external users.
Using email OTP provides additional security beyond simply relying on the email link. For example:
- Access to an email does not mean that the email box is compromised. In the event that an email link is exposed but the email box is secured, the email OTP authentication will maintain the security of the agreement.
- If an agreement email is improperly forwarded (vs. proper delegation), the email OTP challenge will prevent the agreement from being accessed, preserving the audit report integrity regarding the identified signer's email and the actual signer.
Successful authentication requires the recipient to enter the passcode within 60 seconds of requesting the code.
After selecting the Review and sign link, the recipient is delivered to the one-time verification code page.
The recipient must select the Send Code button to have the code delivered to their email address.
Once the code is obtained, copy and paste it into the Verification Code text box and select Verify.
Once the authentication is passed, the recipient can interact with the agreement.
If the recipient closes the agreement window for any reason before completing their action, they must re-authenticate to resume.
Two-Factor Authentication
Two-Factor Authentication (2FA) uses the same email address and password, but also verifies who a person is by using something only he or she owns, such as a mobile device, or something they know like a unique password. Adobe Sign supports several two-factor authentication methods for transactions that demand more than simple email verification.
Password-Based Authentication
Two-factor authentication is available at no additional cost.
Knowledge-Based Authentication
Two-factor authentication is available on request.
Requires setup and an additional cost per agreement.
Acrobat Sign supports two-factor authentication methods for higher-value transactions that demand more than simple email verification. The method of authentication is usually dictated by the type of document or industry of the involved parties.
The default 2FA method is password-based authentication.
Password-Based Authentication
Signer password authentications require the sender to create and enter the password into the Adobe Sign application.
- Passwords are Alpha/Numeric only. No special characters. For more information refer to the password guidelines.
- The sender must communicate the password to the recipient through an external channel (e.g. text message, phone call or another email account) to fulfill the requirement for 2FA.
- The password is not stored in clear text anywhere in the application. If the password is lost, it cannot be recovered, and the sender will have to reset it
Recipients are asked to enter the password before they can view the agreement contents. When the authentication is passed, the recipient is granted access to view and interact with the agreement. If the recipient closes the agreement window before completing their action, they must re-authenticate to resume.
Knowledge-Based Authentication
Knowledge-Based Authentication (KBA) is a high-level authentication method used mainly in financial institutions and other scenarios that demand a strong assertion of the signer's identity.
KBA is valid only for recipients in the USA, requires setup, and includes an additional cost per agreement. Contact adobe@tamu.edu if you need to set up KBA.
In KBA, the recipient is prompted to enter personal information, which is used to gather several non-trivial questions from their past (using public databases). Each question must be answered correctly to gain access to the agreement.
Learn more about KBA in Adobe Sign.
Support
If you have any questions or comments, or need assistance in creating Adobe Sign documents, contact Help Desk Central at helpdesk@tamu.edu or by phone at 979.845.8300.