Loading
Salesforce now sends email only from verified domains. Read More
Identify Your Users and Manage Access
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Configure SSO from Salesforce to Adobe Sign

            You are here:

            1. Salesforce Help
            2. Docs
            3. Identify Your Users and Manage Access

            Configure SSO from Salesforce to Adobe Sign

            Let your users log in to Adobe Sign, formerly EchoSign, using single sign-on (SSO) from your Salesforce org configured as an identity provider.

            Required Editions

            Available in: Lightning Experience and Salesforce Classic
            Available in: Enterprise, Performance, Unlimited, and Developer Editions

            When you set up Adobe Sign as a service provider and create a connected app in Salesforce, users can access Adobe Sign using their Salesforce credentials. Adobe Sign supports the SAML protocol for both identity provider–initiated and service provider–initiated SSO.

            Follow these high-level steps to configure SSO for Salesforce to Adobe Sign.

            See Also

            Set Up Your Salesforce Org as an Identity Provider

            With the My Domain feature, your Salesforce org is enabled as an identity provider. My Domain is required for all orgs. If you don’t like your org’s My Domain name, you can change it.

            The My Domain feature also includes a certificate and key pair. The certificate establishes trust between your Salesforce org and Adobe Sign. Optionally, you can use another self-signed certificate or import a CA-signed certificate.

            To download the Salesforce self-signed certificate:

            1. From Setup, enter Identity Provider in the Quick Find box, and select Identity Provider.
            2. Click Download Certificate.

            Configure SAML Settings in Adobe Sign

            1. Log in to your Adobe Sign account as an administrator, and click Account.
            2. Under Account Settings, click SAML Settings.
            3. Under SAML Mode, choose a sign-in option.
              • To allow users to sign in to Adobe Sign using SAML or their Adobe Sign credentials, select SAML Allowed.
              • To configure sign-in using SAML SSO only, select SAML Mandatory instead.
              Note
              Note Until you verify your SAML SSO configuration, it’s recommended that you use the SAML Allowed setting.
              choose the SAML mode
            4. To enable SAML, Adobe Sign requires a dedicated hostname. Enter your domain name as the hostname. If you already have a hostname specified, Adobe Sign doesn’t show this option.
            5. To provision users that don’t have an Adobe Sign account, under User Creation, select the option to authenticate users through SAML.
              to provision users automatically, select the option
            6. To show a message when users choose a service provider–initiated SSO, under Login Page Customization, enter a message. For example, Sign In using Salesforce.
              customize SP-initiated login with a message
            7. Enter the identity provider (IdP) settings.
              • For IdP Entity ID, enter your SAML IdP issuer using the format https://MyDomainName.my.salesforce.com. For example, https://identitydemo.my.salesforce.com.
              • For IdP Logout URL, enter the URL to which users are redirected after logout using the format https://MyDomainName.my.salesforce.com/secur/logout.jsp. For example, https://identitydemo.my.salesforce.com/secur/logout.jsp.
              • For IdP Login URL, enter the endpoint used for service provider–initiated SSO using the format https://MyDomainName.my.salesforce.com/idp/endpoint/HttpRedirect. For example,https://identitydemo.my.salesforce.com/idp/endpoint/HttpRedirect.
              • For IdP Certificate, enter the content of the Salesforce certificate that you downloaded.
              Identity provider SAML settings in Adobe Sign
            8. Under Adobe Sign Service Provider (SP) Information, copy the SP entity ID and SP assertion consume URLs. You use these settings when you configure a connected app in Salesforce.
              copy the SP URLs
            9. Save the settings.

            Create a Connected App in Salesforce

            1. In Salesforce, create a connected app.
              1. In Lightning Experience, from Setup, enter App in the Quick Find box, and select App Manager. Click New Connected App.
              2. In Salesforce Classic, from Setup, enter Apps in the Quick Find box, and select Apps. Under Connected Apps, click New.
            2. Configure the connected app Basic Information settings.
              1. Enter a name for the Adobe Sign connected app. Salesforce uses this name to populate the API name.
              2. Enter your email address in case Salesforce must contact you or your support team.
              3. Optionally, upload or specify a logo and icon to represent your Adobe Sign application in the Salesforce App Launcher.
                Basic settings for the connected app
            3. Configure the connected app Web App Settings.
              1. Select Enable SAML.
              2. For Entity Id, enter the entity ID URL from the Adobe Sign SP information, for example, http://echosign.com.
              3. For ACS URL, enter the assertion consume URL using the format https://MyDomainName.echosign.com/public/samlConsume. For example, https://identitydemo.echosign.com/public/samlConsume.
              4. For Subject Type, choose how users are identified to the identity provider, for example, Federation ID. A federation ID is a unique value assigned to the user across multiple web services and Salesforce orgs. The SAML subject must match the identity of the Adobe Sign user’s account ID.
              5. For Name ID Format, keep the default value.
              6. For Issuer, keep the default value, which is your My Domain login URL.
              7. For IdP Certificate, keep the default (Default IdP Certificate).
              web app settings for the connected app
            4. Save the settings.
            5. Configure profiles and permission sets for the connected app.
              1. From Setup, enter Apps in the Quick Find box.
                If you’re using Lightning Experience, select Manage Connected Apps. Connected Apps
              2. Click the name of your connected app for Adobe Sign. The connected app detail page appears.
              3. Click Manage Profiles or Manage Permission Sets, and add profiles or permission sets for the users who can access this app.
            6. In Salesforce, enter the start URL for the connected app.
              1. On the connected app detail page, under SAML Login Information, copy the IdP-initiated login URL.
              2. On the connected app detail page, click Edit Policies.
              3. For the Start URL, paste the IdP-initiated login URL.
              4. Save the settings.

            Test the SSO Configuration

            1. Test the identity provider–initiated SSO.
              1. In Salesforce, from the App Launcher, find and open the Adobe Sign app. If you configured the Adobe Sign logo and icon for the connected app, the App Launcher displays them.
              2. If the identity provider–initiated SSO is configured properly, Salesforce creates an application session.
              select Adobe Sign from the Salesforce App Launcher
            2. Test the service provider–initiated SSO.
              1. Enter the service provider–initiated login URL, for example https://MyDomainName.echosign.com/public/home.
              2. Under Sign In using Salesforce, click Sign In.
                sign in using Salesforce
              3. If SSO is configured properly, you’re prompted to log in to your Salesforce org. After you enter your credentials, Salesforce redirects you to your initial request URL, and you’re logged in to your Adobe Sign account.
             
            Loading
            Salesforce Help | Article