Secure Adobe Sign access with UserLock Single Sign-On

Let users sign documents in Adobe Sign with their corporate identity through UserLock SSO, while enforcing stronger authentication when needed.

Published September 29, 2025
Useful resources

Introduction

This guide explains how to integrate Adobe Sign with UserLock Single Sign-On (SSO) using the SAML 2.0 protocol.

Once configured, UserLock validates Adobe Sign logins against Active Directory. This ensures a seamless login experience and lets you apply UserLock access policies (MFA, time, machine, or location restrictions) to SSO sessions.

🚩️ Before starting:

Step 1. Configure Adobe Sign (Service Provider)

  1. Open the Adobe Sign console.

  2. In the top menu, click Account.

  3. Expand Account Settings in the left pane and select SAML Settings.

  4. In SAML Mode, select SAML Allowed

    🚩️Setting this option to SAML Mandatory will effectively lock out your users until SSO is fully operational.

  5. Choose a host name for future use.

  6. Enter the values using your UserLock SSO URL
    (visible in UserLock console▸ ⚙️ Server settings ▸ Single Sign-On ).

    Example with https://sso.contoso.com

    Settings

    Values

    Entity ID / Issuer URL

    https://sso.contoso.com

    Login URL / SSO Endpoint

    https://sso.contoso.com/saml/sso

    Logout URL / SLO Endpoint

    https://sso.contoso.com/connect/endsession

    IdP Certificate

    1. Go to UserLock console▸undefined️ Server Settings▸ Single Sign-On

    2. Click on Download ▸ SAML certificate.

    3. Open it in a text editor, and paste the contents here

  7. Download the Adobe Sign certificate (you will use it in UserLock).

Step 2. Configure Adobe Sign in UserLock

  1. In the UserLock console, go to ⚙️ Server settings▸ Single Sign-On.

  2. In the application list, select Adobe Sign.

  3. Fill in the fields with the information from the Adobe Sign console:

    • Application domain: available in Adobe Sign ▸ SAML Settings
      (e.g. contoso.eu1.echosign.com).

    • Issuer: http://echosign.com

    • Email domain: the domain of the user email addresses used to log in (e.g. contoso.com).

    • Certificate: paste the Adobe Sign certificate you downloaded in Step 1.

  4. Save the profile.

Update the SAML certificate in Adobe Sign

When you renew the SAML certificate in UserLock (see Renew the SAML certificate), you must also update the configuration in Adobe Sign:

  1. In the UserLock console, go to ⚙️ Server settings ▸ Single Sign-On.

  2. Click Download ▸ SAML certificate and save the file.

  3. Open the certificate in a text editor (Notepad) and copy the full contents.

  4. In the Adobe Sign console, go to Account ▸ Account Settings ▸ SAML Settings.

  5. Paste the new certificate in the IdP Certificate field.

  6. Save the configuration.

Adobe Sign will now trust the renewed UserLock certificate for SSO logins.

Troubleshooting

For common issues, see Troubleshooting SSO.
If the problem persists, please contact IS Decisions Support.

Next steps

You can extend the security of SSO sessions by applying UserLock access policies in addition to authentication.