This guide walks you through the process of setting up Single Sign-On (SSO) for your GateKeeper Hub application. Follow these steps to correctly generate certificates, configure identity provider settings, and finalize your integration for seamless authentication.
Claim and Establish Your Login Domain
- Log in to your Adobe account.
- Adobe verifies domain ownership through a DNS token. Submit an Adobe support ticket and include the following information:
- The email address of your Acrobat Sign account administrator
- The email Domain(s) that you would like to add.
- Once setup is complete, if you manage users directly inside Acrobat Sign, set your SAML Mode to “SAML Allowed” in account settings.
Add Adobe to GateKeeper
1. Log in to the GateKeeper, click SSO Management, and click Applications.

2. Click + Add Application.

3. Select SAML 2.0, then click Next.

4. Copy the following:
- Single Sign-On (SSO) URL
- IdP Entity ID
- X.509 Signing Certificate (click Download Certificate > Copy Certificate)
Then click Next
5. In the Adobe Admin Console, during directory creation (or editing an existing Federated ID directory):
- Choose Other SAML Providers.
- Enter your identity provider’s details in the three fields:
- SSO or login URL: Paste the GateKeeper SSO URL.
- Entity ID or Issuer URL: Paste the GateKeeper IdP Entity ID.
- X.509 Public Certificate: Paste all of the contents from your GateKeeper Certificate.
- Save these fields.
6. Adobe will generate its own SP metadata (Entity ID and ACS URL) for this directory — copy these.
7. Go back to the GateKeeper Hub and fill out all the information.
Use these details to add Adobe to GateKeeper:
- Application Name: Adobe SAML
- Description: Adobe SAML
- Service Provider Entity ID: [paste the Entity ID Adobe generated for your directory]
- Assertion Consumer Service URL: [paste the ACS URL Adobe generated for your directory]
Click Next.
8. Select Default Login Policy, then click Next.
9. Select which group of users will follow this rule, and click Next.
10. Double-check that all the information is correct, and click Save New SSO Application.
Test your SSO login experience
Log out and back in using SSO
- Add a test user to the Admin Console directory you just configured (or use an existing admin account in the claimed domain).
- Go to the Adobe sign-in page and enter that user's email address.
- You should be redirected to GateKeeper's login page; authenticate there.
- On success, you'll land back in the Adobe Admin Console / Acrobat Sign as that user.
- If it fails, check: domain claim status, certificate validity/expiration, and that the Entity ID/ACS URL in GateKeeper exactly match what Adobe generated.
If you’re taken to your team’s page after logging in, you successfully set up SSO! If you get an error, check our Troubleshooting SSO errors article for help.
Quick tip: Using both methods can give you extra peace of mind that everything’s set up right.
Choose how you want people to log in to your SSO-managed team(s).
- From the homepage, select your account profile to open the menu.
- Choose Settings > SSO and provisioning.
- Click Single sign-on (SSO) > Manage > Configure SSO settings.
- Select one of the login options. Learn more about each option in Setting up login and signup controls.
- Click Save changes.
For any additional questions or concerns regarding faster 2FA, proximity settings, computer locking, password management, or compliance, please contact GateKeeper Enterprise support using the Support Ticket form on https://gkaccess.com/support/ or email support@gkaccess.com.
Comments
0 comments
Article is closed for comments.