Configure extended authentication from external browser for document security configure-external-browser-authentication-document-security

NOTE
Ensure that you have administrator privileges to access the AEM Forms administration console.

Extended authentication from an external browser allows users to authenticate for policy-protected PDF documents using the system’s default web browser (such as Microsoft Edge or Google Chrome) instead of the embedded browser control within Acrobat or Reader. This enables modern authentication methods such as PassKey, biometric authentication, and other Identity Provider (IDP) features that require a modern browser.

When enabled, opening a policy-protected document in Acrobat or Reader launches the IDP login page in the user’s default browser. After authentication, the user is automatically redirected back to Acrobat or Reader and the document is unlocked.

Prerequisites prerequisites

Before you configure external browser authentication, ensure that the following requirements are met:

NOTE
External browser authentication requires a supported version of Adobe Acrobat or Adobe Acrobat Reader on the client. See Acrobat Release Notes (March 2026 Continuous Track) for version details and updates.

External browser authentication is available in AEM Forms on JEE Service Pack 6.5.25.0 and later.

If you are on AEM Forms on JEE Service Pack 6.5.24.0 or earlier, do one of the following:

Download and install the AEM Forms JEE Hotfix 6.5.24.0 patch for your platform from Adobe Software Distribution:

JBoss

WebSphere

WebLogic

For installation instructions, see Install a JEE patch.

Enable external browser authentication enable-external-browser-authentication

This video shows how to enable external browser authentication on the AEM Forms Document Security server.

  1. In the administration console, click Services > Document Security > Configuration > Server Configuration.

  2. Locate the section Allow extended authentication from external browser for Adobe client applications.

  3. Select the checkbox for each Adobe client platform you want to enable:

    • Adobe Acrobat and Reader (64-bit) - Desktop
    • Adobe Acrobat Reader (32-bit) - Desktop
  4. Click OK.

For the server setting description, see Server configuration settings.

Verification verification

This video shows how to verify external browser authentication: open a policy-protected PDF in Acrobat, sign in through your default browser, and confirm the document unlocks after authentication.

  1. Create a policy-protected PDF document using the Document Security server.
  2. On a Windows client machine, open the protected PDF in Acrobat Pro or Acrobat Reader.
  3. A consent dialog appears in Acrobat. Click Sign In.
  4. Verify that the system default browser opens with the IDP login page.
  5. Complete authentication.
  6. Verify that the protected document opens successfully.

Troubleshooting troubleshooting

The embedded browser opens instead of the system browser embedded-browser-opens-instead-of-system-browser

Authentication succeeds in the browser but the document does not unlock authentication-succeeds-but-document-does-not-unlock

  • Ensure Acrobat or Reader is running and not blocked by firewall or security software.
  • If the issue persists, reinstall or repair the Acrobat or Reader installation to restore protocol handler registration.

“We couldn’t sign you in” message appears in Acrobat we-couldnt-sign-you-in-message

  • The user may have taken too long to complete authentication. Try again.
  • Check network connectivity between the browser and the AEM Forms server.

Authentication option does not appear on the login page authentication-option-does-not-appear

  • Authentication methods and options are configured by the IDP, not by AEM Forms or Acrobat. Ensure the IDP supports the authentication method you want to use.
  • Verify the login page is loading in the system browser (not the embedded browser).
recommendation-more-help
experience-manager-65-help-main-toc