When the documents are shared on the web with other users, it's important to upscale the security levels for preventing fraudulent attempts and bad actors compromising your document security. SigningHub provides you with three methods that can be configured for either individual or all recipients collectively: 


  1. Document access duration - to allow document access only for a specified duration
  2. Document access authentication - to authenticate the recipient through a specified password or an OTP process when attempting to access the document 
  3. Document signing authentication - to authenticate the recipient through an OTP process when attempting to sign the document


In case the authentication/validation fails in any of the above scenarios, the recipient will be restricted to access/sign the document.

By default these document security features are disabled for a new workflow. You can always enable them as required before sharing. 

The following image illustrates the Set Access Security dialog.


The following image illustrates the names, description, and the default behaviour of the fields on the Set Access Security dialog.


Document Access Security

Fields

Description

Default Behaviour

Recipient

Displays the recipient name for which the Set Access Security dialog has been opened. You can select a different recipient from the dropdown to apply the security access settings. In addition, you can also select "Apply to all" to apply the settings to all the recipients that are already added to the document. 

The following image illustrates the options available in the dropdown.

Selected 

Document access duration 

Select the check box to allow document access only for a specified duration for the selected or all recipients. You can specify the access duration via specific date and time or a number of days.

On selecting the check box, the dialog displays the following fields as shown in the image below.

  • Via date and time

Set a specific start and end date/time for a recipient to access the document. The recipient will not be able to access the document beyond this duration. Also if the document is not processed within the specified time, the document will be considered declined.

  • Via days

Set a number of days in which a recipient can sign the document after receiving it. The recipient will not be able to access the document after this duration. Also if the document is not processed within the specified days, the document will be considered declined.

 

Document access authentication

Select the check box to enable recipient authentication through a specified password or an OTP process when attempting to access the document. 

On selecting the checkbox, the dialog displays further options as displayed in the image below.

  • Password Authentication

This will let you set a password that the recipient would need to provide in order to access the document.

While typing in a password, the Password Policy will be displayed. SigningHub will allow you to specify a password that complies with the given Password Policy. Password Policy will be configured at Enterprise level or Administrator level according to account type.


The following image illustrates the Password Policy displaying with the Password field.


 

 If document owner is the part of an Enterprise than follow the Password Policy defined in Enterprise Advance Settings .If its an individual user than follow Password Policy defined in SigningHub Admin Global Settings.
  • OTP Authentication

This will let you specify the mobile number of a recipient to send an OTP. Whenever the recipient will try to open this document an OTP will be sent to that mobile number. The document will be opened/ accessible only upon providing the correct OTP. 
By default, the specified number is displayed partially masked to comply with the GDPR policy. Click  to view the complete number.

Disabled

Document signing authentication

Select this check box to enable recipient authentication through OTP process when attempting to sign the document. 

On selecting the check box, the dialog displays the following option as shown in the image below.

  • Mobile Number
    Enter the mobile number on which the OTP will be sent via SMS. The full international number must be entered in the  00 44 234334334 or +44 234334334 format. By default, the specified mobile number is displayed partially masked to comply with the GDPR policy. Click   to view the complete number.
  • In the following cases, the "Document Signing Authentication" option is not available on the "Set Access Security" dialog:
    • For the recipients of type "Reviewer" , "Editor" or "Send A Copy"
    • Workflow type is set to "Individual"
    • Recipient is a Group signer
  • The following rules will be followed for initiating the OTP process:
    • The system will initiate when the recipients attempt to sign a signature field, and will not initiate OTP process when recipient attempts to mark an Initials field.
    • Even if OTP authentication is configured, OTP process will fail to initiate in case the signer is performing Bulk Sign. 
    • When the recipient is a registered user and attempts to sign a signature field, the system will follow the OTP authentication settings (including mobile number) as configured by document owner via "Set Access Security" dialog. 
      • In case the OTP authentication is not configured by the document owner, the system will follow the OTP authentication settings configured in the Enterprise Role while using the mobile number specified on the user's "My Settings" page.
      • In case OTP authentication is not configured in the Enterprise Role or Service Plan, then OTP process will not initiate. 
    • When the recipient is a guest user and attempts to sign a signature field, the system will follow the OTP authentication settings (including the mobile number) as configured by document owner via "Set Access Security" dialog.  
      • In addition, even if the OTP authentication is configured in the Enterprise role, OTP process will still not initiate.

 

Save

Click to save the information entered on the dialog.

 

Cancel

Click to discard the information entered on the dialog.

 


To set access duration via date & time
 

In the above screenshot, the document will be accessible to "Simon Gill" only from July 23, 2021 17:03:54 to July 30, 2021 17:00:57 for processing. The document will be considered declined if it is not processed within this time-period.


Access Duration via days

  

In the above screenshot, the document will be accessible to "Simon Gill" for the next 14 days after receiving it. The document will be considered declined if it is not processed within this time-period.


To set document access authentication:


After you have:



  1. Click  against the recipient/ placeholder, for whom you want to set document access security.



  2. A dialog will appear, select the check box(es) as required. See the "Document Access Security" table for details.
  3. Click the "Save" button.


Password Authentication


   

In the above screenshot, the recipient "Simon Gill" will have to provide this (specified) password to access and process the document.

OTP Authentication

  


Considering the screenshot scenario, an OTP will be sent to the specified mobile number of "Simon Gill", whenever he attempts to access the document. He must provide the received OTP to access and process the document.


To set document signing authentication:


After you have:



  1. Click  against the recipient/ placeholder, for whom you want to set document access security.



  2. A dialog will appear, select the check box and enter the mobile number of the recipient. 



  3. Click "Save".

​The availability of configuring OTP security feature is subject to your subscribed service plan. If you cannot find this option in your account, upgrade your service plan.


See Also