Authentication profiles provide the ways through which the end users may authenticate themselves to SigningHub Desktop Web. In addition to the conventional email/ password based authentication, SigningHub also allows the authentication facility through different external Identity Providers (IdP) i.e. BankID, Azure Active Directory, Active Directory, Google, Linked-in, Salesforce, SSL Client, Office 365, Active Directory Federation Services (ADFS), IDfy, Freja eID, Azure Active Directory, itsme, etc.

Based on the business requirements, you can manage (Add, Edit, and Delete) different authentication profiles to offer multiple modes of authentication to your end users.


Create a new authentication profile

  1. Create a new authentication connector (i.e. Office 365 authentication, Active Directory authentication, Salesforce authentication, IDfy authentication, itsme, etc.), whose authentication profile is required to create.
  2. Click the "Configurations" option from the left menu.
  3. Click the "Authentication Profiles" option.
    The "Authentication Profiles" screen will appear.
  4. Click  from the grid header.

     
  5. A dialog will appear to configure the authentication profile details. Specify the details accordingly and click the "Save" button. A new authentication profile will be saved and displayed in the list. See the below table for fields description.
  6. Repeat the steps 1-6 to create other authentication profiles against each authentication method as required.


Authentication Profile

Fields

Description

Name

Specify a unique name for this authentication profile, i.e. My SigningHub Authentication. This name will be displayed at the login screen.

Description

Specify any description related to this authentication profile for your record.   

Sort Order

Specify the sort order for displaying the authentication profiles on the login screen for the users to sign in. This is an optional field and by default, this field will be empty. 

The authentication profiles with sort order 1 to 3 will be displayed on the login screen and the authentication profiles with the succeeding sort order will be displayed in the "More Login Options" dialog on the login screen. The authentication profiles for which a sort order has been provided will follow the defined sort order and the remaining authentication profiles will follow the default system sort order.

  1. If the sort order has not been specified for any of the authentication profiles, the default system sort order will be followed.

Method

Select the authentication method (i.e. Email/ Password Authentication, Mobile Authentication, Azure Active Directory Authentication, Active Directory Authentication, Google, Salesforce Authentication, IDfy Authentication, itsme, etc.) for this profile.

Connector        

This field will appear to select the related connector, when you select any third-party authentication method above. Click  to view the details of the selected connector. See details as how to create a new connector

The "Email/ Password Authentication" and "SSL Client Authentication" methods don't require any third-party authentication method, and therefore the "Connector" field is not shown for them.

Details

  • If you select the "Azure Active Directory Authentication" method, the "Details" fields will appear, in addition to the "Connector" field, to specify the "Allowed Groups" information. 
    • The "Allowed Groups" field refers to the (comma separated) authorised security groups in your Azure Active Directory (i.e. Sales, Marketing, Accounts, etc.) that are used for provisioning in SigningHub.
  • If you select the "Active Directory Authentication" method, the "Details" fields will appear, in addition to the "Connector" field, to specify the "Fully Qualified Domain Name", and the "Allowed Groups" information. 
    • The "Fully Qualified Domain Name" field refers to the complete domain name that has been configured by your IT Administrator and consists of all the domain users, i.e. mySigninghub.com. 
    • The "Allowed Groups" field refers to the (comma separated) authorised security groups in your Active Directory (i.e. Sales, Marketing, Accounts, etc.) that are used for provisioning in SigningHub.


  1. ​If the "Allowed Groups" field is left blank, then all the domain users of a directory would be able to authenticate by using the authentication profile.

Active

Tick this check box to make this authentication profile active. Only the active profiles are available to the end users on their Login screen, Signing screen and Integration screen..

Private

Tick this check box to mark this authentication profile as private. A private profile will not be available to the (public) end users on their Login screen, Signing screen and Integration screen of SigningHub Desktop Web.
Private profiles from here will be available in the "Settings" tab of service plan configuration, and are used for the corporate logins and signing authentication.

You can associate any supported external Identity Provider (i.e. BankID, Active Directory, Google, etc.) as required with a private authentication profile to make it exclusive for a corporate. 

Validate client certificate

This check box will only appear when you select the "SSL Client Authentication" method. Tick it if you want SigningHub to validate the users' certificates every time they use them for authentication. In this way, the users with expired or revoked certificates will not be able to log into SigningHub Desktop Web.

Required password authentication

This check box will only appear when you select the "SSL Client Authentication" method. Tick it if you want SigningHub to ask for SigningHub ID password as well from a user, when they choose their SSL certificate (from the list) for system login. This will work as two-factor authentication, where users will have to first select their certificate and then provide their SigningHub ID password to log into SigningHub Desktop Web.

In case a user does not have their SigningHub password, they will be asked to activate their account to set a SigningHub password by following the activation email steps.



  1. If the sort order has not been specified for any of the authentication profiles, the default system sort order will be followed.


See Also