To create a new Service Plan:

  1. Choose the "Service Plans" option from the left menu. The "Service Plans" screen will appear.
  2. Click on the add icon  in the grid header.


      
  3. A dialog wizard (consisting of 6 sequential screens, i.e. Basic Information, Constraints, Documents, Signatures, Settings and Billing) will appear which you will use to configure the service plan details. The availability of "Billing" dialog box is based on your license, if you are unable to find it, contact support for assistance.
  4. Enter the required details in each screen accordingly and click the "Next" button. Click the "Finish" button in the last dialog box (i.e. Billing). A new service plan will be created and displayed in the list.  See the following table for the description of the fields.


The following sections separately explain the "Basic Information", "Constraints", "Signatures", "Settings" and "Billing" tabs on the Add Service Plan dialog. 

Basic Information

The following image illustrates the default view of the "Basic Information" tab on the Add Service Plan dialog.




The following table illustrates the fields and definitions of the "Basic Information" tab on the Add Service Plan dialog.


Basic Information tab

Fields

Description

Name

Specify a unique name for this service plan, e.g. My Service Plan.

Type

Select whether this service plan is for "Individual" or "Enterprise" based subscriptions. An individual subscription is acquired by an individual entity, while an enterprise subscription can be acquired by an organization or any group of people (team).   

Features

Select the SigningHub services/ features to include in this service plan, i.e. Attachments and Merging, Bulk Signing and Sharing, Form Fields, Initials, In-person Signing, Reviewers, Editors, Send a Copy, Integrations, Cloud Drives, Electronic Seals, and Archiving. Consult SigningHub Web Help for the relevant descriptions of these features.

  1. The "Electronic Seals" feature will be available only if the "ELECTRONIC_SEALS" module is enabled in the license.
  2. The "Electronic Seals" feature is only available for "Enterprise" service plan type.
  3. The "Archiving" feature will be available only if the "Enable Data Archiving" option is enabled in the Data Settings.
  4. The"Archiving" feature is available for both "Enterprise" and "Individual" service plan types.
  5. The"Bulk Signing and Sharing" feature is available for both "Enterprise" and "Individual" service plan types.

Start Date and End Date

Specify the start date and end date (active period) of the service plan. Before the start date has reached and after the end date has passed, the user will not be allowed to perform action against the following constraints of the service plan:

    • Signatures
    • Storage
    • Workflows
    • Upload Size
    • Templates
    • Users

  1. "Start Date" and "End Date" are optional fields.
  2. If the "Start Date" field has not been specified, the system will set the current date as the start date.
  3. If the "End Date" field has not been specified, the service plan will stay active, indefinitely, and will not expire.
  4. The system will display an on-screen notification and send an email, via daily core thread, on the following two occasions:
    • on the "End Date" of the service plan, and
    • as per the "Alert for Service Plan Expiry (Days)" configured in Global Settings.

Public

Tick this check box to make this service plan available for public access or keep it unticked to make it a private service plan. The public service plans are created for cloud based deployments, while private service plans are created for on-premises deployments.

Next

Click to move to the "Constraints" tab.


Constraints

The following image illustrates the default view of the "Constraints" tab on the Add Service Plan dialog.




The following table illustrates the fields and definitions of the "Constraints" tab on the Add Service Plan dialog.


Constraints tab

Fields

Description

Signatures

Specify the number of signatures allowed for this service plan. Or select the adjacent "Unlimited" check box to remove this constraint and allow unlimited number of signatures for the subscribers. The arrow next to the "Signatures" constraint can be used to expand or contract the list of signatures as per the allowed levels of assurance, this can be used to define limits against each level of assurance.

  1. In case a limit has been set for "Signatures" but unlimited has been checked against each level of assurance, the user will be allowed to use each level of assurance as long as their aggregate is less than the limit set for "Signatures".
  2. The limit set for each level of assurance can not be greater than the limit set for "Signatures".

Simple Electronic Signatures

Specify the number of Non-PKI signatures that are Simple Electronic Signatures (eSignature) allowed for this service plan. Or select the adjacent "Unlimited" check box to remove this constraint and allow unlimited number of simple electronic signatures for the subscribers.

  1. "Simple Electronic Signatures" constraint option will only be displayed, if the "SIMPLE_ELECTRONIC_SIGNATURES" module is enabled in the license.

Storage (MB)

Specify the document storage limit (in MBs) allowed for this service plan. Or select the adjacent "Unlimited" check box to remove this constraint and allow unlimited document storage capacity for the subscribers.    

Workflows

Specify the number of workflows allowed in this service plan. Or select the adjacent "Unlimited" check box to remove this constraint and allow unlimited number of workflows for the subscribers. 

Document Upload Size (MB)

Specify the document upload limit (in MBs) allowed in this service plan. Or select the adjacent "Unlimited" check box to remove this constraint and allow unlimited document uploading size for the subscribers.

Templates

Specify the number of document templates allowed in this service plan. Or select the adjacent "Unlimited" check box to remove this constraint and allow unlimited number of document templates for the subscribers. 

Users

Specify the number of enterprise users for an enterprise account, allowed in this service plan. Or select the adjacent "Unlimited" check box to remove this constraint and allow unlimited number of enterprise users for the subscribers. This field will be visible when the type of service plan is "Enterprise". 

Next

Click to move to the "Documents" tab.


Documents

The following image illustrates the default view of the "Documents" tab on the Add Service Plan dialog.




The following table illustrates the fields and definitions of the "Documents" tab on the Add Service Plan dialog.

Documents tab

Fields

Description

Level of Assurance

Select the levels of assurance which you want your certification profile to feature, while producing a signing key for a user. These Level of Assurance terms are as per the eIDAS Standards. For details of these terms click here. Possible values are:

  • Simple Electronic Signature (SES)
  • Electronic Seal (eSeal)
  • Advanced Electronic Seal (AdESeal)
  • Qualified Electronic Seal (QESeal)
  • Advanced Electronic Signature (AES)
  • High Trust Advanced Signature (AATL)
  • Qualified Electronic Signature (QES)

Only the Levels of Assurance selected in the Service Plan will be available for the Individual Users (My Settings > Signatures) and Enterprise Users (Enterprise Roles > Document Settings).

  1. If the user has added "In-Person Signing" as a feature in the service plan, then in the "Level of Assurance" field the user will have to add at least one of the following levels of assurance for the In-Person Signatures:
    • Simple Electronic Signature (SES)
    • Electronic Seal (eSeal)
    • Advanced Electronic Seal (AdESeal)
    • Qualified Electronic Seal (QESeal)

Default Levels of Assurance

The "Default Levels of Assurance" field defines what levels of assurance will be used by default when the document owners, belonging to this service plan, drop a signature field. Once the "Level of Assurance" field is configured, the system will automatically populate the "Default Levels of Assurance" field, as per system preference. The configured levels of assurance from the "Level of Assurance" field will be listed in the "Default Levels of Assurance" drop down list for the administrator to manually configure the "Default Levels of Assurance" field.

For a new enterprise user role, the system will pick the configured default levels of assurance from this field and set it as the default level of assurance in Enterprise Settings.
For a individual user, the system will pick the configured default levels of assurance from this field and set it as the default level of assurance in Personal Settings.

  1. If the Simple Electronic Signature (SES) is set as the default level of Assurance, no other level of assurance can be set with SES under the "Default Levels of Assurance".

Document Certify Options

Select the document certify options that you want to allow for this service plan. The selected certify options will be available for configuration to Individual Users (web.config) and Enterprise Users (Enterprise Roles > Document Settings). To learn more about certify options, click here. This is a mandatory field.

The possible values are:

  • Certify with no changes
  • Certify with form filling and signing
  • Certify with form filling, signing and annotations


Default Document Certify Option

Specify the default certify option from the allowed "Document Certify Options" above. This is a mandatory field.

The "Default Document Certify Option" field defines what certify option will be used by default when the document owners, belonging to this service plan, add a document to a workflow/template.

Enable PDF/A Compliancy

Select to enable PDF/A compliancy for all the documents that are uploaded to SigningHub. In this case, SigningHub implements the following rules for any uploaded documents:

  • A non-PDF document (like image or text file) will be converted to PDF document with PDF/A-2a compliance. 
  • A PDF document with no PDF/A conformance will be upgraded to conform with PDF/A-2a compliance.  
  • A signed PDF document with no conformance to PDF/A compliance will display the following error.


  1. ​​In order to ensure if signature string size conforms to PDF/A compliance, see how to configure the Signing Profiles above.
  2. Font color will not be applicable in Signature Appearance while perform signature on any PDF/A document with "CMYK" color space ​​in order to ensure PDF/A compliance.
  3. If the "Enable PDF/A Compliancy" option is enabled in the user's service plan and the user uploads a document that is PDF/A compliant, the "Compliance" option will not appear in the properties dialog.


Keep the check box empty to disable PDF/A compliancy for the documents uploaded to SigningHub. In this case, SigningHub implements the following rules for any uploaded documents:

  • A non-PDF document (like text or image file) will be converted to a PDF document with no conformance.
  • No changes will be made to a PDF document with no PDF/A conformance.
  • A signed PDF document with no conformance to PDF/A compliance will not display any non-compliancy error.


  1. ​Whether the Service Plan has the PDF/A Compliancy enabled or not, if the uploaded documents are PDF/A compliant, their conformance level will remain intact.

Enable Auto-deletion of unused documents

Tick this check box to enable the auto deletion utility for unused documents. SigningHub will automatically delete unused documents of a user from their SigningHub account.

The unused documents refer to those Draft/Updated/Approved/Signed/Declined/Completed documents that the user have not been accessed over a certain time period. Any action that is performed on a document that warrants a log activity will reset the document deletion counter (days). The In Progress and Pending documents do not come under the unused documents category and hence they will not be deleted through the auto deletion utility.

When this option is enabled, the following will appear:

  • The "Delete documents which are unused for (days)" field, to specify the number of days after which SigningHub should delete an unused document.   
  • The "When deleting a document, notify user before (days)" check box, to send a notification email to the respective document owner before deleting their unused documents. 
    • When the "When deleting a document, notify user before (days)" check box is checked, a field will appear to specify number of days. SigningHub should send this notification, the specified number of days before deleting such documents. 
    • Keep this check box unselected, if you don't want to notify document owners before deleting their unused documents.
  • The "Email the deleted document as attachment" check box, if you require SigningHub to send the deleted documents as attachments to document owners in their notification emails. The sending of document as email attachment will depend on its size as configured in the Bulk Actions settings.
    • When the "Email the deleted document as attachment" check box is checked, SigningHub emails as an attachment, the document being auto-deleted. When this checkbox is checked, the "Email the workflow evidence report as part attachment of the completed document" check box will appear.
      • When the "Email the workflow evidence report as an attachment of the completed document" check box is checked SigningHub will send as an email attachment, the Workflow Evidence Report of the document that is being auto-deleted.
      • Keep the "Email the workflow evidence report as an attachment of the completed document" check box unselected, if you do not want to send the Workflow Evidence Report of the document being auto-deleted.
    • Keep the "Email the deleted document as attachment" check box unselected, if you do not want to email, as an attachment, the document being auto-deleted.


  1. When the "Email the workflow evidence report as an attachment of the completed document" check box is checked, SigningHub will send the Workflow Evidence Report, only if the Workflow Evidence Report for the document being auto-deleted was already generated.
  2. If the workflow has a single document:
    • Where only the document being auto-deleted is being sent as an attachment of an email, the document will be sent as a pdf file.
    • Where both the document being auto-deleted and its Workflow Evidence Report are being sent as an attachment of an email, a ZIP file containing; the document as a pdf file and the workflow evidence report as a pdf file, will be sent.
  1. If the workflow has a multiple documents:
    • Where only the documents being auto-deleted are being sent as an attachment of an email, a ZIP file containing the documents as pdf files, will be sent.
    • Where the documents being auto-deleted and the Workflow Evidence Report are being sent as an attachment of an email, a ZIP file containing; the documents as pdf files and the workflow evidence report as a pdf file, will be sent.

Add a unique identifier in the document header on uploading a document

Tick this checkbox to allow the SigningHub Desktop Web users to add a unique identifier in the document header. SigningHub will automatically add a unique identifier while users upload a PDF document from their SigningHub account.
However when configured, this condition can be overridden through the Enterprise Default Settings, in the case of an enterprise account, see details.
If you do not want SigningHub to add a unique identifier on the uploaded document, keep this check box unselected.

When allowed, the unique identifier field will be available on a document in the following areas:

  • The document viewer

Next

Click to move to the "Signatures" tab.


Signatures

The following image illustrates the default view of the "Signatures" tab on the Add Service Plan dialog.



  1. You can configure multiple signing servers under service plan for Server or Client Held Keys, at least one signing server must be configured under a service plan to perform signing.
  2. You can click on the add icon  to add a signing server.


The following table illustrates the fields and definitions of the "Signatures" tab in the Add Service Plan dialog.


Signatures tab

Fields

Description

Signature Pad

Enable the Signature Pad to capture hand signature images while signing

Check this check box to enable the users, belonging to this service plan, to perform hand signatures using signature pads. By default, this checkbox is unchecked.  

When the "Enable the Signature Pad to capture hand signature images while signing" option is enabled, a drop down with all the active signature pad connectors will appear. From the drop down, select a connector for using the signature pad. Click the eye icon  next to the selected connector to view its details.

Signature Appearance Designs

Signature Appearance Designs

Select the signature appearance designs (i.e., Hand Signatures Only, Hand Signature with Details and Logo, Hand Signature with Details or a Custom Appearance) to allow the users of the service plan to use for their signatures.

eSignature Signing Servers

Keys Location

Select "Server Held Keys" for server side signing and "Client Held Keys' if the signing server to be configured to perform client side signing. On selection of either option only the related signing servers will be shown in the list.

Signing Profile

Select a signing profile for this service plan. Only the active signing profiles are listed for selection. Signing profiles list appears on the basis of Keys Location selection, if server held keys option is selected then only the server side signing related signing profiles will appear and for client held keys only those signing profiles will appear for which at least client side signing is configured.
 
The selected profile will be used to create a document signature on SigningHub Desktop Web. Click the eye icon  to view the details of the selected profile. Signing profiles are managed through the signing profiles section. See details.

Level of Assurances

Select the level of assurance which you want your certification profile to feature, while producing a signing key for a user. These level of assurance terms are as per the eIDAS Standards. For details of these terms click here. Possible values are:

  • Electronic Seal (eSeal)
  • Advanced Electronic Seal (AdESeal)
  • Qualified Electronic Seal (QESeal)
  • Advanced Electronic Signature (AES)
  • High Trust Advanced Signature (AATL)
  • Qualified Electronic Signature (QES)


Upon selection of Electronic Seal (eSeal), Advanced Electronic Seal (AdESeal) and Qualified Electronic Seal (QESeal), the feature will enable the end-users to add their in-person and e-signatures in the documents as witness digital signatures by using the specified witness signing certificate.

You can also select multiple signing capacities to allow an enterprise user to add in-person and e-signatures in different positions/capacities within their organisation. These selected signing capacities will be available in the "Signature Settings" tab of an enterprise role.

One of the level of assurances can be set as default under enterprise role.

Advanced Electronic Signature (AES), High Trust Advanced (AATL) and Qualified Electronic Signature (QES),  are fully supported in SigningHub. These level of assurances provide the highest level of trust and assurance because these use unique signing keys for every signer. This directly links the user’s identity to the signed document such that anyone can verify it on their own using an industry standard PDF reader.

Furthermore, as the signer has sole control of their unique private signing key this ensures non-repudiation, i.e. even the service provider cannot be held responsible for creating the signature. SigningHub complies with eIDAS regulations for AES and QES using locally held credentials, such as a National eID card, or importantly remote signing where the user’s key is held securely, server-side. Remote signing has many benefits including the ability to sign from any machine without use of specialist devices like smartcards, hardware tokens and readers.

The advantage of using AES/QES is that they show exactly who signed the document.

QES are more trusted version of AES because they require the highest levels of security for the protection of the user’s signing key and also a formal registration process for the user to verify their identity by a qualified Certificate Authority. From a legal perspective QES can be considered even stronger than handwritten signatures as the burden of proof shifts to the signer to prove that they did not sign.

Signing Capacities

Select one or more Signing Capacities for the respective Level of Assurance.

  • This field is hidden by default and, upon selecting a Level of Assurance, it is displayed under the selected Level of Assurance. The following image illustrates the field behaviour.


  • The menu options display only those Signing Capacities that have the respective Level of Assurance configured with it. For example all Signing Capacities that have "Advanced Electronic Seal" as a Level of assurance will be shown under Advanced Electronic Seal (AdeSeal).


The selected Signing Capacities will be used to generate the certified asymmetric key pairs for server side signing. You can also select multiple Signing Capacities to allow an Enterprise User to sign in different positions/capacities within their organisation. The Signing Capacities selected here will be available under the "Signature Settings" tab of an Enterprise Role. 

Push Certificates to CSP

Select this option to enable the CSP provisioning, which allows SigningHub to automatically register the users and push their certificates in the ADSS CSP Service, when they sign a document.

ADSS CSP Service provides the capability to manage users and sign data while acting as a bridge between SigningHub and the Signing Service. It provides the required API interface for SigningHub to register and manage users, send signing requests, push user certificates, check status of signing requests and get the signatures (i.e. PKCS#1 signature). See details.


To use this feature, select the "Push newly created certificates to ADSS CSP" option. Select a CSP profile from the "Virtual ID Profile" drop-down list. This profile is used to manage users, certificates and their signing operations in the ADSS CSP Service. Only the active CSP profiles are listed for selection. Click the eye icon  to view the details of the selected profile. The CSP profiles are managed through the Virtual ID Profiles section; see details.

If you want SigningHub to delete a user including all associated certificates from ADSS CSP then select the "Automatically delete certificates and users from CSP when user is removed" option, when a user is deleted either through SigningHub Admin or Enterprise Admin.


  1. If only Electronic Seal (eSeal) is selected under Signing Server, then Push Certificates to CSP option will not appear.

Signature Appearance

Select the signature appearance that you want the users to use when they perform signatures using this signing server. The "Signature Appearance" list will display all the signature appearance designs that were earlier allowed on the "Signatures" screen will appear in the drop down. 

If the user selects a signature appearance that includes a logo, the "Signature Logo" field will appear, allowing the user to upload a logo. The "Signature Logo" is an optional field. The uploaded logo will be used in the signature appearance when signing with this specific signing server. If a logo has not been uploaded, the system will use the "Signature Logo" configured in the "Branding" section in SigningHub Web.

Only select a "Signature Appearance", if you want the users to use a fixed signature appearance while performing signatures with this specific signing server. If a signature appearance has not been selected, the system will allow the users to perform signing using the signature appearances allowed in the user role

In case of an individual user, if a signature appearance and logo have been configured against the signing server, when using this signing server to perform signatures the configured signature appearance and logo will be used.

  1. When a new signing server is configured in the user role, it will fetch any signature appearance configurations set against the signing server in the service plan, if any.
  2. When a new user is registered, if a signature appearance was set against this signing server in the service plan, it will be selected as the "Signature Appearance", by default, in the user's role.
  3. Upon changing the selected signature appearance, any uploaded logo will be removed as well.
  4. The "Signature Appearance" field appears for both; server-side signing servers, and local-side signing servers.
  5. For existing signing servers, by default,  the 'Signature Appearance" field will be empty.
  6. If a signature appearance has been selected against a signing server, and is later removed from the list of allowed "Signature Appearance Designs", the signature appearance will be removed from the signing server as well.

Electronic Seal Signing Servers

Signing Profile

Select an electronic seal signing profile for this service plan. Only the active electronic seal signing profiles are listed for selection. Signing profiles list displays all the ADSS and CSC Electronic Seal profiles as configured in the Electronic Seal Profiles section.
 
The selected profile will be used to create an electronic seal. Click the eye icon  to view the details of the selected profile.

In case of selecting an ADSS Electronic Seal signing profile, the "Level of Assurance" and "Signing Capacities" fields will appear.

  • Level of Assurance:
    Select the level of assurance which you want your certification profile to feature. These level of assurance terms are as per the eIDAS Standards. For details of these terms click here. Possible values are:
    • Electronic Seal (eSeal)
    • Advanced Electronic Seal (AdESeal)
    • Qualified Electronic Seal (QESeal)

You can also select multiple levels of assurance from the above options, to allow an enterprise user to add electronic seals in different positions/capacities within their organisation.

  • Signing Capacities:
    Select one or more Signing Capacities for the respective Level of Assurance.
    • This field is hidden by default and, upon selecting a Level of Assurance, it is displayed under the selected Level of Assurance. 
    • The menu options display only those Signing Capacities that have the respective Level of Assurance configured with it. For example all Signing Capacities that have "Advanced Electronic Seal" as a Level of assurance will be shown under Advanced Electronic Seal (AdeSeal).

The Signing Capacities selected here will be available under the "Signature Settings" tab of an Enterprise Role. 

  1. For existing signing servers, the "Signature Appearances" field will be empty.

Verification Profile

Verification Profile

Select a verification profile for this service plan. The selected profile will be used to fetch the revocation information at the time of signing, and to verify the document signatures. Click the eye icon  to view the details of the selected profile. Verification profiles are managed through the verification profiles section; see details.

Next

Click to move to the "Settings" tab.



  1. When adding a Signing Server for CSC, there is no signing capacities or level of assurance related information appears.
  2. When adding a Signing Server for Client Held Keys using either ADSS or CSC, no further options appear.
  3. When adding a Signing Server for Server Held Keys using the eID Easy, no further options appear.


Settings

The following images illustrates the default view of the "Settings" tab on the Add Service Plan dialog.




The following table illustrates the fields and definitions of the "Settings" tab on the Add Service Plan dialog.

Settings tab

Fields

Description

Password should be provided at time of user registration

When selected: 

  • It will allow SigningHub ID based authentication only (i.e., SigningHub ID & password) and a password must be set at the time of registration. 
  • It will add a couple of additional password related settings i.e. "User must change password at next login" and "Enable Password Expiry Duration" under the Enterprise Password Strength Policy; see details.

When deselected:

  • It is not required to set a user password at the time of registration. A user can be auto-activated while registering via authentication methods other than SigningHub ID (i.e. Active Directory, Salesforce, Google, Office 365, Linked-in, OTP, itsme, etc.).

Authentication Profiles

This field will load private authentication profiles, which are specifically used for corporate logins and signing authentication.
Select the required authentication profile(s) for this service plan, to allow multiple modes of authentication to the corporate users. The selected profile(s) (from here) will be available to the Enterprise Admins in SigningHub Desktop Web, under the "Authentication" and "Signature" tab of Enterprise Roles. An Enterprise Admin can then configure these profiles with their enterprise users roles to facilitate corporate logins and siging for their enterprise. 

In case of selecting multiple profiles, the "Default Authentication Profile" field will appear below the (selected) private authentication profiles list. Choose an authentication profile that could be shown as the default authentication method to the Enterprise Admins, under the "Authentication" tab of Enterprise Roles.

Workflow Evidence Recording

Select the process evidence information level for this service plan, i.e. "Basic" or "Detailed with Workflow Evidence Report". 
The "Basic" level lets the SigningHub web user to view limited reporting information, i.e. Document Logs and Activity Logs only. However, the "Detailed with Workflow Evidence Report" level allows the SigningHub user to view every bit and byte of the workflow process in the form of a detailed Workflow Evidence Report, in addition to viewing the normal Document Logs and Activity Logs.

In case you select "Detailed with Workflow Evidence Report", the option to delete document logs on generation of Workflow Evidence Report is displayed. 
 
Delete Document logs on generation of Workflow Evidence Report
As the field label says, on selecting the check box, system will delete the document logs from the Workflow History dialog when the workflow is marked "Completed" and the Workflow Evidence Report is successfully generated. These detailed document logs will then only be available in the downloaded PDF of Workflow Evidence Report under the "Audit Trail" section. 


  1. The following will not become part of the details log under the "Workflow History" dialog:
  • Preview of email notification sent to document owner
  • Preview of signature image

Enable One Time Password (OTP)

Check this check box to enable One Time Password (OTP) for server-side signing, login and document opening.
OTP is a security system that requires a new password every time a user authentication occurs, thus protecting users from any intruders replaying an intercepted password.


When the "Enable One Time Password (OTP)" is enabled, the following fields will appear:

  • Check the "Enable Email OTP" check box; to get one time password via Email.
  • Check the "Enable SMS OTP" check box; to get one time password via SMS. When the "Enable SMS OTP" option is check box is checked, the "SMS Gateway" field will appear.
    • The "SMS Gateway" field to select an SMS gateway for sending SMS OTP from SigningHub to the users' mobile phones. Only the active SMS gateways are listed for selection. Click the eye icon  to view the details of the selected gateway. SMS gateways are managed through the connectors section, see the ClickatellTwilio, or SMS connectors.
  • The "OTP Length" field to specify the OTP length (total number of OTP digits required). SigningHub currently supports 4, 6, and 9 digits OTP and the default value for this field is 6.
  • The "OTP Expiry (secs)" field to specify the auto-expiration time of the OTP for end users. SigningHub allows the value between 30-300 seconds and  the default value for this field is 60 seconds.
  • The "OTP Retry Interval (secs)" to specify the interval for OTP retry in case of failure. SigningHub allows the value between 5-300 seconds and the default value for this field is 15 seconds.


  1. The gateway used for sending Email OTP is configured  under Enable SMTP Server. If SMTP server is down, inactive or disabled in service plan then the default SMTP server will be used as a fallback gateway.
  2. When the "Enable One Time Password (OTP)" check box is checked, the user must select at least one OTP method i.e., "Enable Email OTP" or "Enable SMS OTP".
  3. SigningHub sends OTP via both Email and SMS, simultaneously, when both "Enable Email OTP" and "Enable SMS OTP are checked. 

Enable Time based One Time Password (TOTP)

Check this check box to enable Time based One Time Password (TOTP) for login, server-side signing, and document opening. By default, this check box will remain unchecked. 

A Time based One Time Password (TOTP) is a temporary passcode generated by an algorithm that uses the current time of day as one of its authentication factors. Time based One Time Passwords provide additional security as even if a user's traditional password is stolen or compromised, an attacker cannot gain access without the TOTP, which expires quickly.

  1. When a user under this role is prompted to provide a Time based One Time Password, for the first time, they will be sent an email to configure two factor authentication (2FA) on their mobile device.
  2. To configure the two factor authentication (2FA) the user will need to install an authenticator app (Google Authenticator, Microsoft Authenticator, etc.) on their mobile device. The email sent to the user to configure two factor authentication (2FA) will contain:
    • QR Code
    • Manual Key
    • Recovery Codes

To set up, the user can either scan the "QR Code" or manually input the "Manual Key" in the Authenticator app. Once the registration is successful, the user can provide the automatically generated Time based One Time Password from the Authenticator app to SigningHub in order to proceed. The list of recovery codes included in the configuration email can be used in place of a Time based One Time Password, once each recovery code, to regain access to your SigningHub account, in case you lose access to your mobile device. It is advised to save the recovery codes in a safe place. The user can however, regenerate a new list of the recovery codes from the Manage Two Factor Authentication (2FA) option

Enable SMTP Server

Select this check box to enable SMTP server for this service plan. 
SMTP server provides the email gateway service to the SigningHub Desktop Web. If this option is not enabled then the default SMTP server will be used to send the email notifications.   

When enabled, the "SMTP Server" field will appear from where you can select an SMTP server for sending-off the email notifications from the SigningHub Desktop Web. All the active/inactive SMTP Servers are available here for selection. However when you select an inactive SMTP Server, then the default SMTP server will be used as a fallback approach.
  
Click the eye icon  to view the details of the selected server. The email gateways are managed through the connectors section; see details. Important points to note:

  • If emails are to be sent on behalf of a document owner, then the SMTP server configured in the document owner's service plan will be used.
  • If emails are to be sent on behalf of a recipient, then the SMTP server configured in the recipient's service plan will be used. However, if the recipient is not a registered user (i.e. Guest user) then the SMTP server configured in the document owner's service plan will be used.
  • If the email notifications are related to system health, license expiry and other parts of the system, then the default SMTP server will be used.
  • If the selected SMTP server is down or inactive, then the default SMTP server will be used as a fallback gateway to send-off all types of email notifications.

Enable SMS Notifications

Select this check box to enable SMS Notifications for this service plan. When the "Enable SMS Notifications" option is enabled, the "SMS Gateway" field will appear from where you can select an SMS Server for sending-off the SMS notifications. By default, the system will choose an active SMS Server but the user manually can select the required server from the list of the active SMS Servers.

Click the eye icon  to view the details of the selected server. The SMS gateways are managed through the connectors section; see details

When SMS notifications are enabled, the user will be able to select from the following delivery methods for the recipients:

  • Email
  • SMS
  • Email & SMS


The recipients will be able to receive notifications via SMS containing tiny a URL for the relevant document. When the URL is opened, the user will be redirected to the SigningHub Native Apps, if installed, otherwise to the App Store/Play Store, as applicable. The SMS notifications will be sent for the following actions:

  • When a document has been shared or bulk shared
  • When a document has been recalled
  • For a sign-off reminder
  • When a document has been signed
  • When a document has been processed by others
  • When a document has been processed by me
  • When a comment  has been added to a document
     

  1. The "SMS" and "Email & SMS" will not be available as delivery methods for the following:
    • When the recipient is a group
    • When the recipient is a placeholder
    • For an electronic seal
    • When the role of the recipient is "Send a Copy"


Enable auto deletion of inactive users

Select this check box to enable the auto deletion utility for inactive users. SigningHub will automatically delete the inactive users (belonging to this service plan) along with their respective information (i.e., activity logs, documents and associated data, enterprise and all associated data etc.) from the system. Inactive users are those users who have not performed any activity on SigningHub over a certain (definable) number of days. 
When this option is enabled, the following fields will appear:

  • The "Delete users which are inactive for (days)" field to specify the number of days, a user must have been inactive for, after which SigningHub should auto delete an inactive user. This is the time-period during which the user should not have perform any activity on SigningHub. 
  • Tick the "When deleting a user, notify the user before (days)" check box to send a notification email to the respective user prior to deleting their details. A field will appear to specify the number of days SigningHub should send this notification before, deleting such users. 
    Keep this check box deselected, if you don't want to notify the users before deleting their details.

  1. SigningHub auto deletes inactive guest users from the system after 60 days, without sending them notification emails, irrespective of their service plan.

Next

Click to move to the "Billings" tab.


Billing

The following image illustrates the default view of the "Billing" tab on the Add Service Plan dialog.



The following table illustrates the fields and definitions of the "Billing" tab on the Add Service Plan dialog.

Billing tab

Fields

Description

Billing Mode

Select a billing mode for this service plan, i.e. "Online", "Offline", "None" or "Trial".

  • "Online" billing implies that payment is to be made through a payment gateway as configured in Billing settings. This mode is recommended for public service plans. The quota (i.e., signatures and workflows) is reset when the recurrent payment is made on the billing date.
  • "Offline" billing implies that payment is to be added manually in the system through SigningHub Admin. This mode is recommended for custom/private service plans, and is also useful in the cases where online payments may fail due to any technical reason. In this case, once the manual payment has been made, the quota (i.e., signatures and workflows) will reset as usual when the recurrent payment is made on the billing date.
  • "None" implies that the billing is not enabled. The accounts related to this service plan will be free of charge and will never expire. They can consume the allowed number of signatures and workflows. This option is usually selected for the on-premises deployments of SigningHub. You can reset the quota (i.e., signatures and workflows) manually from the Accounts page using the Reset User Statistics option.
  • "Trial" implies that this service plan is for trial/ testing purpose. The accounts related to this service plan will be free of charge. It further provides an option to configure two different settings including;
    • Select the "Auto Reset" check box to reset the allowed number of signatures and workflows on monthly basis. This way the users related to this service plan can continue using their SigningHub accounts as they will get a fresh quota (i.e., signatures and workflows) on the beginning of every month.
    • Keep the "Auto Reset" check box deselected to halt the SigningHub services after the allowed number of signatures and workflows have been consumed. This way the users related to this Service Plan will have to buy a Service Plan to continue using their SigningHub accounts. As they can login to their accounts, but will not get a free quota of signatures and workflows each month.

Payment Type

For Online and Offline billing modes, the payment type can either be "Pay Regularly" or "Pay As You Go". 

  • The "Pay Regularly" payment type is recommended, when payment is to be made on a regular basis (monthly/ annually) against a continuous service plan.
  • The "Pay As You Go" payment type is recommended, when payment is to be made after consuming the allowed signature pack.

Monthly/Yearly

This field only appears when "Pay Regularly" has been configured in the "Payment Type" field above. For the "Pay Regularly" payment type, specify the monthly and/or yearly price in the default currency, as set in the Billing configurations. 

  • The monthly payment will be made automatically on the 31st day from the subscription date and the signature pack of the subscribers will be reset.
  • Similarly, the yearly payment will be made automatically on the 366th day from the subscription date and the signature pack will be reset accordingly. Special discounts can also be offered on annual payments.

Price

This field only appears when "Pay As You Go" has been configured in the "Payment Type" field above. For the "Pay As You Go" payment type, specify signature pack price in the default currency, as set in the Billing configurations.

Finish

Click to save the information entered on the Add Service Plan dialog and create a new Service Plan accordingly.


  1. When a new user subscribes to a service plan, they will see a welcome document in their inbox for test signing. The signature field inside the welcome document will have eSeal as a level of assurance and will produce witness digital signature.
  2. The "Pay As You Go" plans do not support recurrent payments.
  3. Choose "Pay As You Go" as the "Payment Type", when "SSLCommerz" is configured as the payment gateway.


Example

Let's take an example of a fictitious smartphone manufacturing company, named "The Phones Corporation", for which we need to create a service plan. The following image illustrates the example entries on the "Basic Information" tab.




In the "Constraints" tab, "The Phones Corporation" is allowed unlimited access to the SigningHub features as shown in the image below.



In the "Documents" tab, a set the Levels of Assurance and the default Level of Assurance has been selected that we need the Enterprises to have. In addition, PDF/A Compliancy has also been enabled.



In the "Signatures" tab, "Advanced Digital Signature Signing (ADSS)" is used and configured for server side signing along with Electronic Seal (eSeal), Advanced Electronic Seal (AdESeal), Qualified Electronic Seal (QESeal), Advanced Electronic Signature (AES), High Trust Advanced Signature (AATL), and Qualified Electronic Signature Demo (QES) level of assurances and their respective signing capacities. In addition, we will select the signature appearance design and default verification profile for this service plan. The following image illustrates this configuration.



In the "Settings" tab, the Service Plan has Workflow Evidence Recording, and Enable OTP options configured.


We know that this use case of a fictitious company, "The Phones Corporation" will be used for demo purposes; therefore, in the "BIlling" tab the billing is set to "None". The billing preferences of your service plan will be subject to your needs. 




See Also