The Login Authentication tab lets you configure a private authentication method in a role. This method is specifically used for the login authentication of your enterprise users, and will not be available to public users under the "More Login Options" link of login screen.

At the time of login, SigningHub will check the IDs of your enterprise users and allow them to only authenticate themselves through the private method configured in their role. However they can also login by using "More Login Options" link, if you allow them to use public authentication methods. 

Configure login authentication in a role 

  1. Login with your enterprise admin credentials.
  2. Click your profile drop down menu (available at the top right corner).
  3. Click the "Enterprise Settings" option.
  4. Click the "Roles" option from the left menu.



  1. Search/ move to the role to edit and click  adjacent to it. The "Edit Role" screen will appear for re-configurations.



  1. Click the "Login Authentication" tab. 
    Configure the authentication fields as required, see their description in the "Login Authentication" table below.



  1. Click the "Save" button.


Login Authentication

Fields

Description

Default Authentication Method

Field to select a private authentication profile for the enterprise users belonging to this role. The drop down will show the list of authentication methods that are allowed in your service plan. 
When selected, the enterprise user will have to enter their registered ID in the login screen, SigningHub will read their ID and will automatically open the configured (private) authentication method (i.e. SSL authentication, Microsoft Active Directory, Salesforce, Google, etc.) screen for their authentication.

Select the "None" option to disable the private authentication for this role. In this case SigningHub will let your enterprise users to use any public authentication from the "More Login Options" link of login screen.

Allow public authentication methods

Tick this check box to allow the enterprise users of this role to either use any public authentication method from the "More Login Options" link of login screen, or use the set private authentication method above to authenticate themselves.  In this way they will have the option at the login time, whether to get themselves authenticated via any public authentication method or through the set private authentication method.
 
If you leave this check box unticked against a configured private authentication method, the "More Login Options" link of login screen will be inaccessible to the enterprise users of this role.

Secondary Authentication Method

Field to enforce the enterprise users of this role, to use a secondary authentication method in conjunction with any of the private/ public authentication method. The drop down will show the list of secondary authentication methods that are allowed in your service plan i.e. One Time Password or Time based One Time Password.

The enterprise users of this role will have to first provide the correct credentials of private/ public authentication method, and then based on their selected option, provide either: 

    • One Time Password: An OTP will be sent on their mobile devices. The mobile number of an enterprise user on which the OTP is required to send, can be added in their personal profile, see details.
    • Time based One Time Password: The TOTP from the configured authenticator app on their mobile devices. The two-factor authentication (2FA) can be configured by the user in their personal profile.  

Select the "None" option to disable the secondary authentication method for this role.


  1. When you update a role in a production environment, the saved changes are available to the related users on their next login.
  2. ​​A private authentication profile is the one that is exclusively used for corporate logins and is not available to the end users (public) on their Login screen and Integration screen of SigningHub Desktop Web. The availability of private authentication profiles, is subject to your subscribed service plan. If you cannot find this option in your account, upgrade your enterprise service plan.
  3. The availability of Time based One Time Password, and One Time Password as a secondary authentication method is subject to your subscribed service plan.
  4. Once the enterprise administrator enforces Time based One Time Password as a secondary authentication method on to a role, and a user under that role does not have two factor authentication (2FA) configured at the time of login, they will be sent an email to set up and to provide a Time based One Time Password. If the user has already configured two factor authentication (2FA) they will be prompted to provide the Time based One Time Password from the authenticator app configured on their mobile device.
  5. To configure the two factor authentication (2FA) the user will need to install an authenticator app (Google Authenticator, Microsoft Authenticator, etc.) on their mobile device. The email sent to the user to configure two factor authentication (2FA) will contain:
    • QR Code
    • Manual Key
    • Recovery Codes

To set up, the user can either scan the "QR Code" or manually input the "Manual Key" in the Authenticator app. Once the registration is successful, the user can provide the automatically generated Time based One Time Password from the Authenticator app to SigningHub in order to proceed. The list of recovery codes included in the configuration email can be used in place of a Time based One Time Password, once each recovery code, to regain access to your SigningHub account, in case you lose access to your mobile device. It is advised to save the recovery codes in a safe place. The user can however, regenerate a new list of the recovery codes from the Manage Two Factor Authentication (2FA) option. In case enterprise user loses access to your mobile device and recovery codes, or have used all of the recovery codes, you can ask your enterprise admin to reset the two factor authentication (2FA) against your account.


See Also