When the documents are shared on the web with other users, it's important to upscale the security levels for preventing fraudulent attempts and bad actors compromising your document security. SigningHub provides you with three methods that can be configured for either individual or all recipients collectively:
- Document access duration - to allow document access only for a specified duration
- Document access authentication - to authenticate the recipient through a specified password, an OTP or a Time based One Time Password when attempting to access the document
- Document signing authentication - to authenticate the recipient through an OTP or a Time based One Time Password when attempting to sign the document
In case the authentication/validation fails in any of the above scenarios, the recipient will be restricted to access/sign the document.
By default these document security features are disabled for a new workflow. You can always enable them as required before sharing.
The following image illustrates the Set Access Security dialog.
The following image illustrates the names, description, and the default behaviour of the fields on the Set Access Security dialog.
Document Access Security
|
Fields
|
Description
|
Default Behaviour
|
Recipient
|
Displays the recipient name for which the Set Access Security dialog has been opened. You can select a different recipient from the dropdown to apply the security access settings. In addition, you can also select "Apply to all" to apply the settings to all the recipients that are already added to the document.
|
Selected
|
Document access duration
|
Select the check box to allow document access only for a specified duration for the selected or all recipients. You can specify the access duration via specific date and time or a number of days.
On selecting the check box shown in the image below, the following options will be displayed:
Set a specific start and end date/time for a recipient to access the document. The recipient will not be able to access the document beyond this duration. If the document is not processed within the specified time, the document will be considered declined.
Set a number of days in which a recipient can sign the document after receiving it. The recipient will not be able to access the document after this duration. Also if the document is not processed within the specified days, the document will be considered declined.
|
Disabled
|
Document access authentication
|
Select the check box to enable recipient authentication through a specified password or an OTP when attempting to access the document.
On selecting the checkbox shown in the image below, the following options will be displayed:
Set a password that the recipient would need to provide in order to access the document. While typing in a password, the Password Policy will be displayed. SigningHub will allow you to specify a password that complies with the given Password Policy. Password Policy will be configured at Enterprise level or Administrator level according to account type.
The following image illustrates the Password Policy displaying with the Password field.
|
If the document owner is a part of an enterprise then the Password Policy defined in Enterprise Advanced Settings will be followed. If document owner is an individual user then Password Policy defined in SigningHub Admin Global Settings will be followed.
|
This option will let the document owner send an OTP to the recipient that will used for the purpose of recipient authentication. Whenever the recipient will try to open this document an OTP will be sent to the recipient's email, mobile number, or both depending upon the document owner's service plan configuration. When the service plan allows "SMS OTP", a field to specify the mobile number of a recipient to send an OTP will be displayed. The document will be accessible only upon providing the correct OTP. By default, the specified number is displayed partially masked to comply with the GDPR policy. Click to view the complete number.
|
- The OTP authentication option will only be displayed if the "Enable One Time Password (OTP)" option is enabled in the document owner's service plan. If you cannot find this option in your account, upgrade your service plan.
- The OTP method under "OTP Authentication" will be the same as per the configured OTP method in the document owner's service plan.
- "(Email)", in case only "Email OTP" is configured in the service plan
- "(SMS)", in case only "SMS OTP" is configured in the service plan
- "(SMS and Email)", in case both "Email OTP" and "SMS OTP" are configured in the service plan
- In the "Mobile Number" field, enter the recipient's mobile number on which the OTP will be sent via SMS. The full international number must be entered in the 00 44 234334334 or +44 234334334 format. By default, the specified mobile number is displayed partially masked to comply with the GDPR policy. Click to view the complete number.
- If the recipient's mobile number exists in the user's personal or enterprise contacts, the "Mobile Number" field will be auto-populated with the mobile number.
- For the current logged-in user, in case two different mobile numbers have been configured in the user's profile and the user's contacts, the system will auto-populate the "Mobile Number" field with the number configured in the user's profile.
- When the delivery method is either "SMS" or "Email & SMS", the provided mobile number in case of a guest user, will be auto-populated in the the "Mobile Number" field.
|
- Time based One Time Password
This authentication option will let the recipient access the document after they have entered the Time based One Time Password. Whenever the recipient will try to open this document they will be prompted to enter the Time based One Time Password from the authenticator app configured on their mobile device. In case the recipient has not configured two factor authentication (2FA), upon trying to access a document that requires Time based One Time Password, an email will be sent to their email address to configure two factor authentication (2FA). The document will be accessible only upon providing the correct Time based One Time Password.
|
- The Time based One Time Password option will only be displayed if the "Enable Time based One Time Password (TOTP)" option is enabled in the document owner's service plan. If you cannot find this option in your account, upgrade your service plan.
- If the user does not have two factor authentication (2FA) configured, they will be sent an email to set up and to provide a Time based One Time Password. If the user has already configured two factor authentication (2FA) they will be prompted to provide the Time based One Time Password from the authenticator app configured on their mobile device.
- To configure the two factor authentication (2FA) the user will need to install an authenticator app (Google Authenticator, Microsoft Authenticator, etc.) on their mobile device. The email sent to the user to configure two factor authentication (2FA) will contain:
- QR Code
- Manual Key
- Recovery Codes
To set up, the user can either scan the "QR Code" or manually input the "Manual Key" in the Authenticator app. Once the registration is successful, the user can provide the automatically generated Time based One Time Password from the Authenticator app to SigningHub in order to proceed. The list of recovery codes included in the configuration email can be used in place of a Time based One Time Password, once each recovery code, to regain access to your SigningHub account, in case you lose access to your mobile device. It is advised to save the recovery codes in a safe place. The user can however, regenerate a new list of the recovery codes from the Manage Two Factor Authentication (2FA) option. In case enterprise user loses access to your mobile device and recovery codes, or have used all of the recovery codes, you can ask your enterprise admin to reset the two factor authentication (2FA) against your account.
|
|
Disabled
|
Document signing authentication
|
Select this check box to enable recipient authentication through OTP process when attempting to sign the document.
On selecting the checkbox shown in the image below, the following options will be displayed:
This option will let the document owner send an OTP to the recipient that will used for the purpose of signing authentication. Whenever the recipient will try to sign this document an OTP will be sent to the recipient's email, mobile number, or both depending upon the document owner's service plan configuration. When the service plan allows "SMS OTP", a field to specify the mobile number of a recipient to send an OTP will be displayed. The document will be signed only upon providing the correct OTP. By default, the specified number is displayed partially masked to comply with the GDPR policy. Click to view the complete number.
- Time based One Time Password
This authentication option will let the recipient sign the document after they have entered the Time based One Time Password. Whenever the recipient will try to sign this document they will be prompted to enter the Time based One Time Password from the authenticator app configured on their mobile device. In case the recipient has not configured two factor authentication (2FA), upon trying to sign a document that requires Time based One Time Password, an email will be sent to their email address to configure two factor authentication (2FA). The document will be signed only upon providing the correct Time based One Time Password.
|
- In the following cases, the "Document Signing Authentication" option is not available on the "Set Access Security" dialog:
- For the recipients of type "Reviewer" , "Editor" or "Send A Copy"
- Workflow type is set to "Individual"
- Recipient is a Group signer
- One Time Password (OTP) and Time based One Time Password options are disabled in the service plan
- In the "Mobile Number" field, enter the recipient's mobile number on which the OTP will be sent via SMS. The full international number must be entered in the 00 44 234334334 or +44 234334334 format. By default, the specified mobile number is displayed partially masked to comply with the GDPR policy. Click to view the complete number.
- If the recipient's mobile number exists in the user's personal or enterprise contacts, the "Mobile Number" field will be auto-populated with the mobile number.
- For the current logged-in user, in case two different mobile numbers have been configured in the user's profile and the user's contacts, the system will auto-populate the "Mobile Number" field with the number configured in the user's profile.
- When the delivery method is either "SMS" or "Email & SMS", the provided mobile number in case of a guest user, will be auto-populated in the the "Mobile Number" field.
- The following rules will be followed for initiating the OTP process:
- The system will initiate when the recipients attempt to sign a signature field, and will not initiate OTP process when recipient attempts to mark an Initials field.
- Even if Document Signing OTP Authentication is configured, OTP process will fail to initiate in case the signer is performing Bulk Sign.
- When the recipient is a registered user and attempts to sign a signature field, the system will follow the OTP authentication settings (including mobile number) as configured by document owner via "Set Access Security" dialog.
- In case the OTP authentication is not configured by the document owner, the system will follow the OTP authentication settings configured in the Enterprise Role while using the mobile number specified on the user's "My Settings" page.
- In case OTP authentication is not configured in the Enterprise Role or Service Plan, then OTP process will not initiate.
- When the recipient is a guest user and attempts to sign a signature field, the system will follow the OTP authentication settings (including the mobile number) as configured by document owner via "Set Access Security" dialog.
- In addition, even if the OTP authentication is configured in the Enterprise role, OTP process will still not initiate.
- This OTP authentication option will only be displayed if the "Enable One Time Password (OTP)" option is enabled in the document owner's service plan. If you cannot find this option in your account, upgrade your service plan.
- The OTP method for "Document Signing OTP Authentication" will be the same as per the configured OTP method in the document owner's service plan.
- "(Email)", in case only "Email OTP" is configured in the service plan
- "(SMS)", in case only "SMS OTP" is configured in the service plan
- "(SMS and Email)", in case both "Email OTP" and "SMS OTP" are configured in the service plan
- The Time based One Time Password option will only be displayed if the "Enable Time based One Time Password (TOTP)" option is enabled in the document owner's service plan. If you cannot find this option in your account, upgrade your service plan.
- If the user does not have two factor authentication (2FA) configured, they will be sent an email to set up and to provide a Time based One Time Password. If the user has already configured two factor authentication (2FA) they will be prompted to provide the Time based One Time Password from the authenticator app configured on their mobile device.
- To configure the two factor authentication (2FA) the user will need to install an authenticator app (Google Authenticator, Microsoft Authenticator, etc.) on their mobile device. The email sent to the user to configure two factor authentication (2FA) will contain:
- QR Code
- Manual Key
- Recovery Codes
To set up, the user can either scan the "QR Code" or manually input the "Manual Key" in the Authenticator app. Once the registration is successful, the user can provide the automatically generated Time based One Time Password from the Authenticator app to SigningHub in order to proceed. The list of recovery codes included in the configuration email can be used in place of a Time based One Time Password, once each recovery code, to regain access to your SigningHub account, in case you lose access to your mobile device. It is advised to save the recovery codes in a safe place. The user can however, regenerate a new list of the recovery codes from the Manage Two Factor Authentication (2FA) option. In case enterprise user loses access to your mobile device and recovery codes, or have used all of the recovery codes, you can ask your enterprise admin to reset the two factor authentication (2FA) against your account.
|
|
Disabled
|
Save
|
Click to save the information entered on the dialog.
|
|
Cancel
|
Click to discard the information entered on the dialog.
|
|
To set access duration via date and time
Considering the screenshot scenario, the document will be accessible to "Simon Gill" only from March 27, 2023 11:25:38 to March 31, 2023 11:20:38 for processing. The document will be considered declined if it is not processed within this time-period.
To set access duration via days
Considering the screenshot scenario, the document will be accessible to "Simon Gill" for the next 14 days after receiving it. The document will be considered declined if it is not processed within this time-period.
To set document access authentication
Password Authentication
Considering the screenshot scenario, the recipient "Simon Gill" will have to provide this (specified) password to access and process the document.
OTP Authentication
Considering the screenshot scenario, an OTP will be sent to the email address and specified mobile number of "Simon Gill", whenever he attempts to access the document. He must provide the received OTP to access and process the document.
Time based One Time Password
Considering the screenshot scenario, "Simon Gill" will be prompted to provide the Time based One Time Password whenever he attempts to access the document.
To set document signing authentication
OTP Authentication
Considering the screenshot scenario, an OTP will be sent to the email address and specified mobile number of "Simon Gill", whenever he attempts to sign the document. He must provide the received OTP to sign the document.
Time based One Time Password
Considering the screenshot scenario, "Simon Gill" will be prompted to provide the Time based One Time Password whenever he attempts to sign the document.
|
- A document owner can edit recipient permissions even after the document has been shared with the recipients. However, if a read-only template has been used, the document owner won't be able to edit recipient permissions after sharing the document.
- In the service plan, if under "Enable One Time Password (OTP)", the "Email OTP" was checked and the "SMS OTP" was unchecked, and the document owner shared the workflow with either the "Document Access Authentication" and/or "Document Signing OTP Authentication" but before the recipient could process the document, under "Enable One Time Password (OTP)", "Email OTP" was unchecked and the "SMS OTP" was checked, the system will prompt an error and the recipient will be unable to access the document. In this case, the recipient should ask the document owner to configure the recipient's mobile number in the "Set Access Security" dialog of the shared workflow.
- If the "Set Document Access Authentication for all recipients" option is selected against the document owner's user role, the document owner will not be allowed to share the workflow until "Document Access Authentication" is set for all the recipient in the workflow.
- If the "Set Document Signing Authentication for all recipients" option is selected against the document owner's user role, the document owner will not be allowed to share the workflow until "Document Signing Authentication" is set for all the recipient in the workflow.
- The option to configure "Recipient Permissions", Document Access Security", Auto Reminders", and Email Reminders" is not available for an electronic seal which has been added to the workflow.
|
See Also