When using an on-premises installation, SigningHub gives you an option to pre-authorise users in your Directory so that they may serve as your registered enterprise users. In this way, your enterprise users can use their Directory credentials (i.e. organizational domain user ID and password) for SigningHub authentication, and wont even need to create their SigningHub IDs. 

Pre-authorise your users 

  1. Browse your local on-premises installation URL.
  2. Login with your enterprise admin credentials.
  3. Click your profile drop down menu (available at the top right corner).
  4. Click the "Enterprise Settings" option. 
  5. Click the "Users" option from the left menu.
  6. Click the "Auto Provision Users" tab.
  7. Tick the "Automatically register the users" check box.
  8. The "Authentication Profile" field will appear, listing all the Active Directory Authentication Profiles and the Azure Active Directory Authentication Profiles configured in SigningHub Admin console. Select the required authentication profile from the list.
  9. Click the "Save" button.


All the users that belong to the selected authentication profile will be authorised through Azure Active Directory upon Login, and will be automatically registered and activated in SigningHub under the default SigningHub role, provided that provisioning is not enabled by any other enterprise within the same on-premises deployment. 



This implies, if multiple enterprises have been configured within an on-premises deployment, then the "Automatically register the users" check box should be ticked for only one enterprise.


You can also give the role based access of SigningHub (i.e. Enterprise Admin, or Enterprise Users, etc) at Security Group level. SigningHub allows you to manage (Add, Edit, and Delete) the Security Groups from the same screen.


Assign a custom role to a Security Group

  1. Click  from the Security Group grid header. The "Add Security Group" dialog will appear.



  1. Select the required security group from the "Security Group" field. These security groups are defined in the Authentication Profiles configured in SigningHub Admin console. 



  1. Now select a role to assign to this security group and click the "Save" button. The default role is shown automatically selected for the security group, change it as required.


The added security group will be listed inside the Security Group grid. All the users that belong to the security group will be automatically registered and activated in SigningHub under the specified role.
Once all the security groups inside your (selected) Authentication Profile (see the point 8 above) are added in the grid, the  button will be disabled.


Edit the assigned role of an Active Directory security group

  1. Move to the security group whose role is required to edit and click  adjacent to it.



  1. Edit the assigned role from the next appearing dialog.
  2. Click the "Save" button.


Delete the assigned role and Active Directory security group association

  1. Select the security group(s) to delete and click  from the grid header.



  1. When using Active Directory authentication for SigningHub Desktop Web, the users to be authenticated should be the part of the same domain where SigningHub has been deployed, e.g. if the users belong to the "Ascertia" domain, then SigningHub should also be deployed on the "Ascertia" domain.  



See Also