Home > Configure Enterprise Settings > Manage your users roles > Configure Signature Settings

Configure Signature Settings

Signature settings are all about configuring the allowed signing methods (i.e. Server-side Signing, Client-side (Local) Signing, and/or Mobile Signing), authentication methods (i.e. No Authentication, OTP via SMS, SigningHub ID, Microsoft Active Directory, Salesforce, Freja eID, etc.) and signing capacities in a role. You can separately configure these settings for web browsers and mobile apps, and choose a default signing method for each case. 


You can also configure Remote Authorised Signing here, which allows a user to authorise a remote signature (done on server) using their registered mobile device. The device will have its user authentication built-in (touchID or PIN), so in a way they can also configure two-factor authentication.

Furthermore, this section lets you manage signing reasons, which are used in the Signature Appearance, and become the permanent part of a PDF signature. The signing reasons can optionally be shown in the signed PDF document.


Configure Signature Settings in a Role 

  1. Login with your enterprise admin credentials.
  2. Click your profile drop down menu (available at the top right corner).
  3. Click the "Enterprise Settings" option.
  4. Click the "Roles" option from the left menu.

          
      5. Search/ move to the role to edit and click  adjacent to it. The "Edit Role" screen will appear for re-configurations.

         
     6. Click the "Signature Settings" tab. The first tab i.e. "Signature Settings" will be opened by default. 

         

     7. Click the "Save" button after selecting the desired signing method as default.
    

 

Signature Settings

Fields

Description

Allowed Signing Methods for Web Browsers

Server-side Signing

Tick this option to allow server-side signing for the web browsers. As a result, the following four fields will appear:

  • Signing Capacities
  • Default Signing Capacity
  • Authentication Method
  • Secondary Authentication Method

Signing Capacities
This field lets you configure different signing capacities for your enterprise user(s). It enables a user to sign on multiple positions within an organisation. When configured, SigningHub creates multiple certificates for the user as per their allowed capacities. The user can pick a desired capacity at the signing time, and the related certificate will be used in their signature.

Add the signing capacities as required for the enterprise user(s) belonging to this role. The options populating inside the drop down are those that are allowed in your service plan.

Default Signing Capacity
Select a capacity from the added ones in this field that could be shown as the default signing capacity to the user(s) while signing. The enterprise user(s) can override this default capacity from their personal signing details settings. This configuration is applicable when performing server side signing through web browsers. 

In a scenario where one or more enterprise users can have the same signing capacities within your enterprise, create a specific role with those capacities and simply assign it to them. However when each user has different set of signing capacities, then create an exclusive role for each user and configure their signing capacities accordingly. 
For more details, see Configuration Guide.

Authentication Method
Select an authentication method* (i.e. No Authentication, OTP via SMS, SigningHub ID, Active Directory, Salesforce, Microsoft Office 365, Bank ID, etc.) from the "Authentication Method" field for this role. The methods populating inside the drop down are those that are allowed in your service plan. The selected method will be used as primary authentication method, when your enterprise users sign their documents through any web browser. See the authentication methods' details below.

Secondary Authentication Method
Select another authentication method (i.e. OTP via SMS, Authorisation via Mobile App, or None) from the "Secondary Authentication Method" field. This method will be used in addition to the above mentioned authentication method, giving your enterprise users a provision to use two-factor authentication at the signing time. If you don't want to configure two-factor authentication for signing through web browsers, select "None" from this field.

In case of configuring Remote Authorised Signing (RAS), select the "Authorisation via Mobile App" option from either of the above mentioned fields (i.e. Authentication Method or Secondary Authentication Method). 
For more details, see Configuration Guide.

Client-side (local) Signing

Tick this option to allow client-side signing for the web browsers.
This will display the "Show local sign connectivity wizard on login‏" option. Tick it to allow SigningHub to run a connectivity wizard on login, to ensure if local signing is correctly configured with your enterprise user's account. This wizard will only appear on those enterprise users' screens who have configured local signing in their Signing Details

Default Signing Method

In case of selecting multiple signing methods above, choose a default signing method for web browsers. The default option configured from here will be shown as pre-selected signing method to your enterprise users in their personal signing details settings. They can however override this default signing method as required from there.

Allowed Signing Methods for Mobile Apps

Server-side Signing

Tick this option to allow server-side signing for the mobile apps. As a result, the following four fields will appear:

  • Signing Capacities
  • Default Signing Capacity
  • Authentication Method
  • Secondary Authentication Method

Signing Capacities
This field lets you configure different signing capacities for your enterprise user(s). It enables a user to sign on multiple positions within an organisation. When configured, SigningHub creates multiple certificates for the user as per their allowed capacities. The user can pick a desired capacity at the signing time, and the related certificate will be used in their signature.

Add the signing capacities as required for the enterprise user(s) belonging to this role. The options populating inside the drop down are those that are allowed in your service plan. 

Default Signing Capacity
Select a capacity from the added ones in this field that could be shown as the default signing capacity to the user(s) while signing. The enterprise user(s) can override this default capacity from their personal signing details settings. This configuration is applicable when performing server side signing through mobile apps. 

In a scenario where one or more enterprise users can have the same signing capacities within your enterprise, create a specific role with those capacities and simply assign it to them. However when each user has different set of signing capacities, then create an exclusive role for each user and configure their signing capacities accordingly. 
For more details, see Configuration Guide.

Authentication Method
Select an authentication method* (i.e. No Authentication, OTP via SMS, SigningHub ID, Active Directory, Salesforce, Microsoft Office 365, Bank ID, etc.) from the "Authentication Method" field for this role. The methods populating inside the drop down are those that are allowed in your service plan. The selected method will be used as primary authentication method, when your enterprise users sign their documents through any web browser. See the authentication methods' details below.

Secondary Authentication Method
Select another authentication method (i.e. OTP via SMS, Authorisation via Mobile App, or None) from the "Secondary Authentication Method" field. This method will be used in addition to the above mentioned authentication method, giving your enterprise users a provision to use two-factor authentication at the signing time. If you don't want to configure two-factor authentication for signing through web browsers, select "None" from this field.

In case of configuring Remote Authorised Signing (RAS), select the "Authorisation via Mobile App" option from either of the above mentioned fields (i.e. Authentication Method or Secondary Authentication Method). 
For more details, see Configuration Guide.

Default Signing Method

In case of selecting multiple signing methods above, choose a default signing method for mobile apps. The default option configured from here will be shown as pre-selected signing method to your enterprise users in their personal signing details settings. They can however override this default signing method as required from there.

Witness Signing Capacities

This field lets you configure different witness signing capacities that are used to produce witness digital signatures for in-person and e-signatures. It enables an enterprise user to choose a desired capacity before adding witness digital signature within their organisation. 


Add the witness signing capacities as required for the enterprise user(s) belonging to this role. The options populating inside the drop down are those that are allowed in your service plan. 

Default Witness Signing Capacity

Select a capacity from the added ones in this field that could be shown as the default witness signing capacity to the user(s) while signing. The enterprise user(s) can however change the default witness signing capacity before signing as required. This configuration is applicable for both signing through web browsers and signing through mobile apps.  

Allow Meta Information While Signing

Signing Reason

Tick this option to allow the enterprise users (belonging to this role) to view the "Signing Reason" field on the signing dialog of digital signature, and set its value as required before signing.
If you keep it un-ticked, this field will not be shown to the enterprise users on the signing dialog. In this case, the field value will automatically be picked from the user's personal settings upon signing.
See My Settings> Signing Details> Additional Signature Information for details.

Contact Information

Tick this option to allow the enterprise users (belonging to this role) to view the "Contact Information" field on the signing dialog of digital signature, and set its value as required before signing.
If you keep it un-ticked, this field will not be shown to the enterprise users on the signing dialog. In this case, the field value will automatically be picked from the user's personal settings upon signing. 
See My Settings> Signing Details> Additional Signature Information for details.

Location 

Tick this option to allow the enterprise users (belonging to this role) to view the "Location" field on the signing dialog of digital signature, and set its value as required before signing.
If you keep it un-ticked, this field will not be shown to the enterprise users on the signing dialog. In this case, the field value will automatically be picked from the user's personal settings upon signing. 
See My Settings> Signing Details> Additional Signature Information for details.

Manage Signing Reasons

Manage Signing Reasons
  • Click the "Signing Reasons" button to manage (add and delete) signing reasons. The specified reasons will then be available in the "Predefined" and "Fixed" fields for selection. When used in the Signature Appearance, Signing reason becomes the permanent part of the PDF signature and can optionally be shown in the signed PDF document.
  • Select the "User defined" option, if you want the enterprise users to specify their own signing reasons at the time of signing.
  • Select the "Predefined" option, if you want your enterprise users to choose a signing reason from the available list (added above via "Signing Reasons" button). Also select a default signing reason that will be shown to your enterprise users at the signing time.
  • Select the "Fixed" option, if you want your enterprise users to use a fixed signing reason. Select a fixed signing reason from the list (added above via "Signing Reasons" button).


*Authentication Methods:

When the "Protect server-side signing keys with user password" option is unchecked (i.e. Sole Control is off) in SigningHub Admin configurations, SigningHub gives you the provision to choose a third-party authentication option for your enterprise users. You may select any of the following 15 options, through which your enterprise users should authenticate themselves for server-side signing.

  • No Authentication:
    Select this option to let your enterprise users to directly sign their documents without any authentication. In this case, their server based certificate will be used for signing, but system will not prompt for any password or OTP.
     
  • OTP via SMS:
    Select this option to let your enterprise users to use their SigningHub account password along with an OTP to sign their documents. Whenever your enterprise user attempts to sign a document, an OTP will be sent on their mobile device that will be must to enter for signing.

  • SigningHub ID:
    Select this option to let your enterprise users to use their SigningHub account password to sign their documents. 
  • Microsoft Active Directory:

Select this option to let your enterprise users to use their Active Directory credentials to sign their documents. SigningHub will require their user ID (as registered in organisational Active Directory) and domain password for the signing activity. In case your enterprise user has logged in through SigningHub ID and want to sign through Microsoft Active Directory credentials, then their SigningHub ID (email address) and Active Directory ID (email address) must be same. 


  • Microsoft ADFS:

Select this option to let your enterprise users to use their ADFS credentials to sign their documents. SigningHub will require their user ID (as registered in cloud ADFS) and domain password for the signing activity. In case your enterprise user has logged in through SigningHub ID and want to sign through Microsoft ADFS credentials, then their SigningHub ID (email address) and ADFS ID (email address) must be same. 


  • Microsoft Office 365:

Select this option to let your enterprise users to use their Microsoft Office 365 credentials to sign their documents. SigningHub will require their Office 365 credentials (ID and password) for the signing activity. In case your enterprise user has logged in through SigningHub ID and want to sign through Microsoft Office 365 credentials, then their SigningHub ID (email address) and Office 365 ID (email address) must be same. 


  • Salesforce:

Select this option to let your enterprise users to use their Salesforce credentials to sign their documents. SigningHub will require their Salesforce credentials (ID and password) for the signing activity. In case your enterprise user has logged in through SigningHub ID and want to sign through Salesforce credentials, then their SigningHub ID (email address) and Salesforce (email address) must be same.   

  • LinkedIn:

Select this option to let your enterprise users to use their LinkedIn credentials to sign their documents. SigningHub will require their LinkedIn credentials (ID and password) for the signing activity. In case your enterprise user has logged in through SigningHub ID and want to sign through LinkedIn credentials, then their SigningHub ID (email address) and LinkedIn (email address) must be same. 


  • Google:

Select this option to let your enterprise users to use their Google credentials to sign their documents. SigningHub will require their Google credentials (ID and password) for the signing activity. In case your enterprise user has logged in through SigningHub ID and want to sign through Google credentials, then their SigningHub ID (email address) and Google (email address) must be same. 


  • Freja Mobile:
    Select this option to let your enterprise users to use their Freja Mobile authentication to sign their documents. Whenever your enterprise user attempts to sign a document, a signing request will be sent on their mobile device running the Freja Mobile app. Upon confirmation from the Freja Mobile app, the document will be signed.

  • Freja eID:
    Select this option to let your enterprise users to use their Freja eID authentication to sign their documents. Whenever your enterprise user attempts to sign a document, a signing request will be sent on their mobile device running the Freja eID app. Upon confirmation from the Freja eID app, the document will be signed.

  • Authorisation via Mobile App:
    Select this option as the Authentication Method or Secondary Authentication Method to let your enterprise users to use remote authorised signing provision. You must select this option from the "Allowed Signing Methods for Web Browsers" and "Allowed Signing Methods for Mobile Apps" sections both to enable this security feature.

  • Bank ID

Select this option to let your enterprise users to use their Bank ID to sign their documents. 

SigningHub will require their Bank ID credentials (i.e. Bank ID, OTP, and Personal Password) for the signing activity. Upon correctly providing the all three authentication factors, the document will be signed.

  • itsme
    Select this option to let your enterprise users to use their itsme authentication to sign their documents.  

Whenever your enterprise user attempts to sign a document, a signing request will be sent on their mobile device running the itsme app. Upon approval from the itsme app, the document will be signed.



1. When you update a role in a production environment, the saved changes are available to the related users on their next login.
2. The drop down list of "Authentication Method" (i.e. SigningHub ID, Salesforce, Microsoft Active Directory, LinkedIn, Google, Bank ID, etc.) in server-side signing, depends on your subscribed service plan. If you could not find the required authentication method in the list, contact support.
3. The availability of configuring "OTP via SMS", "Authorisation via Mobile App", and multiple signing "Capacities" provisions is subject to your subscribed service plan. If you cannot find these options in your account, upgrade your service plan.



See also

Configure User Settings

Configure Enterprise Settings
Configure Document Settings
Configure Signature Appearance
Configure Enterprise Authentication