When using an on-premises installation, SigningHub gives you an option to use your Microsoft Active Directory credentials to log into SigningHub. You don't even need to have a SigningHub ID, as your organizational domain user ID and password will be used for SigningHub authentication.
In such a case, logging in through your Microsoft Active Directory credentials for the first time, will take you to the registration screen and display your Microsoft Active Directory ID (email address) for new registration. After registration you can login through your Microsoft Active Directory credentials.
However, if the "Automatically register Active Directory users" check box is ticked from the enterprise users registration screen, then the registration screen will not be displayed, as the provisioned Active Directory users from there will be automatically registered and activated in SigningHub.
Login through your Microsoft Active Directory credentials
- Browse your local on-premises installation URL.
- Click the "More Login Options" link available at the bottom of login screen.
A dialog will appear listing all the supported authentication methods.
- Click the "Microsoft Active Directory" option.
- Specify your user ID (registered in Active Directory) and domain password.
- Click the "Login" button.
Single Sign-on (SSO) provision
Single sign-on (SSO) is an authentication process that allows a user to utilise his specific credentials (ID and password) to access multiple applications. The process authenticates the user for all the applications they have been given rights to, and avoids further prompts when they switch applications during a particular session.
The "Microsoft Active Directory" authentication method also supports the Single sign-on (SSO) facility. To configure this, go to the integration screen and select "Active Directory" in the "Default Authentication Method" drop down (for more details see point 6). However, there are certain browser based configurations that need to be done at client's end, in order to seamlessly use SSO against the "Microsoft Active Directory" authentication method.
Configurations required in Microsoft Internet Explorer (IE)/ Google Chrome for each individual
When accessing the SigningHub app through Microsoft Internet Explorer or Google Chrome for SSO, an individual would need to do the following configurations:
- Open the "Internet Options" dialog box by choosing "Internet Options" either from Control Panel or from the "Tools" menu in Internet Explorer.
- In the "Internet Options" dialog box, on the "Security" tab, select "Local intranet", and then click "Custom Level".
- In the "Security Settings" dialog box, under "Logon", select "Automatic logon only in Intranet zone", and then click "OK".
- In the "Internet Options" dialog box on the "Security Settings" tab with "Local intranet" still selected, click "Sites".
- In the "Local intranet" dialog box, click "Advanced".
- In the next dialog box (also titled "Local intranet"), type the URL of your Communicator Web Access site (for example, https://web.signinghub.com) in the "Add this Web site to the zone box", and then click "Add".
- In the "Local intranet" dialog, box click "OK".
- In the original "Local intranet" dialog box, click "OK".
- In the "Internet Options" dialog box, click "OK".
Configurations required in Microsoft Internet Explorer (IE)/ Google Chrome by using Group Policy
When the end users (within Active Directory) need to access the SigningHub app through Microsoft Internet Explorer or Google Chrome for SSO, a network administrator could make the following browser configurations for all the users through Group Policy:
- Open the Group Policy Management Console, and then either create a new Group Policy Object (GPO) or edit an existing GPO.
- Expand "Computer Configuration", expand "Policies", expand "Administrative Templates", expand "Windows Components", expand "Internet Explorer", expand "Internet Control Panel", and then click "Security Page".
- In the details pane, double-click "Site to Zone Assignment List".
- In the "Site to Zone Assignment List Properties" dialog box, click "Enabled".
- In the "Site to Zone Assignment List Properties" dialog box, click "Show".
- In the "Show Contents" dialog box, click "Add".
- In the "Add Item" dialog box, type the URL of your Communicator Web Access site (for example, https://web.signinghub.com) in the "Enter the name of the item to be added" box.
- Type "1" (indicating the local intranet zone) in the "Enter the value of the item to be added" box, and then click "OK".
- In the "Show Contents" dialog box, click "OK".
- In the "Site to Zone Assignment List" dialog box, click "OK".
- In the Group Policy Management Editor, click "Intranet Zone".
- In the details pane, double-click "Logon options".
- In the "Logon options Properties" dialog box, click "Enabled".
- In the "Logon options" list, click "Automatic logon only in Intranet zone", and then click "OK".
- Close the Group Policy Management Editor.
Configurations required in Mozilla Firefox for each individual
When accessing the SigningHub app through Mozilla Firefox for SSO, an individual would need to do the following configurations:
- Browse the URL "about:config" in Firefox.
- Click the "I'll be careful, I promise!" button.
- In the next appearing screen, search the "network.negotiate-auth.trusted-uris" preference and double click on it.
- A dialog will appear, specify the URL of your Communicator Web Access site (for example, https://web.signinghub.com) and click "OK".
|
- You need to authenticate once in a browser, so that it may keep your session. After that no need to authenticate again in the same browser for login and/ or signing.
- As a part of GDPR compliance, the "Service Agreement" dialog will appear after successful user authentication. This dialog contains the links of "Terms of Service" and "Privacy Policy" pages. SigningHub will ensure that you agree to them before letting you use your account.
- When using an on-premises installation of SigningHub and this is the only configured authentication for the end-users, then you wont need to click the "More Login Options" link to choose it. In that case, this authentication method will be invoked by default on the Login screen.
|