Configure enterprise default settings

SigningHub allows you to configure default settings for your enterprise account. This enables your enterprise users to perform their tasks more efficiently and faster. In particular, it reduces the number of API calls required for standard workflows to increase the speed of integration with third-party business applications.

Configure enterprise default settings

  1. Login with your enterprise admin credentials.

  2. Click "Configurations" in the left menu and click "Advanced Settings" under Settings options in the Enterprise Configurations section.

  3. Tap on the Default Settings tab, configure the desired settings and click "Save changes".

There are different types of settings that you may configure:

  • Login Settings

  • Document Settings

  • Post Processing Settings

  • Recipient, Document, and Reminder Permissions

  • Default Role for Unregistered Users

  • Witness Signature Reason

  • Password Strength Policy

  • Optimise Storage Space

  • Alert Setting

Login Settings

There are two configurations, i.e.:

  • Auto trigger authentication profile

  • Automatic location detection

  • Trusted Device Authentication

Auto trigger authentication profile

The "Auto trigger authentication profile" option will only appear when your subscribed Service Plan allows the use of a private authentication. To automatically trigger a private authentication profile for your enterprise users, select this option and choose an authentication profile from the list. The list will display all the private authentication profiles allowed in your Service Plan. Enterprise users browse to your configured enterprise URL for login, and the configured authentication profile is automatically triggered without the need for the user to identify themselves first. This means they do not have to submit their respective email addresses to start the authentication process.

Automatic location detection

The "Automatic location detection" option allows SigningHub to auto-detect the country of your enterprise users when they log in from a different location (other than what is configured in their profile) and show it in a pop-up. The users will then have the option of whether to update the location information in their profile or not. Keep this option unselected if you don't want SigningHub to detect the location of your Enterprise Users.

Trusted Device Authentication

Turn on this toggle to enable trusted device authentication for enterprise users. When enabled, users will be prompted for two-factor authentication (2FA) if they log in from an unrecognised device, regardless of the 2FA settings defined in their assigned role.

Once a device is verified, it is marked as trusted. Future logins from the same device will not trigger 2FA unless the trusted token expires or the device is cleared from the system (e.g., due to browser cache clearance or token expiry).

If 2FA is already configured for the user, the device registration and validation process will occur automatically and without disrupting the login experience. Upon successful login, if the device or browser is not already trusted, a One-Time Password (OTP) window will appear. The available OTP options will depend on the user’s Service Plan and the Secondary Authentication Settings configured at the enterprise level. Users will be able to select from the available options for authentication. If no OTP method is configured, only the email option will be shown, and a verification code will be sent to the user’s email address.

Once a device or browser has been successfully trusted, SigningHub will send a confirmation email to the user’s registered email address. This email will include key details such as the browser name and version, operating system, mode (web or app), CPU information, and the approximate location from which the device was registered.

The system will follow the below OTP preference:

User Type

Enterprise Role (Secondary Authentication)

Service Plan (OTP / TOTP Enabled)

OTP Options Displayed

System Behavior / Notes

Enterprise / Individual

EMAIL

No Authentication

EMAIL

An email with a 9-digit code will be sent to the user. If the Service Plan's email connector is configured, it will be used; otherwise, the system default connector applies.

Enterprise / Individual

TOTP

No Authentication

TOTP

TOTP will be enforced using the user's registered authenticator app.

Enterprise / Individual

SMS / EMAIL

No Authentication

SMS, EMAIL

Both options will be shown. The user can select either SMS or email for OTP.

Enterprise: OTPIndividual: TOTP

OTP / EMAIL

SMS, EMAIL, TOTP

SMS, EMAIL, TOTP

All three options will be available. Note: System gives preference to the Enterprise Role configuration.

Enterprise / Individual

TOTP

TOTP

TOTP

TOTP is used as the default and only option in this case.

  1. This configuration will only be available and functional if the 'Trusted Device Authentication' setting is enabled globally by the Admin under Global Settings > Trusted Device Authentication.

  2. You can configure the expiry duration for trusted devices from Global Settings > Session and Link Expiry Time > Trusted Device Token Expiry Time (days). By default, the expiry time is set to 365 days.

Post Processing Settings

The post-processing settings allow the administrator to configure the default value for the "Send the completed document to all recipients" post-processing option. By default, this checkbox will be unchecked. If this checkbox is checked, the "Send the completed document to all recipients" option in post processing will be checked, by default, for all workflows created by users belonging to the enterprise.

Documents Settings

Set the default document settings for a new workflow:

Enable this to add a unique identifier field by default in the PDF document's header on Upload. A unique identifier will remain the same for all the documents in a single document package of a workflow.

The Enterprise Users can however overrule these default settings as required while configuring their workflows.

  1. ​This section will be visible when your subscribed Service Plan enables the option of "Add a unique identifier in the document header on uploading a document" in its Documents tab.

Recipient, Document and Reminder Permissions

Set the default recipient, document, and reminder permissions for a new workflow:

The Enterprise Users can however overrule these default settings as required while configuring their workflows.

  1. This section only defines the default recipient, document, and reminder permissions for a workflow. The enterprise users can overrule these default settings as required while configuring their workflows.

  2. The reminders shall be sent based on the configuration of the "Send Reminder Notification Time" thread in the core settings in SigningHub Admin.

Role for Unregistered Users

The role that will be used for guest/unregistered users when they sign a document. The user roles are managed from the Roles section, see details.

A guest user can apply a digital signature to a document if "No Authentication" is set in the assigned role. They would need to register to perform this action. A guest user can also choose the language from the Document Viewer screen if they are directly signing a document from an email link. However, this feature is controllable from SigningHub Admin.

This options shall only appear if a GeoIP connector has been configured in the SigningHub Admin's "Global Settings" page. The "Auto-detect location and timezone for unregistered users" feature allows SigningHub to automatically detect the location and time zone of a guest user. ​By default, this option will be disabled.

In the following situations, SigningHub will use the location and time zone configured under "Global Settings" in the SigningHub Admin for all the unregistered users:

  • If the GeoIP connector has not been configured in the SigningHub Admin.

  • If the GeoIP connector has been configured but is either faulty or not functional.

  • If the GeoIP connector is functional but the "Auto detect location and timezone for unregistered users" option is disabled.

Witness Signature Reason

The reason that will be used by your enterprise users when they add a witness digital signature on a document. With this, you can make the witness signing reason uniform across your enterprise. Use the [USER_NAME] variable in the field if you want to include the names of enterprise users (in the reason) before adding witness digital signatures. It will be auto filled-in by SigningHub with respect to each user while signing.

A witness digital signature is a digital signature that is generated by using a public signing certificate (also known as a witness certificate) available on the server.

Password Strength Policy

Configure the enterprise password policy for your enterprise users. The enterprise users will have to comply with the configured policy upon setting/resetting their account passwords. Configure the password restrictions as required by ticking the relevant check boxes:

  • Minimum Characters in Password

  • Include at least one uppercase character

  • Include at least one numeric character

  • Include at least one special character

  • Enforce a password change upon next login - Enable this to enforce your Enterprise users to change their password after their first login. This will be applicable to the newly registered users only.

  • Set a password expiration duration - Enable this to auto-expire the passwords of your enterprise users after a certain time period. Specify the number of days in the "Expiry Duration (Days)" field after which SigningHub should expire the user passwords.

Optimise Storage Space

Based on your subscribed Service Plan, SigningHub assigns a specific storage quota to your enterprise account. This can be increased by contacting Ascertia Support if required. The storage space can be seen by viewing your current Enterprise Service Plan. It is recommended to effectively utilise the account storage space by keeping document revisions and final signed documents on your local system, cloud drives, or document management system.

Enable "Save every document revision":

  • When enable, the system will start maintaining the downloadable document revisions for each change in the document (i.e. new sign, adding text, filling initials, etc.) along with their logs. These document versions provide complete document tracking, but consume more storage. The enterprise users within your enterprise will be able to download all these document revisions by using the "Workflow history" option.

  • When disable, the system will stop maintaining the downloadable document revisions for each change in the document (i.e. new sign, adding text, filling initials, etc.). The enterprise users within your enterprise will be able to download only the initial and final versions of the document by using the Workflow history option. However, the log of each change in the document is maintained accordingly.

Alerts

Specify the time in seconds after which the system notifications should disappear. The displayed value is the one that is configured in SigningHub Admin. You can change this time for your Enterprise account as required.

  1. A private authentication profile is the one that is exclusively used for corporate logins and is not available to the end users (public) on their Login screen and Integration screen of SigningHub Desktop Web. The availability of private authentication profiles is subject to your subscribed Service Plan. If you cannot find this option in your account, upgrade your enterprise service plan.

PreviousConfigure advanced settingsNextDelete enterprise account

Last updated

Was this helpful?