Login & Authentication Methods

The "Remember Me" functionality will retain the email address used to log in via SigningHub ID, as well as via third-party private authentication methods. However, this retention is applicable as long as the user manually enters the email address into the designated field.

If the ''Only display the logos of the authentication and signing profiles' checkbox is checked in SigingHub Admin and a logo has not been configured for an authentication profile in the connector, the system will pick and display a logo for the authentication profile from the SigningHub directory, on the login screen.

The authentication profiles with sort order 1 to 3, in SigningHub Admin, will be displayed on the login screen and the authentication profiles with the succeeding sort order will be displayed in the "More Login Options" dialog on the login screen.

The authentication profiles for which a sort order has been provided, in SigningHub Admin, will follow the defined sort order and the remaining authentication profiles will follow the default system sort order.

If the sort order has not been specified for any of the authentication profiles, the default system sort order will be followed.

As a part of GDPR compliance, the "Service Agreement" dialogue box will appear after successful user authentication. This dialogue box contains the links to the "Terms of Service" and "Privacy Policy" pages. SigningHub will ensure that you agree to them before letting you use your account.

The "Service Agreement" dialogue box will not appear after successful user authentication if no Service Agreement is marked active.

Following is the list of authentications that are SigningHub supports in its mobile web/native apps version, in addition to SigningHub desktop web. Rest of the authentications are supported in SigningHub desktop web only.

• Password-based authentication (i.e. SigningHub)

• One-Time Password as secondary authentication

• Time-based One-Time Password as two-factor authentication

• Microsoft Active Directory

• Microsoft Office 365

• Microsoft Azure Active Directory

• OAuth2

• OpenID Connect (OIDC)

In case your login session reaches the limit set by Admin for "Concurrent Sessions Limit>Global Configurations", then a dialogue box will appear with the message "Your account's login limit has been reached". Users also have the option to "Logout and Continue"; this will log out a user from all previous sessions and allow login into a new session.

The availability of Time-based One-Time Password and One-Time Password as a two-factor authentication method is subject to your subscribed service plan. In case you lose access to your mobile device and recovery codes, or have used all of the recovery codes, you can ask your enterprise admin to reset the two-factor authentication (2FA) against your account.

Once the enterprise administrator enforces a Time-based One-Time Password as a secondary authentication method on a role, and a user under that role does not have two-factor authentication (2FA) configured at the time of login, they will be prompted with a 'Configure Two Factor Authentication' dialogue to set up and provide a Time-based One-Time Password. If the user has already configured two-factor authentication (2FA), they will be prompted to provide the Time-based One-Time Password from the authenticator app configured on their mobile device.

To configure the two-factor authentication (2FA), the user will need to install an authenticator app (Google Authenticator, Microsoft Authenticator, etc.) on their mobile device. The 'Configure Two-Factor Authentication' dialogue shown to the user will contain:

• QR Code

• Manual Key

Recovery CodesTo set up two-factor authentication (2FA), the user can either scan the QR code or manually enter the Manual Key into an authenticator app. After successful registration, the user must provide the Time-based One-Time Password (TOTP) generated by the app to proceed in SigningHub. A set of recovery codes is also provided in the configuration dialog, which can be used in place of a TOTP to regain access if the user loses access to their mobile device. Each recovery code is valid for one-time use only, and it is strongly recommended to store them in a secure location. Users can regenerate a new set of recovery codes anytime from the Manage Two Factor Authentication (2FA). If an enterprise user loses access to both their mobile device and recovery codes, or has used all of them, they can contact their enterprise administrator to reset the two factor authentication (2FA) for their account.

If the 'Trusted Device Authentication' option is enabled in Configurations > Enterprise > Advanced Settings, then device authentication will be enforced for all users under that enterprise. Upon successful login, if the browser or device is not already registered with SigningHub, the user will be prompted with a One-Time Password (OTP) screen. The available OTP methods will be shown based on the Service Plan and Enterprise Role's Secondary Authentication Settings, allowing the user to select from the configured methods such as Email, SMS, or TOTP.

Once the user successfully completes the OTP verification, the device/browser will be marked as trusted, and future logins from that environment will bypass the OTP screen unless the cookies are cleared or the device is explicitly removed from the trusted list. An email notification will also be sent to the user, containing details such as the browser name and version, operating system, device mode, CPU type, and login location. This helps users stay informed about new trusted devices and detect any unauthorised access attempts.

When an enterprise URL is entered in the browser, the background and slider images defined in that enterprise’s branding settings are applied. If no customisation has been made, the default background and slider images set in SigningHub Admin are used. Similarly, when the default SigningHub URL is entered, the login page will always display the background and slider images configured in SigningHub Admin.