LogoLogo
  • Welcome
  • GETTING STARTED
    • SigningHub at a Glance
      • Overview
      • Why SigningHub
      • Signature types
      • Signing methods
      • Mobile signatures
        • How SigningHub works
      • Enterprise management
      • Feature List
    • Key Terminologies & Concepts
      • System terminologies
      • System users
      • Service plans
      • Individual vs Enterprise subscriptions
      • Document statuses
  • Registration & Login
    • Account Registration
      • Register a free trial account
      • Register an individual account
      • Register an enterprise account
      • Accept an enterprise user invitation
      • Direct registration
    • Login & Authentication Methods
      • Login through SigningHub ID
      • Login through Microsoft Active Directory
        • Auto Provisioning for Microsoft Active Directory
      • Login through Salesforce
      • Login through Microsoft ADFS
      • Login through Microsoft Office 365
      • Login through LinkedIn
      • Login through Google
      • OTP as a two-factor authentication
      • Login through the SSL client
      • Login through Freja eID
      • Login through Azure Active Directory
        • Auto-Provisioning for Azure Active Directory
      • Corporate logins
      • Login through OIDC
      • Login through OAuth2
      • Login through Azure SAML- based SSO
  • Dashboard & Listing
    • Dashboard
      • GeoIP-based user location
      • Multilingual user interface
    • Document Listing
      • Document interactions
      • Manage custom folders
      • Manage the archive folder
      • Manage shared folders
      • Document actions
        • Sign
        • Bulk sign
        • Bulk share
        • View document
        • Package details
        • Send reminder
        • Workflow details
        • Comments
        • Start a new signing process
        • Recall
        • Evidence report
        • Replicate workflow
        • Download
        • Rename
        • Move to folder
        • Print
        • Delete
      • Search a document
  • Sharing & Signing
    • Document Sharing - A Document Owner's View
      • Sign a new document
      • Add a document
        • Document certification settings
        • Document-related utilities
        • Supported documents
      • Apply a template on your document
      • Configure signing order
      • Add a recipient, electronic seal, and placeholder
      • Configure special privileges
        • Configure recipient permissions
        • Configure document access security
        • Configure workflow reminders
        • Configure email language
        • Configure post processing
      • Configure comments
      • Add data fields
        • Add signature fields
        • Add in-person signature fields
        • Add electronic seal fields
        • Add initials fields
        • Add attachment fields
        • Add form components
        • Configure form filling
        • Add QR Code
        • Add unique identifier
        • Add drop-in comments
      • Add comments
      • Add attachments
        • Make attachments compulsory
      • Append documents
      • Save as template
      • Add email message
      • Change a recipient/placeholder after sharing
    • Document Signing - A Recipient's View
      • Open a pending document
      • Add/download attachments
      • Append documents
      • Recipient permissions
      • Fill in your form components
      • Fill in your form fields
      • Add your initials
      • Add your field attachments
      • Add your in-person signature
      • Agree to the legal notice
      • Add comments
      • Add your signature
        • XML signing
        • Word document signing
        • Electronic seal signing
        • eID Easy signing
        • CSC signing
        • Remote Authorisation Signing (RAS)
        • Signing using Policy OID
        • Local-side signing using T1C Server
        • Local-side signing using ADSS Server
        • Signing based on National ID validation
        • Signing via signature pad
        • Signing behavior w.r.t signature appearance
          • Enterprise subscription
          • Individual subscription
        • OTP authentication
      • Bulk sign fields
      • Add drop-in comments
      • Review a document
      • Update a document
      • Host in-person signing
      • Decline a document
      • View verification details
      • Change a recipient/ placeholder
      • Delegate your signing authority in a workflow
      • QR code scanning
      • Signing flow via API
        • Server-side signing
          • Single document signing
            • ADSS signing
            • RAS signing
            • CSC signing
            • eID Easy signing
          • Bulk document signing
            • ADSS signing
            • RAS signing
            • CSC signing
        • Client-side signing
          • Single document signing
            • T1C signing
            • Go>Sign signing
          • Bulk document signing
            • T1C signing
            • Go>Sign signing
  • Configurations
    • Personal Configurations
      • Set up your SigningHub profile
        • Locale
        • Enterprise
      • Active sessions
      • Authorised devices
      • Two-Factor Authentication (2FA)
      • Security
      • Manage your contacts
        • Import contacts via CSV file
      • Manage your groups
      • Manage your library
        • Manage your library documents
        • Manage your library folders
      • Manage your templates
        • Add a document
          • Configure certified signature
        • Add recipient(s), electronic seal(s) and placeholder(s)
        • Configure workflow type
        • Configure document comments
        • Configure special privileges
          • Configure recipient permissions
          • Configure document access security
          • Configure auto reminders
          • Configure email language
          • Configure post processing
        • Add email message
        • Add data fields
          • Add signature fields
          • Add in-person signature fields
          • Add electronic seal fields
          • Add initials fields
          • Add attachment fields
          • Add form components
          • Configure form filling
          • Add QR Code
        • Read-only templates
      • Manage your legal notices
      • Manage your SmartForms
        • Using SmartForm for response collection
        • Using SmartForm for routing
      • Configure signature settings
      • Enable cloud drives
      • Delegate settings
      • Configure your notifications
        • Configure your email content
      • Optimize your account storage
      • Delete your account
    • Enterprise Configurations
      • Set up your enterprise profile
      • View your enterprise logs
      • Manage your enterprise contacts
        • Import contacts via CSV file
      • Manage your enterprise groups
      • Manage your enterprise users
        • Register an enterprise user
        • Register enterprise users via CSV file
        • Edit Enterprise User Details
        • Reset the password of your enterprise user
        • Reset two factor of your enterprise user
        • View activities of your enterprise users
        • Set service quota of your enterprise use
        • Invite an enterprise user
        • Invite enterprise users via CSV file
        • Pre-authorize users
        • Disable an enterprise user
        • Search an enterprise user
        • Manage signing certificates
      • Manage your user roles
        • Basic information
        • User access preferences
        • Enterprise access preferences
        • Document preferences
        • Template and library document preferences
        • Signature preferences
        • Signature appearance preferences
        • Signing server preferences
      • Manage your enterprise documents
        • View all documents of your enterprise
        • View package details of your enterprise documents
        • View workflow details of your enterprise documents
        • Manage recipients of your enterprise documents
        • Send workflow completion report of an enterprise document
        • Terminate workflow of your enterprise documents
        • Delete your enterprise documents
      • Manage your enterprise library
        • Manage your enterprise library documents
        • Manage your enterprise library folders
      • Manage your enterprise templates
      • Manage enterprise legal notices
      • Manage your electronic seals
      • Document reports
      • Signature reports
      • Electronic seal statistics
      • Advanced reports
      • Brand your enterprise account
        • Primary colour
        • Sidebar navigation
        • Error colour
      • Integrate third party applications
        • Manage third party integrations
        • Assign custom roles to external users
      • Manage certificate filters
      • Configure your enterprise notifications
        • Configure your enterprise email content
      • Configure advanced settings
        • Configure enterprise default settings
        • Delete enterprise account
        • Configure document accessibility preferences
  • Service Plan Management
    • Service Plans and Billing
      • View your service plan & usage statistics
      • View your billing invoice
      • Upgrade your service plan
      • Cancel plan
  • Track & Audit Activities
    • Audit Trail Options
      • View the activity logs
      • View the workflow history
      • View the workflow evidence report
      • View system notifications
Powered by GitBook

© Ascertia Limited 2025

On this page
  • Document Access Security
  • Set the access duration
  • Based on dates:
  • Based on days:
  • Set the access authentication
  • Shared password:
  • One-Time Password (SMS & Email)
  • Time-Based One-Time Password
  • To set document signing authentication
  • One-Time Password (SMS & Email)
  • Time-based One-Time Password

Was this helpful?

Export as PDF
  1. Sharing & Signing
  2. Document Sharing - A Document Owner's View
  3. Configure special privileges

Configure document access security

PreviousConfigure recipient permissionsNextConfigure workflow reminders

Last updated 1 month ago

Was this helpful?

When the documents are shared on the web with other users, it's important to upscale the security levels to prevent fraudulent attempts and bad actors from compromising your document security. SigningHub provides you with three methods that can be configured for either individual or all recipients collectively:

  1. Access duration - to allow document access only for a specified duration

  2. Access authentication - to authenticate the recipient through a specified password, a One-Time Password or a Time-based One-Time Password when attempting to access the document

  3. Signing authentication - to authenticate the recipient through a One-Time Password or a Time-based One-Time Password when attempting to sign the document

In case the authentication/validation fails in any of the above scenarios, the recipient will be restricted from accessing/signing the document. By default, these document security features are disabled for a new workflow. You can always enable them as required before sharing.

Document Access Security

Fields
Description

Access duration

Select the check box to allow document access only for a specified duration for the selected or all recipients. You can specify the access duration via a specific date and time or a number of days. On enabling the toggle shown in the image below, the following options will be displayed:

  • Based on dates Set a specific form and till date/time for a recipient to access the document. The recipient will not be able to access the document beyond this duration. If the document is not processed within the specified time, the document will be considered declined.

  • Based on days Set a number of days in which a recipient can sign the document after receiving it. The recipient will not be able to access the document after this duration. Also if the document is not processed within the specified days, the document will be considered declined.

Access authentication

Enable the toggle to enable recipient authentication through a specified password or an OTP when attempting to access the document. The following options will be displayed:

  • Shared password Set a password that the recipient would need to provide in order to access the document. While typing in a password, the Password Policy will be displayed. SigningHub will allow you to specify a password that complies with the given Password Policy. Password Policy will be configured at the Enterprise level or Administrator level according to account type.

  • One-Time Password (SMS & Email) This option will let the document owner send an OTP to the recipient that will used for recipient authentication. Whenever the recipient tries to open this document an OTP will be sent to the recipient's email, mobile number, or both depending upon the document owner's service plan configuration. When the service plan allows "SMS OTP", a field to specify the mobile number of a recipient to send an OTP will be displayed. The document will be accessible only upon providing the correct OTP. By default, the specified number is displayed partially masked to comply with the GDPR policy. Click the 'Eye' icon to view the complete number.

  • Time-based One-Time Password This authentication option will let the recipient access the document after they have entered the Time-based One-Time Password. Whenever the recipient tries to open this document they will be prompted to enter the Time-based One-Time Password from the authenticator app configured on their mobile device. In case the recipient has not configured two-factor authentication (2FA), upon trying to access a document that requires Time time-based One-Time Password, they will be prompted with a 'Configure Two Factor Authentication' dialogue to set up and provide a Time-based One-Time Password. The document will be accessible only upon providing the correct Time-based One-Time Password.

Signing authentication

Enable this option to enable recipient authentication through the OTP process when attempting to sign the document. On enabling the toggle shown in the image below, the following options will be displayed:

  • One-Time Password (SMS & Email) This option will let the document owner send an OTP to the recipient that will used to sign authentication. Whenever the recipient tries to sign this document an OTP will be sent to the recipient's email, mobile number, or both depending upon the document owner's service plan configuration. When the service plan allows "SMS OTP", a field to specify the mobile number of a recipient to send an OTP will be displayed. The document will be signed only upon providing the correct OTP. By default, the specified number is displayed partially masked to comply with the GDPR policy. Click the 'Eye' icon to view the complete number.

  • Time-based one-time password This authentication option will let the recipient sign the document after they have entered the Time-based One-Time Password. Whenever the recipient tries to sign this document, they will be prompted to enter the Time-based One-Time Password from the authenticator app configured on their mobile device. In case the recipient has not configured two-factor authentication (2FA), upon trying to sign a document that requires Time-based One Time Password, they will be prompted with a 'Configure Two Factor Authentication' dialogue to set up and provide a Time-based One-Time Password. The document will be signed only upon providing the correct Time-based One-Time Password.

Save

Click to save the information entered on the dialog.

Cancel

Click to discard the information entered on the dialog.

  1. In the following cases, the "Document Signing Authentication" option is not available on the "Set Access Security" dialog:

    • For the recipients of type "Reviewer", "Editor" or "Send A Copy"

    • Signing order is set to "Individual"

    • The recipient is a Group signer

    • One-Time Password (OTP) and Time-based One-Time Password options are disabled in the service plan

  2. In the "Mobile Number" field, enter the recipient's mobile number on which the OTP will be sent via SMS. The full international number must be entered in the 00 44 234334334 or +44 234334334 format. By default, the specified mobile number is displayed partially masked to comply with the GDPR policy. Click the 'Eye' icon to view the complete number.

  3. If the recipient's mobile number exists in the user's personal or enterprise contacts, the "Mobile Number" field will be auto-populated with the mobile number.

  4. For the currently logged-in user, in case two different mobile numbers have been configured in the user's profile and the user's contacts, the system will auto-populate the "Mobile Number" field with the number configured in the user's profile.

  5. When the delivery method is either "SMS" or "Email & SMS", the provided mobile number in case of a guest user, will be auto-populated in the "Mobile Number" field.

  6. The following rules will be followed for initiating the OTP process:

    • The system will initiate when the recipients attempt to sign a signature field, and will not initiate the OTP process when the recipient attempts to mark an Initials field.

    • Even if Document Signing OTP Authentication is configured, the OTP process will fail to initiate in case the signer is performing Bulk Sign.

    • When the recipient is a registered user and attempts to sign a signature field, the system will follow the OTP authentication settings (including mobile number) as configured by the document owner via the "Document Access Security" dialogue box.

      • In case the OTP authentication is not configured by the document owner, the system will follow the OTP authentication settings configured in the Enterprise Role while using the mobile number specified on the user's "My Settings" page.

      • In case OTP authentication is not configured in the Enterprise Role or Service Plan, then the OTP process will not initiate.

    • When the recipient is a guest user and attempts to sign a signature field, the system will follow the OTP authentication settings (including the mobile number) as configured by the document owner via the "Document Access Security" dialogue box.

      • In addition, even if the OTP authentication is configured in the Enterprise role, the OTP process will still not initiate.

  8. The OTP method for "Document Signing OTP Authentication" will be the same as per the configured OTP method in the document owner's service plan.

    • "(Email)", in case only "Email OTP" is configured in the service plan

    • "(SMS)", in case only "SMS OTP" is configured in the service plan

    • "(SMS and Email)", in case both "Email OTP" and "SMS OTP" are configured in the service plan

  10. If the user does not have two-factor authentication (2FA) configured, they will be prompted with a 'Configure Two Factor Authentication' dialogue to set up and provide a Time-based One-Time Password. If the user has already configured two-factor authentication (2FA) they will be prompted to provide the Time-based One-Time Password from the authenticator app configured on their mobile device.

  11. To configure the two-factor authentication (2FA) the user will need to install an authenticator app (Google Authenticator, Microsoft Authenticator, etc.) on their mobile device. The 'Configure Two-Factor Authentication' dialogue shown to the user will contain:

    • QR Code

    • Manual Key

    • Recovery Codes

Set the access duration

Based on dates:

Considering the screenshot scenario, the document will be accessible only from October 31, 2024, 12:57:00 to November 08, 2024, 12:57:00 for processing. The document will be considered declined if it is not processed within this period.

Based on days:

Considering the screenshot scenario, the document will be accessible for the next 10 days after receiving it. The document will be considered declined if it is not processed within this period.

Set the access authentication

Shared password:

Considering the screenshot scenario, the recipient will have to provide this (specified) password to access and process the document.

One-Time Password (SMS & Email)

Considering the screenshot scenario, an OTP will be sent to the email address and specified mobile number of recipient, whenever he attempts to access the document. He must provide the received OTP to access and process the document.

Time-Based One-Time Password

Considering the screenshot scenario, the recipient will be prompted to provide the Time-based One-Time Password whenever they attempt to access the document.

To set document signing authentication

One-Time Password (SMS & Email)

Considering the screenshot scenario, an OTP will be sent to the email address and specified mobile number of recipient, whenever he attempts to sign the document. He must provide the received OTP to sign the document.

Time-based One-Time Password

Considering the screenshot scenario, the recipient will be prompted to provide the Time-based One-Time Password whenever they attempt to sign the document.

  1. A document owner can edit recipient permissions even after the document has been shared with the recipients. However, if a read-only template has been used, the document owner won't be able to edit recipient permissions after sharing the document.

  2. In the service plan, if under "Enable One Time Password (OTP)", the "Email OTP" was checked and the "SMS OTP" was unchecked, and the document owner shared the workflow with either the "Document Access Authentication" and/or "Document Signing OTP Authentication" but before the recipient could process the document, under "Enable One Time Password (OTP)", "Email OTP" was unchecked and the "SMS OTP" was checked, the system will prompt an error and the recipient will be unable to access the document. In this case, the recipient should ask the document owner to configure the recipient's mobile number in the "Set Access Security" dialogue box of the shared workflow.

  5. The option to configure "Recipient Permissions", Document Access Security", Auto Reminders", and Email Reminders" is not available for an electronic seal which has been added to the workflow.

This OTP authentication option will only be displayed if the "Enable One Time Password (OTP)" option is enabled in the document owner's service plan. If you cannot find this option in your account, .

The Time-based One-Time Password option will only be displayed if the "Enable Time-based One-Time Password (TOTP)" option is enabled in the document owner's service plan. If you cannot find this option in your account, .

To set up two-factor authentication (2FA), the user can either scan the QR code or manually enter the Manual Key into an authenticator app. After successful registration, the user must provide the Time-based One-Time Password (TOTP) generated by the app to proceed in SigningHub. A set of recovery codes is also provided in the configuration dialog, which can be used in place of a TOTP to regain access if the user loses access to their mobile device. Each recovery code is valid for one-time use only, and it is strongly recommended to store them in a secure location. Users can regenerate a new set of recovery codes anytime from the . If an enterprise user loses access to both their mobile device and recovery codes, or has used all of them, they can contact their enterprise administrator to for their account.

If the "Set Document Access Authentication for all recipients" option is selected against the , the document owner will not be allowed to share the workflow until "Document Access Authentication" is set for all the recipients in the workflow.

If the "Set Document Signing Authentication for all recipients" option is selected against the , the document owner will not be allowed to share the workflow until "Document Signing Authentication" is set for all the recipients in the workflow.

upgrade your service plan
upgrade your service plan
Manage Two Factor Authentication (2FA)
reset the two factor authentication (2FA)
document owner's user role
document owner's user role