LogoLogo
  • Welcome
  • GETTING STARTED
    • SigningHub at a Glance
      • Overview
      • Why SigningHub
      • Signature types
      • Signing methods
      • Mobile signatures
        • How SigningHub works
      • Enterprise management
    • Key Terminologies & Concepts
      • System terminologies
      • System users
      • Service plans
      • Individual vs Enterprise subscriptions
      • Document statuses
  • Registration & Login
    • Account Registration
      • Register a free trial account
      • Register an individual account
      • Register an enterprise account
      • Accept an enterprise user invitation
      • Direct registration
    • Login & Authentication Methods
      • Login through SigningHub ID
      • Login through Microsoft Active Directory
        • Auto Provisioning for Microsoft Active Directory
      • Login through Salesforce
      • Login through Microsoft ADFS
      • Login through Microsoft Office 365
      • Login through LinkedIn
      • Login through Google
      • OTP as a two-factor authentication
      • Login through the SSL client
      • Login through Freja eID
      • Login through Azure Active Directory
        • Auto-Provisioning for Azure Active Directory
      • Corporate logins
      • Login through OIDC
      • Login through OAuth2
      • Login through Azure SAML- based SSO
  • Dashboard & Listing
    • Dashboard
      • GeoIP-based user location
      • Multilingual user interface
    • Document Listing
      • Document interactions
      • Manage custom folders
      • Manage the archive folder
      • Manage shared folders
      • Document actions
        • Sign
        • Bulk sign
        • Bulk share
        • View document
        • Package details
        • Send reminder
        • Workflow details
        • Comments
        • Start a new signing process
        • Recall
        • Evidence report
        • Replicate workflow
        • Download
        • Rename
        • Move to folder
        • Print
        • Delete
      • Search a document
  • Sharing & Signing
    • Document Sharing - A Document Owner's View
      • Sign a new document
      • Add a document
        • Document certification settings
        • Document-related utilities
        • Supported documents
      • Apply a template on your document
      • Configure signing order
      • Add a recipient, electronic seal, and placeholder
      • Configure special privileges
        • Configure recipient permissions
        • Configure document access security
        • Configure workflow reminders
        • Configure email language
        • Configure post processing
      • Configure comments
      • Add data fields
        • Add signature fields
        • Add in-person signature fields
        • Add electronic seal fields
        • Add initials fields
        • Add attachment fields
        • Add form components
        • Configure form filling
        • Add QR Code
        • Add unique identifier
        • Add drop-in comments
      • Add comments
      • Add attachments
        • Make attachments compulsory
      • Append documents
      • Save as template
      • Add email message
      • Change a recipient/placeholder after sharing
    • Document Signing - A Recipient's View
      • Open a pending document
      • Add/download attachments
      • Append documents
      • Recipient permissions
      • Fill in your form components
      • Fill in your form fields
      • Add your initials
      • Add your field attachments
      • Add your in-person signature
      • Agree to the legal notice
      • Add comments
      • Add your signature
        • XML signing
        • Word document signing
        • Electronic seal signing
        • eID Easy signing
        • CSC signing
        • Remote Authorisation Signing (RAS)
        • Signing using Policy OID
        • Local-side signing using T1C Server
        • Local-side signing using ADSS Server
        • Signing based on National ID validation
        • Signing via signature pad
        • Signing behavior w.r.t signature appearance
          • Enterprise subscription
          • Individual subscription
        • OTP authentication
      • Bulk sign fields
      • Add drop-in comments
      • Review a document
      • Update a document
      • Host in-person signing
      • Decline a document
      • View verification details
      • Change a recipient/ placeholder
      • Delegate your signing authority in a workflow
      • QR code scanning
      • Signing flow via API
        • Server-side signing
          • Single document signing
            • ADSS signing
            • RAS signing
            • CSC signing
            • eID Easy signing
          • Bulk document signing
            • ADSS signing
            • RAS signing
            • CSC signing
        • Client-side signing
          • Single document signing
            • T1C signing
            • Go>Sign signing
          • Bulk document signing
            • T1C signing
            • Go>Sign signing
  • Configurations
    • Personal Configurations
      • Set up your SigningHub profile
        • Locale
        • Enterprise
      • Active sessions
      • Authorised devices
      • Two-Factor Authentication (2FA)
      • Security
      • Manage your contacts
        • Import contacts via CSV file
      • Manage your groups
      • Manage your library
        • Manage your library documents
        • Manage your library folders
      • Manage your templates
        • Add a document
          • Configure certified signature
        • Add recipient(s), electronic seal(s) and placeholder(s)
        • Configure workflow type
        • Configure document comments
        • Configure special privileges
          • Configure recipient permissions
          • Configure document access security
          • Configure auto reminders
          • Configure email language
          • Configure post processing
        • Add email message
        • Add data fields
          • Add signature fields
          • Add in-person signature fields
          • Add electronic seal fields
          • Add initials fields
          • Add attachment fields
          • Add form components
          • Configure form filling
          • Add QR Code
        • Read-only templates
      • Manage your legal notices
      • Manage your SmartForms
        • Using SmartForm for response collection
        • Using SmartForm for routing
      • Configure signature settings
      • Enable cloud drives
      • Delegate settings
      • Configure your notifications
        • Configure your email content
      • Optimize your account storage
      • Delete your account
    • Enterprise Configurations
      • Set up your enterprise profile
      • View your enterprise logs
      • Manage your enterprise contacts
        • Import contacts via CSV file
      • Manage your enterprise groups
      • Manage your enterprise users
        • Register an enterprise user
        • Register enterprise users via CSV file
        • Edit Enterprise User Details
        • Reset the password of your enterprise user
        • Reset two factor of your enterprise user
        • View activities of your enterprise users
        • Set service quota of your enterprise use
        • Invite an enterprise user
        • Invite enterprise users via CSV file
        • Pre-authorize users
        • Disable an enterprise user
        • Search an enterprise user
        • Manage signing certificates
      • Manage your user roles
        • Basic information
        • User access preferences
        • Enterprise access preferences
        • Document preferences
        • Template and library document preferences
        • Signature preferences
        • Signature appearance preferences
        • Signing server preferences
      • Manage your enterprise documents
        • View all documents of your enterprise
        • View package details of your enterprise documents
        • View workflow details of your enterprise documents
        • Manage recipients of your enterprise documents
        • Send workflow completion report of an enterprise document
        • Terminate workflow of your enterprise documents
        • Delete your enterprise documents
      • Manage your enterprise library
        • Manage your enterprise library documents
        • Manage your enterprise library folders
      • Manage your enterprise templates
      • Manage enterprise legal notices
      • Manage your electronic seals
      • Document reports
      • Signature reports
      • Electronic seal statistics
      • Advanced reports
      • Brand your enterprise account
        • Primary colour
        • Sidebar navigation
        • Error colour
      • Integrate third party applications
        • Manage third party integrations
        • Assign custom roles to external users
      • Manage certificate filters
      • Configure your enterprise notifications
        • Configure your enterprise email content
      • Configure advanced settings
        • Configure enterprise default settings
        • Delete enterprise account
        • Configure document accessibility preferences
  • Service Plan Management
    • Service Plans and Billing
      • View your service plan & usage statistics
      • View your billing invoice
      • Upgrade your service plan
      • Cancel plan
  • Track & Audit Activities
    • Audit Trail Options
      • View the activity logs
      • View the workflow history
      • View the workflow evidence report
      • View system notifications
Powered by GitBook

© Ascertia Limited 2025

On this page
  • Introduction
  • How it works?
  • Configuring Connectors in SigningHub Admin
  • Configure an SMS Connector
  • Configure an Email Connector
  • Service Plan Configuration in SigningHub Admin
  • Authentication via One Time Password (OTP) and Time based One Time Password (TOTP)
  • Login Authentication
  • Configuration:
  • Authentication:
  • Document Access Authentication
  • Configuration:
  • Authentication:
  • Document Signing Authentication
  • Signing Server-level Authentication
  • Configuration:
  • Authentication:
  • Recipient Permission-level Authentication
  • Configuration:
  • Authentication:
  • Field-level Authentication
  • Configuration:
  • Authentication:
  • OTP Preference

Was this helpful?

Export as PDF
  1. Sharing & Signing
  2. Document Signing - A Recipient's View
  3. Add your signature

OTP authentication

Introduction

OTP stands for "One-Time Password," and TOTP stands for "Time-based One-Time Password." Both are authentication methods that provide an additional layer of security beyond traditional passwords. In essence, OTPs, including TOTPs, are dynamic and time-sensitive, providing an effective means of securing digital accounts and transactions. When the documents are shared on the web with other users, it's important to upscale the security levels to prevent fraudulent attempts and bad actors from compromising your document security. SigningHub provides you with an option to configure One Time Password (OTP) and Time-based One Time Password (TOTP) for login authentication, document opening authentication, and document signing authentication.

How it works?

  1. Configure the SMS and Email connectors, in SigningHub Admin

  2. Configure OTP and TOTP against your service plan, in SigningHub Admin

  3. Authentication via One Time Password (OTP) and Time-based One-Time Password (TOTP)

  4. Login Authentication

  5. Document Access Authentication

  6. Document Signing Authentication

    • Signing Server-level Authentication

    • Recipient Permission-level Authentication

    • Field-level Authentication

    • OTP preference

Configuring Connectors in SigningHub Admin

Configure the "SMS Gateway" connector to be used for sending SMS OTPs, and the "Email Gateway" connector to be used for sending Email OTPs.

Configure an SMS Connector

Make the following configurations to a connector in SigningHub Admin:

  1. In the "Basic Information" section, choose "Twilio" as the "Provider".

  1. In the "Details" section, fill in the required fields.

Configure an Email Connector

Make the following configurations to a connector in SigningHub Admin:

  1. In the "Basic Information" section, choose "SMTP Server" as the "Provider".

  1. In the "Details" section, fill in the required fields.

Service Plan Configuration in SigningHub Admin

Make the following configurations against the service plan.

  1. From the Settings screen, check the "Enable One Time Password (OTP)" and the "Enable Time based One Time Password (TOTP)" checkboxes, as required.

Authentication via One Time Password (OTP) and Time based One Time Password (TOTP)

One Time Password (OTP) and Time based One Time Password (TOTP) can be used for login authentication, document access authentication, and document signing authentication.

Login Authentication

Configuration:

Make the following configurations to the user role settings SigningHub Web:

  1. In "Basic Information" tab, against your user role, choose either "One-Time Password" or "Time-based One-Time Password" as the "Secondary factor authentication".

  1. Once the enterprise administrator enforces Time based One Time Password as a secondary authentication method on to a role, and a user under that role does not have two factor authentication (2FA) configured at the time of login, they will be sent an email to set up and to provide a Time based One Time Password. If the user has already configured two factor authentication (2FA) they will be prompted to provide the Time based One Time Password from the authenticator app configured on their mobile device.

  2. To configure the two factor authentication (2FA) the user will need to install an authenticator app (Google Authenticator, Microsoft Authenticator, etc.) on their mobile device. The email sent to the user to configure two factor authentication (2FA) will contain:

    • QR Code

    • Manual Key

    • Recovery Codes

To set up, the user can either scan the "QR Code" or manually input the "Manual Key" in the Authenticator app. Once the registration is successful, the user can provide the automatically generated Time based One Time Password from the Authenticator app to SigningHub in order to proceed. The list of recovery codes included in the configuration email can be used in place of a Time based One Time Password, once each recovery code, to regain access to your SigningHub account, in case you lose access to your mobile device. It is advised to save the recovery codes in a safe place. The user can however, regenerate a new list of the recovery codes from the Manage Two Factor Authentication (2FA) option. In case enterprise user loses access to your mobile device and recovery codes, or have used all of the recovery codes, you can ask your enterprise admin to reset the two factor authentication (2FA) against your account.

Authentication:

  1. Once a secondary authentication method has been configured for login, the user will be prompted for secondary authentication upon login, after primary authentication.

Document Access Authentication

Configuration:

Make the following configurations to a workflow in SigningHub Web:

  1. From the "Set Access Security" dialog, enable the "Access Authentication", and from the following options choose either "One-Time Password" or "Time-based One-Time Password".

  1. The OTP method under "OTP Authentication" will be the same as per the configured OTP method in the document owner's service plan.

    • "(Email)", in case only "Email OTP" is configured in the service plan

    • "(SMS)", in case only "SMS OTP" is configured in the service plan

    • "(SMS and Email)", in case both "Email OTP" and "SMS OTP" are configured in the service plan

  2. If the user does not have two factor authentication (2FA) configured, they will be sent an email to set up and to provide a Time based One Time Password. If the user has already configured two factor authentication (2FA) they will be prompted to provide the Time based One Time Password from the authenticator app configured on their mobile device.

  3. To configure the two factor authentication (2FA) the user will need to install an authenticator app (Google Authenticator, Microsoft Authenticator, etc.) on their mobile device. The email sent to the user to configure two factor authentication (2FA) will contain:

    • QR Code

    • Manual Key

    • Recovery Codes

To set up, the user can either scan the "QR Code" or manually input the "Manual Key" in the Authenticator app. Once the registration is successful, the user can provide the automatically generated Time based One Time Password from the Authenticator app to SigningHub in order to proceed. The list of recovery codes included in the configuration email can be used in place of a Time based One Time Password, once each recovery code, to regain access to your SigningHub account, in case you lose access to your mobile device. It is advised to save the recovery codes in a safe place. The user can however, regenerate a new list of the recovery codes from the Manage Two Factor Authentication (2FA) option. In case enterprise user loses access to your mobile device and recovery codes, or have used all of the recovery codes, you can ask your enterprise admin to reset the two factor authentication (2FA) against your account.

Authentication:

  1. Once a document access authentication has been configured for a workflow, the user will be prompted for authentication upon opening the document.

Document Signing Authentication

Document signing authentication can be classified into three different categories; Signing Server-level Authentication, Recipient Permission-level Authentication, and Field-level Authentication.

Signing Server-level Authentication

Configuration:

Make the following configurations to the user role settings SigningHub Web:

  1. In the "Authentications" section, choose either "One-Time Password" or "Time-based One-Time Password" as the "Secondary Authentication Method".

  1. Once the enterprise administrator enforces Time based One Time Password as a secondary authentication method for a signing server against a role, and a user under that role does not have two factor authentication (2FA) configured at the time of signing with that signing server, they will be sent an email to set up and to provide a Time based One Time Password. If the user has already configured two factor authentication (2FA) they will be prompted to provide the Time based One Time Password from the authenticator app configured on their mobile device.

  2. To configure the two factor authentication (2FA) the user will need to install an authenticator app (Google Authenticator, Microsoft Authenticator, etc.) on their mobile device. The email sent to the user to configure two factor authentication (2FA) will contain:

    • QR Code

    • Manual Key

    • Recovery Codes

To set up, the user can either scan the "QR Code" or manually input the "Manual Key" in the Authenticator app. Once the registration is successful, the user can provide the automatically generated Time based One Time Password from the Authenticator app to SigningHub in order to proceed. The list of recovery codes included in the configuration email can be used in place of a Time based One Time Password, once each recovery code, to regain access to your SigningHub account, in case you lose access to your mobile device. It is advised to save the recovery codes in a safe place. The user can however, regenerate a new list of the recovery codes from the Manage Two Factor Authentication (2FA) option. In case enterprise user loses access to your mobile device and recovery codes, or have used all of the recovery codes, you can ask your enterprise admin to reset the two factor authentication (2FA) against your account.

Authentication:

  1. Once a secondary authentication method has been configured against a signing server, the user will be prompted for authentication at the time of signing.

Recipient Permission-level Authentication

Configuration:

Make the following configurations to a workflow in SigningHub Web:

  1. From the "Set Access Security" dialog, check the "Document Signing OTP Authentication", and from the following options choose either "One-Time Password" or "Time-based One-Time Password".

  1. The following rules will be followed for initiating the OTP process:

    • The system will initiate when the recipients attempt to sign a signature field, and will not initiate OTP process when recipient attempts to mark an Initials field.

    • Even if Document Signing OTP Authentication is configured, OTP process will fail to initiate in case the signer is performing Bulk Sign.

    • When the recipient is a registered user and attempts to sign a signature field, the system will follow the OTP authentication settings (including mobile number) as configured by document owner via "Set Access Security" dialog.

      • In case the OTP authentication is not configured by the document owner, the system will follow the OTP authentication settings configured in the Enterprise Role while using the mobile number specified on the user's "My Settings" page.

      • In case OTP authentication is not configured in the Enterprise Role or Service Plan, then OTP process will not initiate.

    • When the recipient is a guest user and attempts to sign a signature field, the system will follow the OTP authentication settings (including the mobile number) as configured by document owner via "Set Access Security" dialog.

      • In addition, even if the OTP authentication is configured in the Enterprise role, OTP process will still not initiate.

  2. The OTP method for "Document Signing OTP Authentication" will be the same as per the configured OTP method in the document owner's service plan.

    • "(Email)", in case only "Email OTP" is configured in the service plan

    • "(SMS)", in case only "SMS OTP" is configured in the service plan

    • "(SMS and Email)", in case both "Email OTP" and "SMS OTP" are configured in the service plan

  3. If the user does not have two factor authentication (2FA) configured, they will be sent an email to set up and to provide a Time based One Time Password. If the user has already configured two factor authentication (2FA) they will be prompted to provide the Time based One Time Password from the authenticator app configured on their mobile device.

  4. To configure the two factor authentication (2FA) the user will need to install an authenticator app (Google Authenticator, Microsoft Authenticator, etc.) on their mobile device. The email sent to the user to configure two factor authentication (2FA) will contain:

    • QR Code

    • Manual Key

    • Recovery Codes

To set up, the user can either scan the "QR Code" or manually input the "Manual Key" in the Authenticator app. Once the registration is successful, the user can provide the automatically generated Time based One Time Password from the Authenticator app to SigningHub in order to proceed. The list of recovery codes included in the configuration email can be used in place of a Time based One Time Password, once each recovery code, to regain access to your SigningHub account, in case you lose access to your mobile device. It is advised to save the recovery codes in a safe place. The user can however, regenerate a new list of the recovery codes from the Manage Two Factor Authentication (2FA) option. In case enterprise user loses access to your mobile device and recovery codes, or have used all of the recovery codes, you can ask your enterprise admin to reset the two factor authentication (2FA) against your account.

Authentication:

  1. Once a recipient permission-level signing authentication has been configured for a workflow, the user will be prompted for authentication at the time of signing.

Field-level Authentication

Configuration:

Make the following configurations to a signature/in-person signature field in SigningHub Web:

  1. From the Signature/In-Person field dialog, enable "Authenticate signer via OTP" and from the following options choose either "One-Time Password (SMS and Email)" or "Time-based One-Time Password".

  1. The "Authenticate signer via OTP" option is not available:

    • For a signature field:

      • If recipient is a group signer or a placeholder.

      • If One Time Password (OTP) and Time based One Time Password options are disabled in the service plan.

      • In case of an Individual workflow type.

    • For an in-person Signature field:

      • If One Time Password (OTP) and Time based One Time Password options are disabled in the service plan.

      • In case of an Individual workflow type.

  2. If there is an unprocessed signature/in-person signature field with the "Authenticate signer via OTP" option configured, the user will not able to "Bulk Sign" and "Bulk Sign and Share" the document.

  3. The OTP method for "Authenticate signer via OTP" will be the same as per the configured OTP method in the document owner's service plan.

    • "(Email)", in case only "Email OTP" is configured in the service plan

    • "(SMS)", in case only "SMS OTP" is configured in the service plan

    • "(SMS and Email)", in case both "Email OTP" and "SMS OTP" are configured in the service plan

  4. If the user does not have two factor authentication (2FA) configured, they will be sent an email to set up and to provide a Time based One Time Password. If the user has already configured two factor authentication (2FA) they will be prompted to provide the Time based One Time Password from the authenticator app configured on their mobile device.

  5. To configure the two factor authentication (2FA) the user will need to install an authenticator app (Google Authenticator, Microsoft Authenticator, etc.) on their mobile device. The email sent to the user to configure two factor authentication (2FA) will contain:

    • QR Code

    • Manual Key

    • Recovery Codes

    To set up, the user can either scan the "QR Code" or manually input the "Manual Key" in the Authenticator app. Once the registration is successful, the user can provide the automatically generated Time based One Time Password from the Authenticator app to SigningHub in order to proceed. The list of recovery codes included in the configuration email can be used in place of a Time based One Time Password, once each recovery code, to regain access to your SigningHub account, in case you lose access to your mobile device. It is advised to save the recovery codes in a safe place. The user can however, regenerate a new list of the recovery codes from the Manage Two Factor Authentication (2FA) option. In case enterprise user loses access to your mobile device and recovery codes, or have used all of the recovery codes, you can ask your enterprise admin to reset the two factor authentication (2FA) against your account.

  6. In case a recipient is changed and the "Authenticate signer via OTP" option was configured, the system will require the mobile number of the new recipient.

Authentication:

  1. Once a field-level authentication authentication has been configured, the user will be prompted for authentication at the time of signing.

OTP Preference

The following OTP preference will be followed while signing, in case of configuration of Signing Server-level Authentication, Recipient Permission-level Authentication, and Field-level Authentication.

Field-level Authentication
Recipient Permission-level Authentication
Signing Server-level Authentication
OTP preference

No

No

No

-

Yes

Yes

Yes

Field-level OTP

Yes

No

No

Field-level OTP

Yes

Yes

No

Field-level OTP

Yes

No

Yes

Field-level OTP

No

Yes

No

Recipient Permission-level Authentication

No

Yes

Yes

Recipient Permission-level Authentication

No

No

Yes

Signing Server-level Authentication

PreviousIndividual subscriptionNextBulk sign fields

Last updated 5 months ago

Was this helpful?