Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
The tab lets you configure basic information as well as authentication settings. Basic information consists of role name, description and whether it'll be default for new users or not. The Login Authentication lets you configure a private authentication method in a role. This method is specifically used for the login authentication of your enterprise users, and will not be available to public users under the "More Login Options" link of login screen. At the time of login, SigningHub will check the IDs of your enterprise users and allow them to only authenticate themselves through the private method configured in their role. However they can also login by using "More Login Options" link, if you allow them to use public authentication methods.
Login with your enterprise admin credentials.
Click "Configuration" in left menu.
Choose "Roles" under People options in Enterprise Administration section.
Select the role to edit and click "Edit Role" in right panel. Role screen will appear for re-configurations.
Click "Basic Information". Configure the basic information as required.
Click "Save changes".
See the description in the "Basic Information" table below.
Login with your enterprise admin credentials.
Click "Configuration" in left menu.
Choose "Roles" under People options in Enterprise Administration section.
Select the role to edit and click "Edit Role" in right panel. Role screen will appear for re-configurations.
Click "Basic Information". Configure the authentication settings as required.
Click "Save changes".
See the description in the "Authentication Preferences" table below.
When you update a role in a production environment, the saved changes are available to the related users on their next login.
​​A private authentication profile is the one that is exclusively used for corporate logins and is not available to the end users (public) on their Login screen and Integration screen of SigningHub Desktop Web.
The availability of private authentication profiles, is subject to your subscribed service plan. If you cannot find this option in your account, upgrade your enterprise service plan. The availability of Time based One Time Password, and One Time Password as a secondary authentication method is subject to your subscribed service plan.
Once the enterprise administrator enforces Time based One Time Password as a secondary authentication method on to a role, and a user under that role does not have two factor authentication (2FA) configured at the time of login, they will be sent an email to set up and to provide a Time based One Time Password. If the user has already configured two factor authentication (2FA) they will be prompted to provide the Time based One Time Password from the authenticator app configured on their mobile device.
To configure the two factor authentication (2FA) the user will need to install an authenticator app (Google Authenticator, Microsoft Authenticator, etc.) on their mobile device. The email sent to the user to configure two factor authentication (2FA) will contain:
QR Code
Manual Key
Recovery Codes
To set up, the user can either scan the "QR Code" or manually input the "Manual Key" in the Authenticator app. Once the registration is successful, the user can provide the automatically generated Time based One Time Password from the Authenticator app to SigningHub in order to proceed. The list of recovery codes included in the configuration email can be used in place of a Time based One Time Password, once each recovery code, to regain access to your SigningHub account, in case you lose access to your mobile device. It is advised to save the recovery codes in a safe place. The user can however, regenerate a new list of the recovery codes from the Manage Two Factor Authentication (2FA) option. In case enterprise user loses access to your mobile device and recovery codes, or have used all of the recovery codes, you can ask your enterprise admin to reset the two factor authentication (2FA) against your account.
The User Access Preferences tab lets you configure the usability related SigningHub modules in a role. You can select your choice modules from the list to make them available to your enterprise users (registered with this role) for navigation. SigningHub supports granular access management along with their fine grained authorization, i.e. read, add/ edit, and delete access on different modules/ sub modules of the system.
Login with your enterprise admin credentials.
Click "Configuration" in left menu.
Choose "Roles" under People options in Enterprise Administration section.
Select the role to edit and click "Edit Role" in right panel. Role screen will appear for re-configurations.
Click "User Access Preferences". Select the user settings check boxes and their respective granular access as required.
Click "Save changes".
See the description in the "User Access Preferences" table below.
The tab lets you configure which templates and library documents will be accessible by the role.
Login with your enterprise admin credentials.
Click "Configuration" in left menu.
Choose "Roles" under People options in Enterprise Administration section.
Select the role to edit and click "Edit Role" in right panel. Role screen will appear for re-configurations.
Click "Template and Library Document Preferences".
In "Allowed Templates" section, enable toggle adjacent to the template you want to allow to be accessible.
You can use "Filter" to search, "Show" drop-down to manage which templates to show and "Disable All" and "Enable All" buttons to manage templates.
Login with your enterprise admin credentials.
Click "Configuration" in left menu.
Choose "Roles" under People options in Enterprise Administration section.
Select the role to edit and click "Edit Role" in right panel. Role screen will appear for re-configurations.
Click "Template and Library Document Preferences".
In "Allowed Templates" section, enable toggle adjacent to the template you want to allow to be accessible.
You can use "Filter" to search, "Show" drop-down to manage which templates to show and "Disable All" and "Enable All" buttons to manage templates.
The Document Preferences tab lets you configure documents related settings in a role. From here you can set the privileges for the document owners and recipients (within your enterprise) registered with this role, and may also configure document related provisions available within integration mode (i.e., iFrame). The concept of shared spaces has been introduced which allows delegating your document processing authority to a group of users, configure it as required. It also provides a team working environment, where the peers have the same set of privileges inside a space and can process the team documents accordingly.
Login with your enterprise admin credentials.
Click "Configuration" in left menu.
Choose "Roles" under People options in Enterprise Administration section.
Select the role to edit and click "Edit Role" in right panel. Role screen will appear for re-configurations.
Click "Document Preferences". Select the user settings check boxes and their respective granular access as required.
Click "Save changes".
See the description in the "Document Preferences" table below.
The enterprise admin who is willing to upload and share documents on behalf of their enterprise users, must have the "Application Integration" rights in their assigned role.
The "Template Applying", "Package Renaming", "Document Renaming", "Documents Merging", and "Documents Managing" options will not be available in the integration mode (i.e., iFrame), irrespective of their role settings.
When you update a role in a production environment, the saved changes are applicable to the related users on their next login.
The availability of "Bulk Signing and Sharing" provision is subject to your subscribed service plan. If you cannot find this option in your account, upgrade your service plan.
In the "Level of Assurance" field under the "Allowed Signature Fields" section, the names of the Levels of Assurance are displayed as configured in the SigningHub Admin.
In addition, this field displays all the Levels of Assurance available in the SigningHub Admin. The "Only share with your enterprise contacts and groups" and the "Allow users to only use personal contacts and groups" options can not be checked simultaneously. If either one of the checkbox is checked, and the user tries to check the other one, the system will prompt an error
.
In case the "Allow users to only use personal contacts and groups" checkbox is checked, only personal contacts and groups will be visible to the user while:
Starting a workflow
Changing a recipient
Adding a collaborator for the workflow
Adding a collaborator in the template
Adding a collaborator in the shared space
Configuring delegated signing
Configuring the delegate settings; for the delegator and the gatekeeper
Personal groups
Configuring the personal groups; the system will hide the enterprise dropdown from personal groups.
Configuring the personal contacts; the system will hide the enterprise dropdown from personal contacts.
Configuring post processing
The system will show the user name of a configured contact by checking the email address in the personal contacts, if the contact does not exist in personal contacts, then the system will show, as user name, the name set by the contact itself in their "My Settings".
If the "Set Document Access Authentication for all recipients" option is selected against the document owner's user role, the document owner will not be allowed to share the workflow until "Document Access Authentication" is set for all the recipient in the workflow.
If the "Set Document Signing Authentication for all recipients" option is selected against the document owner's user role, the document owner will not be allowed to share the workflow until "Document Signing Authentication" is set for all the recipient in the workflow.PreferencesPreferences
Signature settings are all about configuring the allowed signing methods (i.e., Server-side Signing, Client-side (Local) Signing, and/or Mobile Signing), authentication methods (i.e., No Authentication, OTP via SMS, SigningHub ID, Microsoft Active Directory, Salesforce, Freja eID etc.) and signing capacities in a role. You can separately configure these settings for web browsers and mobile apps, and choose a default signing method for each case. You can also configure Remote Authorized Signing here, which allows a user to authorize a remote signature (done on the server) using their registered mobile device. The device will have its user authentication built-in (touchID or PIN), so in a way they can also configure two-factor authentication. Furthermore, this section lets you manage signing reasons, which are used in the Signature Appearance, and become a permanent part of a PDF signature. The signing reasons can optionally be displayed in the signed PDF document.
Login with your enterprise admin credentials.
Click "Configuration" in left menu.
Choose "Roles" under People options in Enterprise Administration section.
Select the role to edit and click "Edit Role" in right panel. Role screen will appear for re-configurations.
Click "Document Preferences" and "Signing Server Preferences" and configure desired setting.
Click "Save changes".
Login with your enterprise admin credentials.
Click "Configuration" in left menu.
Choose "Roles" under People options in Enterprise Administration.
Search and select the desired role and click on "Edit" button in left panel.
Expand "Signature Server Preferences" tab and click "Add a Signing Server".
Configure the settings as required.
Click "Done" button.
See below table for description.
When a new signing server is configured in the user role, it will fetch any signature appearance configurations set against the signing server in the service plan, if any.
When a new enterprise user is registered, if a signature appearance was set against this signing server in the service plan, against the user's role, it will be selected as the "Signature Appearance", by default.
Upon changing the selected signature appearance, any uploaded logo will be removed as well.
The "Signature Appearance" field appears for both; server-side signing servers, and local-side signing servers.
Same authentication is applied on Electronic Seal (eSeal), Advanced Electronic Seal (AdESeal) and Qualified Electronic Seal (QESeal) though it will generate different certificates accordingly. Therefore, if you have selected the signing capacities of Electronic Seal (eSeal), Advanced Electronic Seal (AdESeal) and Qualified Electronic Seal (QESeal), then on this screen you will see them bundled as a single authentication.
Signing Servers to be configured under enterprise roles, are subject to your assigned enterprise service plan and only those signing servers will be available under enterprise roles that are configured in your service plan.
When adding a Signing Server for CSC, there is no signing capacities or level of assurance related information appears.
When adding a Signing Server for Client Held Keys using either ADSS or CSC, there will be no further options appears.
The availability of Time based One Time Password, and One Time Password as a secondary authentication method is subject to your subscribed service plan.
Once the enterprise administrator enforces Time based One Time Password as a secondary authentication method for a signing server against a role, and a user under that role does not have two factor authentication (2FA) configured at the time of signing with that signing server, they will be sent an email to set up and to provide a Time based One Time Password. If the user has already configured two factor authentication (2FA) they will be prompted to provide the Time based One Time Password from the authenticator app configured on their mobile device.
To configure the two factor authentication (2FA) the user will need to install an authenticator app (Google Authenticator, Microsoft Authenticator, etc.) on their mobile device. The email sent to the user to configure two factor authentication (2FA) will contain:
QR Code
Manual Key
Recovery Codes
To set up, the user can either scan the "QR Code" or manually input the "Manual Key" in the Authenticator app. Once the registration is successful, the user can provide the automatically generated Time based One Time Password from the Authenticator app to SigningHub in order to proceed. The list of recovery codes included in the configuration email can be used in place of a Time based One Time Password, once each recovery code, to regain access to your SigningHub account, in case you lose access to your mobile device. It is advised to save the recovery codes in a safe place. The user can however, regenerate a new list of the recovery codes from the Manage Two Factor Authentication (2FA) option. In case enterprise user loses access to your mobile device and recovery codes, or have used all of the recovery codes, you can ask your enterprise admin to reset the two factor authentication (2FA) against your account.
When the "Key Protection Option" option is set to 'System Password' (i.e., Sole Control is off) in certification profiles under SigningHub Admin configurations, SigningHub gives you the provision to choose a third-party authentication option for your enterprise users. You may select any of the following 15 options; through which your enterprise users can authenticate themselves for server-side signing.
No Authentication:
Select this option to let your enterprise users sign their documents directly without any authentication. In this case, their server based certificate will be used for signing but system will not prompt for any password or OTP.
SigningHub ID:
Select this option to allow enterprise users to use their SigningHub account password to sign their documents.
Microsoft Active Directory:
Select this option to allow enterprise users to use their Active Directory credentials to sign their documents. SigningHub will require their user ID (as registered in the organisational Active Directory) and domain password for the signing activity. you can authenticate using your Active Directory credentials at the time of signing having a different email address and vice versa.
Microsoft ADFS:
Select this option to allow enterprise users to use their ADFS credentials to sign their documents. SigningHub will require their user ID (as registered in cloud ADFS) and domain password for the signing activity. you can authenticate using your ADFS credentials at the time of signing having a different email address and vice versa.
Microsoft Office 365:
Select this option to allow enterprise users to use their Microsoft Office 365 credentials to sign their documents. SigningHub will require their Office 365 credentials (ID and password) for the signing activity. In case your enterprise user has logged in through SigningHub ID and want to sign through Microsoft Office 365 credentials, then their SigningHub ID (email address) and Office 365 ID (email address) must be the same.
Salesforce:
Select this option to allow enterprise users to use their Salesforce credentials to sign their documents. SigningHub will require their Salesforce credentials (ID and password) for the signing activity. you can authenticate using your Salesforce credentials at the time of signing having a different email address and vice versa.
LinkedIn:
Select this option to allow enterprise users to use their LinkedIn credentials to sign their documents. SigningHub will require their LinkedIn credentials (ID and password) for the signing activity. you can authenticate using your LinkedIn credentials at the time of signing having a different email address and vice versa.
Google:
Select this option to allow enterprise users to use their Google credentials to sign their documents. SigningHub will require their Google credentials (ID and password) for the signing activity. you can authenticate using your Google credentials at the time of signing having a different email address and vice versa.
Freja eID:
Select this option to allow your enterprise users to use their Freja eID authentication to sign their documents. Whenever, your enterprise user attempts to sign a document, a signing request will be sent to their mobile device running the Freja eID app. Upon confirmation from the Freja eID app, the document will be signed.
Authorisation via Mobile App:
Select this option as the Authentication Method to allow your enterprise users to use remote authorised signing provision. This option will only appear for the capacities that has Qualified Electronic Signature (QES) configured as the level of assurance and appears under 'Signing Capacities for Remote Authorization (Owned by User)' category.
OAuth2:
Select this option to allow enterprise users to use your IDP credentials (OAuth2 supported protocol) to sign their documents. SigningHub will require their IDP credentials (ID and password) for the signing activity. you can authenticate using your IDP credentials at the time of signing having a different email address and vice versa.
OIDC:
Select this option to allow enterprise users to use your IDP credentials (OIDC supported protocol) to sign their documents. SigningHub will require their IDP credentials (ID and password) for the signing activity. you can authenticate using your IDP credentials at the time of signing having a different email address and vice versa.
When you update a role in a production environment, the saved changes are applicable to the related users on their next login.
This section also lets you select a signature appearance design, which specifies the user information (i.e., Hand signature with details & company logo, hand signature with details, or hand signature only) to be displayed in a user signature. The configurations set here will be displayed as the default settings to your enterprise users belonging to this role. However, users can overrule these configurations through their personal signature settings or while signing a document.
Additionally you can configure a signature font, when using text based signatures in SigningHub Desktop Web. The signature appearance will be rendered in the same font upon signing.
Login with your enterprise admin credentials.
Click "Configuration" in left menu.
Choose "Roles" under People options in Enterprise Administration.
Search and select the desired role and click on "Edit" button in left panel.
Click "Signature Appearance Preferences".
Click "Save Changes" button.
Signature Pad can be used to perform hand signatures and in-person hand signatures, only on Desktop Web.
Signature Pad can be used to perform initials only on Desktop Web.
​If you clear all the signature appearance designs from the "Allowed Signature Appearance Designs" field, the "Default Signature Appearance" field will also clear up automatically.
If you want to configure a fixed signature appearance design for your enterprise users, belonging to this role, only select one signature appearance design in the "Allowed Signature Appearance Designs" field.
For a new enterprise user, by default, all the signature appearance designs allowed in the user's service plan will be selected in the "Allowed Signature Appearance Designs" field.
For a new enterprise user, by default, the first signature appearance design which was allowed in the user's service plan will appear in the "Default Signature Appearance" field.
For an existing user, if they had previously selected the "All" option to allow all the signature appearance designs, all the signature appearance designs as configured in the user's service plan will now be selected in the "Allowed Signature Appearance Designs" field, by default.
For an existing user, if they had previously selected the "Only" option to allow only one signature appearance design, the same signature appearance design will now be selected in the "Allowed Signature Appearance Designs" field, by default.
| Field | Description |
|---|---|
| Field | Description |
|---|---|
| Field | Description |
|---|---|
| Field | Description |
|---|---|
| Fields | Description |
|---|
| Fields | Description |
|---|
The drop-down list of "Authentication Method" (i.e., SigningHub ID, Salesforce, Microsoft Active Directory, LinkedIn, Google, Bank ID etc.) in server-side signing, depends on the key protection option under your certification profiles. If you are unable to find the required authentication method in the list; contact .
The availability of configuring "OTP via SMS" is subject to your subscribed service plan. If you are unable to find this option in your account; .
"Authorisation via Mobile App" is subject to your signing profile that is configured in your service plan. If there is a signing capacity added for remote authorisation signing under your singing profile then these capacities will appear under signature settings under the label 'Signing Capacities for Remote Authorisation (Owner by User). If you are unable to find this option in your account; contact .
| Fields | Description |
|---|
Role name
Name to be displayed for the role.
Description
Description for the role.
Default
Enable if you want to make it default for new users.
Default Authentication Method
Field to select a private authentication profile for the enterprise users belonging to this role. The drop down will show the list of authentication methods that are allowed in your service plan. When selected, the enterprise user will have to enter their registered ID in the login screen, SigningHub will read their ID and will automatically open the configured (private) authentication method (i.e. SSL authentication, Microsoft Active Directory, Salesforce, Google, etc.) screen for their authentication. Select the "None" option to disable the private authentication for this role. In this case SigningHub will let your enterprise users to use any public authentication from the "More Login Options" link of login screen.
Allow public authentication methods
Tick this check box to allow the enterprise users of this role to either use any public authentication method from the "More Login Options" link of login screen, or use the set private authentication method above to authenticate themselves. In this way they will have the option at the login time, whether to get themselves authenticated via any public authentication method or through the set private authentication method. If you leave this check box unticked against a configured private authentication method, the "More Login Options" link of login screen will be inaccessible to the enterprise users of this role.
Secondary Authentication Method
Field to enforce the enterprise users of this role, to use a secondary authentication method in conjunction with any of the private/ public authentication method. The drop down will show the list of secondary authentication methods that are allowed in your service plan i.e. One Time Password or Time based One Time Password. The enterprise users of this role will have to first provide the correct credentials of private/ public authentication method, and then based on their selected option, provide either:
One Time Password: An OTP will be sent on their mobile devices. The mobile number of an enterprise user on which the OTP is required to send, can be added in their personal profile, see details.
Time based One Time Password: The TOTP from the configured authenticator app on their mobile devices. The two-factor authentication (2FA) can be configured by the user in their personal profile.
Select the "None" option to disable the secondary authentication method for this role.
Signature Settings
Select this option to allow the user signatures configuration access in a role. This will enable the "Signatures" tab under the configurations for your enterprise users belonging to this role.
Groups
Select this option to allow the user groups management access in a role. This will enable the "Groups" and "Contacts" tabs under the configurations for your enterprise users belonging to this role.
Templates management
Select this option to allow the user templates management access in a role. This will enable the "Templates" tab under the configurations for your enterprise users belonging to this role.
Library management
Select this option to allow the user documents library management access in a role. This will enable the "Library" tab under the configurations option for your enterprise users belonging to this role.
Notifications
Select this option to allow the user emails configuration access in a role. This will enable the "Notifications" tab under the configurations option for your enterprise users belonging to this role.
Legal notices
Select this option to allow the user legal notices management access in a role. This will enable the "Legal Notices" tab under the configurations option for your enterprise users belonging to this role.
Delegation
Select this option to allow the delegated signing feature in a role. This will enable the "Delegated Signing" tab under the configurations option for your enterprise users belonging to this role.
Advanced options
Select this option to allow the account deletion feature in a role. This will enable the "Advanced" tab under the configurations option for your enterprise users belonging to this role.
Cloud Drives
Select this option to allow the cloud drive configuration access in a role. This will enable the "Cloud Drives" tab under the configurations option, and the "Get from Cloud" option on Document adding screen, for your enterprise users belonging to this role.
Google Drive: Select this option to allow access to Google Drive in a role.
OneDrive: Select this option to allow access to OneDrive in a role.
Dropbox: Select this option to allow access to Dropbox in a role.
Web Browsers: Types of Hand Signature | The following preferences will be applicable to your enterprise users (that are registered with this role), when they perform signing through Web Browsers:
|
Mobile Apps: Types of Hand Signature | The following preferences will be applicable to your enterprise users (that are registered with this role), when they perform signing through Mobile Apps:
|
Types of Initials | The following preferences will be applicable to your enterprise users (that are registered with this role), when they add their initials:
|
Signature Appearance Designs | The "Allowed Signature Appearance Designs" field allows the enterprise admin to configure the signature appearance designs (i.e., Hand Signatures Only, Hand Signature with Details and Logo, Hand Signature with Details, or any other custom signature design) that the users, belonging to the role being configured, are allowed to use for digital signatures. It is a mandatory field. You can either allow specified signature appearance designs or allow all the available signature appearance designs. The drop down list for this field displays the signature appearance designs as configured in the service plan. The "Default Signature Appearance" field defines what signature appearance design will be used by default when the document owners signs a signature field. Once the enterprise admin configures the "Allowed Signature Appearance Designs" field, the system will automatically populate the "Default Signature Appearance" field. By default, the first allowed signature appearance from the "Allowed Signature Appearance Designs" field will be selected in the "Default Signature Appearance" field. The configured levels of assurance from the "Allowed Signature Appearance Designs" field will be listed in the "Default Signature Appearance" drop down list for the enterprise admin to manually configure it. For a new enterprise user under a specific role, the system will pick the configured default signature appearance from this field and set it as the default signature appearance for the user in Personal Settings.
|
Hand signature font |
|
Allow uploading and sharing of new documents
Select this option to allow the document owners within your enterprise (belonging to this role) to upload and share documents with any users (i.e., inside and outside your enterprise). This will enable the "New Workflow" option on their System Dashboard and Document Listing screens. If you keep the "Upload and Share" option deselected, it will restrict the document owners to upload and share documents with other users. However, they can still sign their (personal and received) documents.
Select the "Start existing workflow" sub option to show or hide the "Start New Workflow" option on the the "Documents Listing" page under the More Options menu.
Select the "Replicate Workflow" sub option to show or hide the "Replicate Workflow" option on the the documents listing screen under the More Options menu, and on the document viewer screen.
Select the "Only share with your enterprise contacts and groups" sub option to restrict the document owners to only share documents with their enterprise contacts and enterprise groups. The users will not be able to share documents with any personal contacts or personal groups.
Select a value (i.e., Just Others, Me and Others, or Only Me) from the "Default signing mode" drop-down list that can be set as default when the document owners click the "New Workflow" button from their System Dashboard or Document Listing screens. They can however change the default workflow mode by clicking the adjacent drop-down list while initiating a workflow as required.
Select a value (i.e. Serial, Parallel, Individual, or Custom) from the "Default signing order" drop-down list which can be displayed (as selected) to the document owners while adding recipients in a workflow. They can however change the default workflow type while initiating a workflow as required.
Manage recipients after sharing a document
Select this option to allow the document owners within your enterprise (belonging to this role) to change the specified recipients after sharing a document. If you keep this option deselected, it will restrict the document owners to change the recipients once a workflow is initiated by them.
Printing
Select this option to allow the document owners within your enterprise (belonging to this role) to print the documents after initiating their workflows. If you keep this option deselected, it will restrict the document owners to print their workflow documents.
Download
Select this option to allow the document owners within your enterprise (belonging to this role) to download the documents after initiating their workflows. If you keep this option deselected, it will restrict the document owners to download their workflow documents.
Manage document attachments and document merging
Select this option to allow the document owners within your enterprise (belonging to this role) to manage their documents attachments and merging, after initiating their workflows. If you keep this option deselected, it will restrict the document owners to manage attachments of their documents or merge their documents once their workflows are initiated by them.
Recall workflows
Select this option to allow the document owners within your enterprise (belonging to this role) to recall workflows. If you keep this option deselected, it will restrict the document owners from recalling their workflows.
Allow users to save a workflow as a template
Select this option to allow the document owners within your enterprise (belonging to this role) to save workflows as templates for use later. If you keep this option deselected, it will restrict the document owners from saving workflows as templates.
View the workflow details and workflow evidence reports
Select this option to allow the document owners within your enterprise (belonging to this role) to view the workflow history and workflow evidence reports of their documents after initiating their workflows. If you keep this option deselected, the document owners will not be able to see these options against their workflow documents.
Add invisible signatures in the document
Select this option to allow the document owners within your enterprise (belonging to this role) to add invisible signatures in a document. This will add an additional field (i.e., Display) under the "Details" tab of a signature field properties dialog. An invisible signature will not be displayed on a document. However it entails all other verifiable characteristics of e-signing i.e., Time stamping, Certificate Chain, Certificate Status, etc. An invisible signature can be a Digital Signature, Witness Digital Signature or Witness In-Person Signature as configured in a workflow.
Enforce document access authentication for all the recipients
Select this option to require the document owners within your enterprise (belonging to this role) to set the document access authentication for all the recipients before sharing the workflow. By default, this option is deselected. If you keep this option deselected, the document owners will be able to share the workflow without having to set the document access authentication for all the recipients.
Enforce document signing authentication for all the recipients
Select this option to require the document owners within your enterprise (belonging to this role) to set the document signing authentication for all the recipients before sharing the workflow. By default, this option is deselected.
If you keep this option deselected, the document owners will be able to share the workflow without having to set the document signing authentication for all the recipients.
Certification options
Select this option to allow the document owners within your enterprise (belonging to this role) to certify the document to restrict the recipients to perform only the specific changes in a document, as the system won't allow them to perform any other changes.
If you keep this option deselected, the document owners will be able not be able to certify documents.
Signature field
Select this option to allow the document owners within your enterprise (belonging to this role) to add signature fields in their workflows. If this option is selected, the "Level of Assurance" and "Default Level of Assurance" mandatory fields will appear for the user to configure. If you keep this option deselected, the document owners will not be able to add the "Signature" field while preparing workflows. The "Level of Assurance" field allows the enterprise admin to configure the levels of assurance that the document owners are allowed to use for a signature field. You can either allow specified levels of assurance or allow all available levels of assurance. The drop down list for this field displays the levels of assurance as configured in the service plan. The possible options for this field are:
Simple Electronic Signature (SES)
Electronic Seal (eSeal)
Advanced Electronic Seal (AdESeal)
Qualified Electronic Seal (QESeal)
Advanced Electronic Signature (AES)
High Trust Advanced Signature (AATL)
Qualified Electronic Signature (QES)
For details about the above mentioned levels of assurances, click here. The "Default Level of Assurance" field defines what levels of assurance will be used by default when the document owners drops a signature field. The system automatically populates this field as per the "Default Levels of Assurance" field, in the service plan. The configured levels of assurance from the "Level of Assurance" field will be listed in the "Default Level of Assurance" drop down list for the enterprise admin to manually configure the "Default Level of Assurance" field. The configuration of this field supersedes the configuration of the "Default Levels of Assurance" field in the service plan. For a new enterprise user under a specific role, the system will pick the configured default level of assurance from this field and set it as the default level of assurance for the user in Personal Settings.
In-Person signature field
Select this option to allow the document owners within your enterprise (belonging to this role) to add In-Person signature fields in their workflows. If this option is selected, the "Level of Assurance" and "Default Level of Assurance" mandatory fields will appear for the user to configure. If you keep this option deselected, the document owners will not be able to add the "In-Person Signature" field while preparing workflows. The "Level of Assurance" field allows the enterprise admin to configure the levels of assurance that the document owners are allowed to use for an In-Person signature field. You can either allow specified levels of assurance or allow all available levels of assurance. The drop down list for this field displays the levels of assurance as configured in the service plan. The possible options for this field are:
Simple Electronic Signature (SES)
Electronic Seal (eSeal)
Advanced Electronic Seal (AdESeal)
Qualified Electronic Seal (QESeal)
The "Default Level of Assurance" field defines what level of assurance will be used by default when the document owners drops an In-Person signature field. The system automatically populates this field as per the "Default Levels of Assurance" field, in the service plan. The configured levels of assurance from the "Level of Assurance" field will be listed in the "Default Level of Assurance" drop down list for the enterprise admin to manually configure the "Default Level of Assurance" field. The configuration of this field supersedes the configuration of the "Default Levels of Assurance" field in the service plan.
For a new enterprise user under a specific role, the system will pick the configured default level of assurance from this field and set it as the default level of assurance for the user in Personal Settings.
Initials
Select this option to allow the document owners within your enterprise (belonging to this role) to add initials fields in their workflows. If you keep this option deselected, the document owners will not be able to add the "Initials" field while preparing workflows.
Name
Select this option to allow the document owners within your enterprise (belonging to this role) to add name fields in their workflows. If you keep this option deselected, the document owners will not be able to add the "Name" field while preparing workflows.
Select this option to allow the document owners within your enterprise (belonging to this role) to add email fields in their workflows. If you keep this option deselected, the document owners will not be able to add the "Email" field while preparing workflows.
Date
Select this option to allow the document owners within your enterprise (belonging to this role) to add date fields in their workflows. If you keep this option deselected, the document owners will not be able to add the "Date" field while preparing workflows.
Company
Select this option to allow the document owners within your enterprise (belonging to this role) to add company fields in their workflows. If you keep this option deselected, the document owners will not be able to add the "Company" field while preparing workflows.
Job Title
Select this option to allow the document owners within your enterprise (belonging to this role) to add job title fields in their workflows.
If you keep this option deselected, the document owners will not be able to add the "Job Title" field while preparing workflows.
Text field
Select this option to allow the document owners within your enterprise (belonging to this role) to add text fields in their workflows.
If you keep this option deselected, the document owners will not be able to add "Text Field" while preparing workflows.
Text area
Select this option to allow the document owners within your enterprise (belonging to this role) to add text areas in their workflows.
If you keep this option deselected, the document owners will not be able to add the "Text Area" field while preparing workflows.
Radio button
Select this option to allow the document owners within your enterprise (belonging to this role) to add radio buttons in their workflows.
If you keep this option deselected, the document owners will not be able to add "Radio Button" while preparing workflows.
Check box
Select this option to allow the document owners within your enterprise (belonging to this role) to add check boxes in their workflows.
If you keep this option deselected, the document owners will not be able to add "Check Boxes" while preparing workflows.
Add text
Select this option to allow the document owners within your enterprise (belonging to this role) to add text fields in their workflows.
If you keep this option deselected, the document owners will not be able to add the "Add Text" field while preparing workflows.
Attachment
Select this option to allow the document owners within your enterprise (belonging to this role) to add attachment fields in their workflows.
If you keep this option deselected, the document owners will not be able to add "Attachment" field while preparing workflows.
QR Code
Select this option to allow the document owners within your enterprise (belonging to this role) to add QR codes in their workflows.
If you keep this option deselected, the document owners will not be able to add QR codes while preparing workflows.
Proceed automatically upon completion of the mandatory actions by the signer
Select this option to automatically trigger the "Finish" button in a role. When the users belonging to this role will complete the mandatory actions of their collaboration, the "Finish" button will not be displayed on the screen and the process will be concluded automatically from their end.
If the "Automatically proceed with workflow upon completion of mandatory actions by signer" option is checked, the "Automatically close the document viewer" option shall appear.
Select the "Automatically close the document viewer" sub option to automatically close the document viewer once the signer has performed all the mandatory actions. By default, this option will be unchecked.
Add comments on documents
Select this option to allow the enterprise users (belonging to this role) to add comments on the workflow documents once their workflows are initiated.
If you keep this option deselected, it will restrict them to add comments on such documents.
Delete documents
Select this option to allow the enterprise users (belonging to this role) to remove documents from their accounts.
If you keep this option deselected, it will restrict them from deleting documents from their accounts.
Perform actions on behalf of enterprise users
Select this option to allow your enterprise admin to upload and share documents, manage recipients, add signature fields and form fields on behalf of the enterprise users belonging to this role, by using the SigningHub API. This is useful in cases where a specific set of users (i.e., Reviewers) are not allowed to upload and share documents on their own (i.e., the "Upload and Share" option is turned off for them), however they can still review the current status of documents and can send their reminders as required.
Manage shared folders
Select this option to allow the users within your enterprise (belonging to this role) to manage their shared spaces. They can create their own shared spaces for their nominated collaborators, and may also edit and delete these spaces as required. In this way, the nominated collaborators can process the workflows of a shared space documents on behalf of the space owner in their absence.
If you keep this option deselected, the users (belonging to this role) would not be able to manage their own shared spaces. However they can still collaborate in the shared spaces of other users, if they are made collaborators in them.
Allow users to sign documents | Enable this option to allow the users (that are associated with this role) to perform signing operations and signature settings management. If this option is disabled, the below fields will also be disabled:
|
Hide signature dialog at the time of signing | Enable this option to allow the users (who are associated with this role) to skip the signing dialogue box while performing the signature. The signing dialogue box will be hidden if :
|
Allow user to manage contact information | Enable this option to allow the enterprise users (belonging to this role) to view the "Contact Information" field on the signing dialog of signature, and set its value as required before signing. If you keep it deselected, this field will not be shown to the enterprise users on the signing dialogue box. In this case, the default set value will automatically be picked from the user's role upon signing, as highlighted below. |
Allow user to manage location | Enable this option to allow the enterprise users (belonging to this role) to view the "Location" field on the signing dialog of signature, and set its value as required before signing. If you keep it deselected, this field will not be displayed to the enterprise users on the signing dialogue box. In this case, the field value will be selected automatically from the default set value under the user's role settings upon signing. When this option is disabled from roles, then the signing location cannot be updated from the user's personal settings and will be shown as disabled in the user's settings. |
Bulk signing | Enable this option to allow the enterprise users (belonging to this role) to sign and share multiple documents with a single click. They can perform bulk signing from the document listing screen or the document viewer screen. If you keep it deselected, the bulk signing feature will not be available to the users belonging to this role. |
Restrict delegated signing to only registered users | Enable this option to restrict the enterprise users (belonging to this role) to only delegate signing to the registered users. If you keep it deselected, users belonging to this role can choose unregistered users as well for delegated signing. |
Allow user to manage signing reason | Enable this option to allow the users (belonging to this role) to view the "Signing Reason" field in the signing dialog of signature and set its value as required before signing. When 'Allow user to manage signing reason' is selected, there are following three options available further:
|
Manage Signing Reasons | Click the "Add a signing reason" button to add signing reasons. The specified reasons will then be available in the "Predefined" and "Fixed" fields for selection. When used in the Signature Appearance, Signing reason becomes a permanent part of the PDF signature and can optionally be displayed in the signed PDF document. To add a new signing reason, write it in the "Signing Reason" field and click the "Save" button. To delete a signing reason, select the signing reason and click "Delete" button from the right panel. |
SIGNING SERVER |
Keys location | Select the "Keys Location", which display the following options:
|
Signing server | The Signing Server list will display the available signing servers, based on your service plan configurations. You can choose to add a signature appearance to be used for the selected signing server. The "Signature Appearance" list will display the available signature appearances allowed in your service plan. If a signature appearance was set against this signing server in the service plan, it will be selected as the "Signature Appearance", by default. The user can choose to change the default "Signature Appearance" as per their requirements. If the user selects a signature appearance that includes a logo, the "Signature Logo" field will appear, allowing the user to upload a logo. The "Signature Logo" is an optional field. The uploaded logo will be used in the signature appearance when signing with this specific signing server. If a logo has not been uploaded, the system will use the "Signature Logo" configured in the "Branding" section. Only select a "Signature Appearance", if you want the users to use a fixed signature appearance while performing signatures with this specific signing server. If a signature appearance has not been selected, the system will allow the users to perform signing using the signature appearances allowed in the user role. |
Level of Assurance | List of level of assurances available for the selected server at the time of signing.
|
Default signature appearance | Select the default signature, for this server. The user will be able to modify it based on the role settings.
|
Signature Logo |
|
CAPACITIES |
Capacities | This screen lets you configure different "Signing Capacities" for each Level of Assurance. It enables a user to sign on multiple positions within an organisation. When configured, SigningHub creates multiple certificates for the user as per their allowed capacities in the service plan and categorized based on the allowed level of assurances that are configured in the service plan. The user can pick a desired capacity at the signing time and the related certificate will be used in their signature. Add the signing capacities as required for the enterprise user(s) belonging to this role, categorised as per level of assurance. The options available in the drop-down list are allowed in your service plan. If there is only one signing capacity then it will not be displayed in the signing dialog at the time of signing. Only the multiple signing capacities will be displayed in the signing dialog. You can select any one of these available capacities for signing. |
Default Signing Capacity | Select a capacity from the selected ones in this field that will be displayed as the default signing capacity to the user(s) while signing. In a scenario where one or more enterprise users can have the same signing capacities within your enterprise, create a specific role with the desired capacities and simply assign it to them. However, when each user has a different set of signing capacities, then create an exclusive role for each user and configure their signing capacities accordingly. |
AUTHENTICATIONS |
Authentications | This screen lets you select signing-time authentication methods separately for the role. The Levels of Assurance of the selected Signing Capacities are hierarchically grouped under Organization, User and SigningHub Admin. You can select signing-time authentication methods for each of them separately. |
Authentication Method | You can select authentication methods for SigningHub web and mobile apps against the relevant Levels of Assurance. The available authentication methods are subject to your Service Plan configuration. The selected method will be used as authentication method, when your enterprise users sign their documents through any web browser. You can configure both; public and private authentication profiles, under "Authentication Method". See the details of authentication methods below. In case of configuring Remote Authorised Signing (RAS), configure signing capacities for RAS in your Service Plan and "Authorisation via Mobile App" option will appear as Authentication Method for those capacities under 'Signing Capacities for Remote Authorisation (Owned by User). |
Secondary Authentication Method | Select another authentication method (i.e., Time based One Time Password, One Time Password or No Authentication) from the "Secondary Authentication Method" field. This method will be used in addition to the above mentioned authentication method, giving your enterprise users a provision to use a secondary authentication method at signing time. If a secondary authentication for signing through web browsers is not required, then select "No Authentication" from this field. |
The Enterprise Access Preferences tab lets you configure the account administration related SigningHub modules in a role. You can select your choice modules from the list to make them available to your enterprise users/ admins (registered with this role) for navigation. SigningHub supports granular access management along with their fine grained authorization, i.e. read, add/ edit, and delete access on different modules/ sub modules of the system.
Login with your enterprise admin credentials.
Click "Configuration" in left menu.
Choose "Roles" under People options in Enterprise Administration section.
Select the role to edit and click "Edit Role" in right panel. Role screen will appear for re-configurations.
Click "Enterprise Access Preferences". Select the user settings check boxes and their respective granular access as required.
Click "Save changes".
See the description in the "Enterprise Access Preferences" table below.
When you update a role in a production environment, the saved changes are available to the related users on their next login.
By default, the "Advanced Enterprise Reports" option will be disabled for all existing user roles.
The "Advanced Reports" will only be visible to the enterprise owner, and its child users (if the "Advanced Enterprise Reports" configuration is allowed against their role).
When you purchase an enterprise account of SigningHub, a default Enterprise Admin user is provided to you, having all the privileges and access in your SigningHub account. You can use the credentials of your Enterprise Admin to configure the role based granular access (i.e. read, add/ edit, and delete access on different modules/ sub modules of the system) for your enterprise users. You can even create multiple Enterprise Admins as required. When a new Enterprise is created, two roles will also be created in the Enterprise: Enterprise Admins and Enterprise Users. The Enterprise Users role is marked as "default", which means whenever a new user will be created in this Enterprise, the default role will automatically get assigned to the user. However, you can always modify which role should be the default. Remember, only one role can be marked as "default". In addition, you can also add new roles under this Enterprise. Read on to know what more you can do on this page. From here, you can manage (Add, Clone, Edit, and Delete) different roles and can assign them to your enterprise users and external users, in order to provide them custom access in the system. However you cannot delete a role, as long as it is assigned to any user within your enterprise or to external user of third party integration.
Login with your enterprise admin credentials.
Click "Configuration" in left menu.
Choose "Roles" under People options in Enterprise Administration section.
Click "Add Role" button.
Add a New Role dialogue will appear. Provide name and description and click "Add role" button to continue.
Fill in all the information in the respective sections.
Click "Save changes" button. Now assign this role to your enterprise user to give them configured access, see Manage your enterprise users.
Login with your enterprise admin credentials.
Click "Configuration" in left menu.
Choose "Roles" under People options in Enterprise Administration section.
Select the desired role and click "Mark Default" button in right panel.
Login with your enterprise admin credentials.
Click "Configuration" in left menu.
Choose "Roles" under People options in Enterprise Administration section.
Select the desired role and click "Clone" button in right panel.
"Clone Role" dialogue will appear. Specify name of the clonal role and its description as required. The clonal role name must be different than the original role name. If you want to make the clonal role as default in your enterprise, tick the "Mark default" check box. SigningHub assigns the default role to those enterprise users, for which Enterprise Admin did not specify any role. The default role is also automatically selected when inviting the enterprise users.
Login with your enterprise admin credentials.
Click "Configuration" in left menu.
Choose "Roles" under People options in Enterprise Administration section.
Select the desired role and click "Edit" button in right panel.
Role screen will appear. Edit the required tabs and click "Save changes".
Login with your enterprise admin credentials.
Click "Configuration" in left menu.
Choose "Roles" under People options in Enterprise Administration section.
Select the desired role and click "Delete" button in right panel. Please note, you cannot delete a role that is assigned to any user within your enterprise or in third party integration.
Click "Delete" on confirm dialogue.
As a security consideration, always assign least privileges to a default users role. SigningHub assigns the default role to those enterprise users, for which Enterprise Admin did not specify any role. Similarly, the default role is automatically selected when inviting the enterprise users. ​
When you update a role, the saved changes are available to the related enterprise users on their next login.
You cannot downgrade all the Enterprise Admins to Enterprise Users. SigningHub will ensure that at least one Enterprise Admin must be under Enterprise Admin role to manage all the account related configurations.
| Fields | Description |
|---|---|
| Fields | Description |
|---|
Certify with no changes
Select this option to disallow any changes to the document after the Certified Digital Signature has been applied. The recipients will not be able to add any annotation to the document, fill out PDF forms, or include additional signatures. This option is intended for documents requiring only one signature.
Certify with form filling and signing
Select this option to allow the recipients to only fill in PDF forms, and sign empty signature fields after the Certified Digital Signature has been applied. They will not be able to add any new annotations to the document. This option is intended for documents requiring one or more signatures.
Certify with form filling, signing and annotations
Select this option to allow the recipients to fill in PDF forms, sign empty signature fields, and add annotations to the document after the Certified Digital Signature has been applied. This option is intended for documents requiring one or more signatures.
Enterprise profile management |
Users |
Roles management |
Groups |
Templates |
Library |
Electronic Seals |
Notifications |
Billing |
Application integrations |
Branding |
Reports | Select this option to allow the reports viewing access in a role. This will enable the "Reports" tab under the "Enterprise Settings" option for the enterprise users/ admins belonging to this role. |
Documents |
Logs |
Advanced settings |
Select this option to allow the enterprise profile configuration access in a role. This will enable the "" tab under the "Enterprise Settings" option for the enterprise users/ admins belonging to this role. Also the users with this access can be marked as enterprise account owner, as they will be listed in the "Account Owner" tab of Enterprise>Profile for selection.
Select this option to allow the enterprise users management access in a role. This will enable the "" tab under the "Enterprise Settings" option for the enterprise users/ admins belonging to this role, see details.
Select this option to allow the enterprise roles management access in a role. This will enable the "" tab under the "Enterprise Settings" option for the enterprise users/ admins belonging to this role, see details.
Select this option to allow the enterprise groups management access in a role. This will enable the "", "", and "" tabs under the "Enterprise Settings" option for the enterprise users/ admins belonging to this role.
Select this option to allow the enterprise templates management access in a role. This will enable the "Templates" tab under the "Enterprise Settings" option for the enterprise users/ admins belonging to this role, see .
Select this option to allow the enterprise documents library management access in a role. This will enable the "Library" tab under the "Enterprise Settings" option for the enterprise users/ admins belonging to this role, see .
Select this option to allow the use of electronic seals in a role. This will enable the "Electronic Seals" tab under the "Enterprise Settings" option for the enterprise users/ admins belonging to this role, see .
Select this option to allow the enterprise emails configuration access in a role. This will enable the "Notifications" tab under the "Enterprise Settings" option for the enterprise users/ admins belonging to this role, see .
Select this option to allow the enterprise billing configuration access in a role. This will enable the "Billing" option under the profile drop down for the enterprise users/ admins belonging to this role, see .
Select this option to allow the 3rd party integrations access in a role. This will enable the "Integrations" tab under the "Enterprise Settings" option for the enterprise users/ admins belonging to this role, see .
Select this option to allow the enterprise branding configuration access in a role. This will enable the "Branding" tab under the "Enterprise Settings" option for the enterprise users/ admins belonging to this role, see .
Select this option to allow the enterprise documents managing access in a role. This will enable the "Documents" tab under the "Enterprise Settings" option for the enterprise users/ admins belonging to this role, see .
Select this option to allow viewing enterprise related activity logs in a role. This will enable the "Logs" tab under the "Enterprise Settings" option for the enterprise users/ admins belonging to this role, see .
Select this option to allow the advanced configuration access in a role. This will enable the "Advanced" tab under the "Enterprise Settings" option for the enterprise users/ admins belonging to this role, see .
