The tab lets you configure basic information as well as authentication settings. Basic information consists of role name, description and whether it'll be default for new users or not. The Login Authentication lets you configure a private authentication method in a role. This method is specifically used for the login authentication of your enterprise users, and will not be available to public users under the "More Login Options" link of login screen. At the time of login, SigningHub will check the IDs of your enterprise users and allow them to only authenticate themselves through the private method configured in their role. However they can also login by using "More Login Options" link, if you allow them to use public authentication methods.
Login with your enterprise admin credentials.
Click "Configuration" in left menu.
Choose "Roles" under People options in Enterprise Administration section.
Select the role to edit and click "Edit Role" in right panel. Role screen will appear for re-configurations.
Click "Basic Information". Configure the basic information as required.
Click "Save changes".
See the description in the "Basic Information" table below.
Login with your enterprise admin credentials.
Click "Configuration" in left menu.
Choose "Roles" under People options in Enterprise Administration section.
Select the role to edit and click "Edit Role" in right panel. Role screen will appear for re-configurations.
Click "Basic Information". Configure the authentication settings as required.
Click "Save changes".
See the description in the "Authentication Preferences" table below.
When you update a role in a production environment, the saved changes are available to the related users on their next login.
A private authentication profile is the one that is exclusively used for corporate logins and is not available to the end users (public) on their Login screen and Integration screen of SigningHub Desktop Web.
The availability of private authentication profiles, is subject to your subscribed service plan. If you cannot find this option in your account, upgrade your enterprise service plan. The availability of Time based One Time Password, and One Time Password as a secondary authentication method is subject to your subscribed service plan.
Once the enterprise administrator enforces Time based One Time Password as a secondary authentication method on to a role, and a user under that role does not have two factor authentication (2FA) configured at the time of login, they will be sent an email to set up and to provide a Time based One Time Password. If the user has already configured two factor authentication (2FA) they will be prompted to provide the Time based One Time Password from the authenticator app configured on their mobile device.
To configure the two factor authentication (2FA) the user will need to install an authenticator app (Google Authenticator, Microsoft Authenticator, etc.) on their mobile device. The email sent to the user to configure two factor authentication (2FA) will contain:
QR Code
Manual Key
Recovery Codes
To set up, the user can either scan the "QR Code" or manually input the "Manual Key" in the Authenticator app. Once the registration is successful, the user can provide the automatically generated Time based One Time Password from the Authenticator app to SigningHub in order to proceed. The list of recovery codes included in the configuration email can be used in place of a Time based One Time Password, once each recovery code, to regain access to your SigningHub account, in case you lose access to your mobile device. It is advised to save the recovery codes in a safe place. The user can however, regenerate a new list of the recovery codes from the Manage Two Factor Authentication (2FA) option. In case enterprise user loses access to your mobile device and recovery codes, or have used all of the recovery codes, you can ask your enterprise admin to reset the two factor authentication (2FA) against your account.
| Field | Description |
|---|---|
| Field | Description |
|---|---|
Role name
Name to be displayed for the role.
Description
Description for the role.
Default
Enable if you want to make it default for new users.
Default Authentication Method
Field to select a private authentication profile for the enterprise users belonging to this role. The drop down will show the list of authentication methods that are allowed in your service plan. When selected, the enterprise user will have to enter their registered ID in the login screen, SigningHub will read their ID and will automatically open the configured (private) authentication method (i.e. SSL authentication, Microsoft Active Directory, Salesforce, Google, etc.) screen for their authentication. Select the "None" option to disable the private authentication for this role. In this case SigningHub will let your enterprise users to use any public authentication from the "More Login Options" link of login screen.
Allow public authentication methods
Tick this check box to allow the enterprise users of this role to either use any public authentication method from the "More Login Options" link of login screen, or use the set private authentication method above to authenticate themselves. In this way they will have the option at the login time, whether to get themselves authenticated via any public authentication method or through the set private authentication method. If you leave this check box unticked against a configured private authentication method, the "More Login Options" link of login screen will be inaccessible to the enterprise users of this role.
Secondary Authentication Method
Field to enforce the enterprise users of this role, to use a secondary authentication method in conjunction with any of the private/ public authentication method. The drop down will show the list of secondary authentication methods that are allowed in your service plan i.e. One Time Password or Time based One Time Password. The enterprise users of this role will have to first provide the correct credentials of private/ public authentication method, and then based on their selected option, provide either:
One Time Password: An OTP will be sent on their mobile devices. The mobile number of an enterprise user on which the OTP is required to send, can be added in their personal profile, see details.
Time based One Time Password: The TOTP from the configured authenticator app on their mobile devices. The two-factor authentication (2FA) can be configured by the user in their personal profile.
Select the "None" option to disable the secondary authentication method for this role.
