SigningHub gives you an option to use your Microsoft Azure Active Directory credentials to log into SigningHub. In this case, you don't even need to have a SigningHub ID, as your Azure Active Directory account will be used for SigningHub authentication. However, logging in through your Azure Active Directory credentials for the first time, will take you to the registration screen and display your Azure Active Directory (email address) for new registration. After registration, you can easily log in through your Azure Active Directory credentials.
However, if the "Automatically register the users" is enabled from the "Auto Provision Users" screen, and an Azure Active Directory has been selected as an Authentication Profile, then the registration screen will not be displayed, as the provisioned Azure Active Directory users from there will be automatically registered and activated in SigningHub.
Go to the SigningHub login screen.
Click the "More Login Options" link available at the bottom of the login screen. A dialogue box will appear listing all the supported authentication methods.
Click the "Azure AD" option. The Microsoft Azure Active Directory app will appear in a popup.
Specify your Microsoft Azure Active Directory ID and password in the app.
In order to make your Azure Active Directory application running, you need to manually update a property on the Azure Portal under the application's manifest.
For this:
Click Manifest at the left pane describing your app.
Click the "Sign in" button. You will be authenticated into SigningHub.
Click "Save" to save the modified manifest.
Click "Save" to save the modified manifest.
As a part of GDPR compliance, the "Service Agreement" dialogue box will appear after successful user authentication. This dialogue box contains the links to the "Terms of Service" and "Privacy Policy" pages. SigningHub will ensure that you agree to them before letting you use your account.
The "Service Agreement" dialogue box will not appear after successful user authentication if no Service Agreement is marked active.
When using an on-premises installation of SigningHub and this is the only configured authentication for the end-users, then you won't need to click the "More Login Options" link to choose it. In that case, this authentication method will be invoked by default on the Login screen.
Users cannot log in to SigningHub if their account is disabled, marked as dormant, or temporarily locked due to multiple invalid login attempts.
If the "Restrict users from editing fields" option is enabled in the user's role and the user is provisioned through Azure Active Directory or via SCIM provisioning through Azure Active Directory, any mismatch between their job title and or company in Azure Active Directory and SigningHub's Personal Configurations will result in the values from Azure Active Directory being mapped onto SigningHub, except when the values in Azure Active Directory are empty or null.
SigningHub gives you an option to pre-authorize users in your Azure Active Directory so that they may serve as your registered enterprise users. In this way, your enterprise users can use their Directory credentials (i.e. organizational domain user ID and password) for SigningHub authentication, and won't even need to create their SigningHub IDs.
Configure an Azure Active Directory connector in SigningHub Admin.
Configure the connector in an authentication profile, in SigningHub Admin.
Configure auto provisioning in SigningHub Web.
Configure a security group for auto-provisioning.
Make the following configurations to a connector in SigningHub Admin:
In the "Basic Information" section, choose "Azure Active Directory" as the "Provider".
In the "Details" section, fill in the required fields.
Make the following configurations to an authentication profile in SigningHub Admin:
Select the Azure Active Directory Connector created earlier, in the 'Connector' field.
To see in detail, how to pre-authorise users in SigningHub, .
Make the following configurations in the "Users" tab in SigningHub Web:
In the "Auto Provision Users" section, check the "Automatically register the users" check box and select the "Authentication Profile", created earlier. Click the "Save" button.
SingingHub also allows you to give role-based access to SigningHub (i.e. Enterprise Admin, Enterprise Users, etc.) at the Security Group level.
Make the following configurations to a security group in SigningHub Web:
For the security group, add the name and role of the security group.
Logging in through your Azure Active Directory credentials for the first time, will take you to the registration screen and display your Azure Active Directory (email address) for new registration. After registration, you can easily login through your Azure Active Directory credentials. However, if the "Automatically register the users" check box is ticked from the "Auto Provision Users" screen, and an Azure Active Directory has been selected as an Authentication Profile, then the registration screen will not be displayed, as the provisioned Azure Active Directory users from there will be automatically registered and activated in SigningHub.
From the "More Login Options" option, select Azure Active Directory.
Provide your Azure Active Directory credentials.
The following login preferences will be followed when logging into SigningHub Web via Azure Active Directory:
Auto-provision the users at login
In case specific authorised security groups in were allowed in the authentication profile, only the security groups will appear in the "Security Group" drop down.
Yes, the security group exists.
Yes, the mapping for the security group exists.
In case the user was already registered, the system will log in the user as per the assigned role.
In case the user was not already registered, the system will register, auto activate, and log in the user as per the assigned role.
Yes, the security group exists.
No, the mapping for the security group does not exist.
In case the user was already registered, the system will log in the user as per the default role.
In case the user was not already registered, the system will register, auto activate, and log in the user as per the default role.
No, the security group does not exist.
N/A
The system will throw an error and will not allow auto-provisioning.
