When the documents are shared on the web with other users, it's important to upscale the security levels to prevent fraudulent attempts and bad actors from compromising your document security. SigningHub provides you with three methods that can be configured for either individual or all recipients collectively:
Access duration - to allow document access only for a specified duration
Access authentication - to authenticate the recipient through a specified password, a One-Time Password or a Time-based One-Time Password when attempting to access the document
Signing authentication - to authenticate the recipient through a One-Time Password or a Time-based One-Time Password when attempting to sign the document
In case the authentication/validation fails in any of the above scenarios, the recipient will be restricted from accessing/signing the document. By default, these document security features are disabled for a new workflow. You can always enable them as required before sharing.
In the following cases, the "Document Signing Authentication" option is not available on the "Set Access Security" dialog:
For the recipients of type "Reviewer", "Editor" or "Send A Copy"
Considering the screenshot scenario, the document will be accessible only from October 31, 2024, 12:57:00 to November 08, 2024, 12:57:00 for processing. The document will be considered declined if it is not processed within this period.
Considering the screenshot scenario, the document will be accessible for the next 10 days after receiving it. The document will be considered declined if it is not processed within this period.
Considering the screenshot scenario, the recipient will have to provide this (specified) password to access and process the document.
Considering the screenshot scenario, an OTP will be sent to the email address and specified mobile number of recipient, whenever he attempts to access the document. He must provide the received OTP to access and process the document.
Considering the screenshot scenario, the recipient will be prompted to provide the Time-based One-Time Password whenever they attempt to access the document.
Considering the screenshot scenario, an OTP will be sent to the email address and specified mobile number of recipient, whenever he attempts to sign the document. He must provide the received OTP to sign the document.
Considering the screenshot scenario, the recipient will be prompted to provide the Time-based One-Time Password whenever they attempt to sign the document.
A document owner can edit recipient permissions even after the document has been shared with the recipients. However, if a read-only template has been used, the document owner won't be able to edit recipient permissions after sharing the document.
In the service plan, if under "Enable One Time Password (OTP)", the "Email OTP" was checked and the "SMS OTP" was unchecked, and the document owner shared the workflow with either the "Document Access Authentication" and/or "Document Signing OTP Authentication" but before the recipient could process the document, under "Enable One Time Password (OTP)", "Email OTP" was unchecked and the "SMS OTP" was checked, the system will prompt an error and the recipient will be unable to access the document. In this case, the recipient should ask the document owner to configure the recipient's mobile number in the "Set Access Security" dialogue box of the shared workflow.
The recipient is a Group signer
One-Time Password (OTP) and Time-based One-Time Password options are disabled in the service plan
In the "Mobile Number" field, enter the recipient's mobile number on which the OTP will be sent via SMS. The full international number must be entered in the 00 44 234334334 or +44 234334334 format. By default, the specified mobile number is displayed partially masked to comply with the GDPR policy. Click the 'Eye' icon to view the complete number.
If the recipient's mobile number exists in the user's personal or enterprise contacts, the "Mobile Number" field will be auto-populated with the mobile number.
For the currently logged-in user, in case two different mobile numbers have been configured in the user's profile and the user's contacts, the system will auto-populate the "Mobile Number" field with the number configured in the user's profile.
When the delivery method is either "SMS" or "Email & SMS", the provided mobile number in case of a guest user, will be auto-populated in the "Mobile Number" field.
The following rules will be followed for initiating the OTP process:
The system will initiate when the recipients attempt to sign a signature field, and will not initiate the OTP process when the recipient attempts to mark an Initials field.
Even if Document Signing OTP Authentication is configured, the OTP process will fail to initiate in case the signer is performing Bulk Sign.
When the recipient is a registered user and attempts to sign a signature field, the system will follow the OTP authentication settings (including mobile number) as configured by the document owner via the "Document Access Security" dialogue box.
In case the OTP authentication is not configured by the document owner, the system will follow the OTP authentication settings configured in the Enterprise Role while using the mobile number specified on the user's "My Settings" page.
In case OTP authentication is not configured in the Enterprise Role or Service Plan, then the OTP process will not initiate.
When the recipient is a guest user and attempts to sign a signature field, the system will follow the OTP authentication settings (including the mobile number) as configured by the document owner via the "Document Access Security" dialogue box.
In addition, even if the OTP authentication is configured in the Enterprise role, the OTP process will still not initiate.
This OTP authentication option will only be displayed if the "Enable One Time Password (OTP)" option is enabled in the document owner's service plan. If you cannot find this option in your account, upgrade your service plan.
The OTP method for "Document Signing OTP Authentication" will be the same as per the configured OTP method in the document owner's service plan.
"(Email)", in case only "Email OTP" is configured in the service plan
"(SMS)", in case only "SMS OTP" is configured in the service plan
"(SMS and Email)", in case both "Email OTP" and "SMS OTP" are configured in the service plan
The Time-based One-Time Password option will only be displayed if the "Enable Time-based One-Time Password (TOTP)" option is enabled in the document owner's service plan. If you cannot find this option in your account, upgrade your service plan.
If the user does not have two-factor authentication (2FA) configured, they will be prompted with a 'Configure Two Factor Authentication' dialogue to set up and provide a Time-based One-Time Password. If the user has already configured two-factor authentication (2FA) they will be prompted to provide the Time-based One-Time Password from the authenticator app configured on their mobile device.
To configure the two-factor authentication (2FA) the user will need to install an authenticator app (Google Authenticator, Microsoft Authenticator, etc.) on their mobile device. The 'Configure Two-Factor Authentication' dialogue shown to the user will contain:
QR Code
Manual Key
Recovery Codes
To set up two-factor authentication (2FA), the user can either scan the QR code or manually enter the Manual Key into an authenticator app. After successful registration, the user must provide the Time-based One-Time Password (TOTP) generated by the app to proceed in SigningHub. A set of recovery codes is also provided in the configuration dialog, which can be used in place of a TOTP to regain access if the user loses access to their mobile device. Each recovery code is valid for one-time use only, and it is strongly recommended to store them in a secure location. Users can regenerate a new set of recovery codes anytime from the . If an enterprise user loses access to both their mobile device and recovery codes, or has used all of them, they can contact their enterprise administrator to for their account.
If the "Set Document Access Authentication for all recipients" option is selected against the document owner's user role, the document owner will not be allowed to share the workflow until "Document Access Authentication" is set for all the recipients in the workflow.
If the "Set Document Signing Authentication for all recipients" option is selected against the document owner's user role, the document owner will not be allowed to share the workflow until "Document Signing Authentication" is set for all the recipients in the workflow.
The option to configure "Recipient Permissions", Document Access Security", Auto Reminders", and Email Reminders" is not available for an electronic seal which has been added to the workflow.
Access duration
Select the check box to allow document access only for a specified duration for the selected or all recipients. You can specify the access duration via a specific date and time or a number of days. On enabling the toggle shown in the image below, the following options will be displayed:
Based on dates Set a specific form and till date/time for a recipient to access the document. The recipient will not be able to access the document beyond this duration. If the document is not processed within the specified time, the document will be considered declined.
Based on days Set a number of days in which a recipient can sign the document after receiving it. The recipient will not be able to access the document after this duration. Also if the document is not processed within the specified days, the document will be considered declined.
Access authentication
Enable the toggle to enable recipient authentication through a specified password or an OTP when attempting to access the document. The following options will be displayed:
Shared password Set a password that the recipient would need to provide in order to access the document. While typing in a password, the Password Policy will be displayed. SigningHub will allow you to specify a password that complies with the given Password Policy. Password Policy will be configured at the Enterprise level or Administrator level according to account type.
One-Time Password (SMS & Email) This option will let the document owner send an OTP to the recipient that will used for recipient authentication. Whenever the recipient tries to open this document an OTP will be sent to the recipient's email, mobile number, or both depending upon the document owner's service plan configuration. When the service plan allows "SMS OTP", a field to specify the mobile number of a recipient to send an OTP will be displayed. The document will be accessible only upon providing the correct OTP. By default, the specified number is displayed partially masked to comply with the GDPR policy. Click the 'Eye' icon to view the complete number.
Time-based One-Time Password This authentication option will let the recipient access the document after they have entered the Time-based One-Time Password. Whenever the recipient tries to open this document they will be prompted to enter the Time-based One-Time Password from the authenticator app configured on their mobile device. In case the recipient has not configured two-factor authentication (2FA), upon trying to access a document that requires Time time-based One-Time Password, they will be prompted with a 'Configure Two Factor Authentication' dialogue to set up and provide a Time-based One-Time Password. The document will be accessible only upon providing the correct Time-based One-Time Password.
Signing authentication
Enable this option to enable recipient authentication through the OTP process when attempting to sign the document. On enabling the toggle shown in the image below, the following options will be displayed:
One-Time Password (SMS & Email) This option will let the document owner send an OTP to the recipient that will used to sign authentication. Whenever the recipient tries to sign this document an OTP will be sent to the recipient's email, mobile number, or both depending upon the document owner's service plan configuration. When the service plan allows "SMS OTP", a field to specify the mobile number of a recipient to send an OTP will be displayed. The document will be signed only upon providing the correct OTP. By default, the specified number is displayed partially masked to comply with the GDPR policy. Click the 'Eye' icon to view the complete number.
Time-based one-time password This authentication option will let the recipient sign the document after they have entered the Time-based One-Time Password. Whenever the recipient tries to sign this document, they will be prompted to enter the Time-based One-Time Password from the authenticator app configured on their mobile device. In case the recipient has not configured two-factor authentication (2FA), upon trying to sign a document that requires Time-based One Time Password, they will be prompted with a 'Configure Two Factor Authentication' dialogue to set up and provide a Time-based One-Time Password. The document will be signed only upon providing the correct Time-based One-Time Password.
Save
Click to save the information entered on the dialog.
Cancel
Click to discard the information entered on the dialog.
SigningHub has various workflow privileges that can be assigned to selected recipients:
- to define user access, modification, delegation rights and legal notice.
- to define document passwords or OTP-based access and allowed dates/ times.
Post-processing - to choose contacts and/ or cloud drives for sending copies of completed documents.
After configuring the special privileges, click the "Continue" button to proceed to the Fields screen.
SigningHub lets you configure special privileges in a template for each recipient in all workflow types, including the 'Individual' workflow type.
The option to configure 'Recipient Permissions', 'Document Access Security', 'Workflow Reminders', and 'Email Reminders' is not available for an electronic seal which has been added to the workflow.
SigningHub lets you configure certain recipient-related permissions in a workflow. In this regard, you can separately set permissions for document printing access, downloading access, adding text fields, adding document attachments and merging provision, changing recipient/ placeholder privileges, and/ or configuring legal notice for each recipient.
The system might show some pre-selected permissions as laid out in your default enterprise settings. You may change the default behaviour as required before sharing.
Click the "Permissions" button against the recipient/placeholder, for whom you want to set permissions.
From the "Recipient Permissions' dialogue box, select the check boxes, as required. See the 'Recipient permissions' table above for details.
Click the 'Save' button.
The option to configure 'Recipient Permissions', 'Document Access Security', 'Workflow Reminders', and 'Email Reminders' is not available for an electronic seal which has been added to the workflow.​
A document owner can edit recipient permissions even after the document has been shared with the recipients. However, if a read-only template has been used, the document owner won't be able to edit recipient permissions after sharing the document.
Allow users to apply AI to documents
Use this option to enable this recipient/placeholder to apply Artificial Intelligence (AI) features on the shared document(s) during the workflow.
By enabling this feature, you agree that the document content may be securely transmitted to third-party Artificial Intelligence (AI) service providers for processing. The information will be used solely to provide AI-powered features and will not be shared with unauthorised parties. By proceeding, you consent to this transfer and processing. Please refer to the Privacy Policy for more details.
Legal Notice
Use this option to set a legal notice for this recipient/placeholder to agree before signing the shared document(s). Your personal (and enterprise in the case of an enterprise user) legal notices will be listed in the drop-down for selection. Use to 'eye' icon to preview the selected legal notice. This option will appear only if at least 1 legal notice exists.
The 'Allow users to apply AI to documents' option will not be available if Artificial Intelligence (AI) is not allowed in the document owner's role.
Allow document printing
Use this option to enable this recipient/placeholder to print the shared document(s).
Allow document downloading
Use this option to enable this recipient/placeholder to download the shared document(s), and attachment(s).
Allow text addition to the document
Use this option to enable this recipient/placeholder to add text fields in the shared document(s) during the workflow. The added text will become a permanent part of the PDF document.
Allow document attachments and merging
Use this option to enable this recipient/placeholder to manage (add and remove) document attachments, and also merge other PDF documents with the shared document(s) during the workflow. If you keep this check box unticked, the recipient/placeholder will not be able to add their own or remove the existing attachments.
Allow preview of document attachments
Use this option to enable this recipient/placeholder to preview the added document attachments and field attachments in the attachment preview dialogue box.
Allow changing of recipients
Use this option to enable this recipient/placeholder to replace themself (i.e. Delegate another user) or change other configured recipients/ placeholders during the workflow. A recipient must have this permission in order to update the placeholders with the actual recipients. Note: For a document owner who is a part of any enterprise, and looking to permit their recipient to replace themself (i.e. Delegate other user) or change other configured recipients/ placeholders with even a guest user, they must have the 'Restrict Delegated Signing to only registered users' option un-selected in their assigned role.
To keep the approval process on time, SigningHub allows you to configure auto reminders for the recipients who may forget to timely respond to your workflow. A reminder is the original email notification that is resent to the recipient(s) when they don't sign a document by a certain (configurable) period. You may also send manual reminders later anytime to any recipients, during a workflow execution. SigningHub might show some pre-defined reminders as laid out in your default enterprise settings, see details. You may change the default settings as required before sharing.
Click the 'Reminders' button against the user you want to set a reminder for.
A dialog will appear, enable the "First Remind" toggle and specify the number of days/hours after which this reminder needs to be sent. SigningHub will start the days/hours count after the recipient has received the workflow package.
If you want to configure the subsequent reminders as well, enable the "Subsequent Reminders" toggle. Specify the number of days/hours in the "Continue to Remind Every" field after which SigningHub will continue sending reminders, and specify the total number of reminders to be sent in the "Total Subsequent Reminders" field.
Click the "Save" button. Considering the screenshot scenario, SigningHub will send a reminder to the recipient thrice;
First Reminder: 1 day after the workflow is received.
Second Reminder: 2 hours after the first reminder.
The option to configure "Recipient Permissions", Document Access Security", Auto Reminders", and Email Reminders" is not available for an electronic seal which has been added to the workflow.
Irrespective of the reminder permissions configured in the workflow, the reminders shall be sent based on the configuration of the "Send Reminder Notification Time" thread in the core settings in SigningHub Admin.
SigningHub allows you to configure the language for email notifications that provide the ability to send documents for signature in the native language of global users. These notifications are specifically associated with Document Shared, Sign-off Reminder, Document Recalled, and Send a Copy emails, and are used to intimate their recipients. The configured settings from here will apply to guest users only.
This option is available only if
The document is in draft mode
The recipient is a guest user
Allow Change of Language by Users is enabled in Global Settingsunder SigningHub Admin
Click the "Email Language" button against the recipient you want to set the language for.
A dialog will appear to select the language from the drop-down, document owner's language will be selected by default.
Click the "Save" button.
The option to configure "Recipient Permissions", Document Access Security", Auto Reminders", and Email Reminders" is not available for an electronic seal which has been added to the workflow.
SigningHub gives you the option to configure your workflow to send a copy of the completed document(s) to your choice contacts. This could be useful when a workflow document has multiple owners, and/ or each stakeholder wants to have the final document copy after being signed by all the recipients/ placeholders. You can also configure SigningHub to send the completed documents to your cloud drives to save the allowed storage space of your SigningHub account.
Click on the 'Post-processing' button.
The 'Post Processing' dialogue box is displayed. Toggle on the required post-processing option.
The post-processing feature is a powerful automation feature and covers a variety of scenarios. One of the important scenarios is when you need to send the completed document to all recipients and other people who haven't registered on SigningHub yet but also need to see the completed document. To achieve this, you simply need to select both the check boxes and configure the settings accordingly. The system will, upon completing the document, send an email to all the recipients in the workflow package as well as to the selected contacts and provided email addresses. In addition, if you have enabled a cloud drive, it will upload the completed document to the enabled cloud drive also.
From the "Post Processing" dialogue box, turn on the "Send the document processing report (XML)" toggle. This will option allows the document processing report (XML) to be sent, for a workflow. By default, this option will be allowed for all new workflows. The document processing report (XML) will contain information about the actions as allowed in the enterprise settings or the integration settings.
The "Send the document processing report (XML)" check box will only appear for enterprise users.
Irrespective of the enterprise settings or the integration settings, the document processing report (XML) will only be sent if the "Send the document processing report (XML)" option is allowed, in post-processing. By default, the "Send the document processing report (XML)" option will be allowed for all new workflows.
From the "Post Processing" dialogue box, turn on the 'Send the completed document to all recipients' toggle.
If the "Enforce post-processing to send the completed document to all recipients" option is enabled in the user role settings, the document owner will not be able to share the document without setting the "send the completed document to all recipients" post-processing option.
If the "Send the completed document to all recipients" enterprise default setting is checked, the "Send the completed document to all recipients" option in post-processing will be checked, by default, for all workflows created by users belonging to the enterprise.
From the "Post Processing" dialogue box, turn on the "Send the completed document to selected contacts" toggle.
Under the "Send via email" tab, select a contact from the drop-down or enter an email address. In case no contact is found against the provided email address, you can click the 'Plus' icon to add them to SigningHub's contacts list on the fly.
You can update the names of the recipients by using the edit button next to the corresponding contact. This will display the "Edit Recipient" dialogue box as shown in the image below.
You may also delete the contacts by using the 'Delete' icon next to the corresponding contact.
Click the "Save" button. The information entered in the dialogue box is saved for the workflow package.
