E-signature
Overview
An e-signature is required to authenticate a user identity to undertake an approval decision in the Quality Management System workflow.
Each user needs one of
their mobile device with a 2 Factor authentication app (for example, Authy, Google Authenticator, 1Password, Microsoft Authenticator)
desktop authenticator app, for example, Authy
browser extension such as the Google Chrome extension Authenticator.cc
The user also needs the email address that they use to login to Confluence.
A time-based token generated by the authentication app is required each time the user needs to approve a page that requires an e-signature.
Global administrators can reset existing valid setup tokens for a user and amend the signing token expiry date.
E-signature process and approval signing token in the Quality Management System workflow
The compliance review Quality Management Systems (QMS) workflow requires users to use their email and a signing token to confirm their identity when registering an approval. The workflow requires e-signature authentication for all reviewers in both the Draft and the In Approval states.
Users need a one-time signing token to digitally sign their documents. Users enter a signing token along with their email address.
The first time a user is asked to electronically sign a Confluence page, a Setup a personal code link is displayed.
The approval decision buttons are disabled until the reviewer sets up the personal code and then adds their email and personal code token to the workflow popup.
Each approval signing token generated by the app is temporary and expires quickly (less than a minute).
If a user navigates away from the content with an approval activated but not undertaken, a new signing token is required on returning to the page to activate the approval.
When the review is undertaken it is logged as electronically signed.
OTP Token
To activate each approval in the Quality Management System workflow, the e-signature process requires the user to add their email and the current signing token generated by the authenticator app.
The token is generated by a third-party app installed on your smartphone or device.
Authentication app setup
When the first-time user chooses the set up a personal code link, the user is asked to set up an authentication app:
installation of an authenticator app (Authy, Google etc) on the smart device
linking the authenticator app to the instance using an email-generated QR code link
addition of an app-generated numeric token to confirm the setup for the specific user in the current instance
The authenticator app generates a new valid numeric signing token every 30 seconds.
Once set up, each approval requires a numeric signing token from the authenticator app to activate the approval for the user.
Related Links