Setting up an approval signing token
- Robert Alexander Marshall
Overview
E-signatures for reviewers are required for approvals in the Quality Management System workflow.
Setting up the approval signing token for the e-signature first time requires a few special steps
adding an authentication app to your smart device
initializing the signing token for the user for Comala Document Control approvals by adding a new authentication account to the app
generating a token from the linked authenticator app
Add the authentication app to your smart device
Download and install a 2 Factor Authentication (2FA) app through your device app store. Here are some possible examples:
Android: Authy, Google Authenticator, 1Password
iPhone: Authy, Google Authenticator, 1Password
You may already have an app installed if you have 2FA for other internet sites.
If you are already using 2FA for Confluence login, this is not the same.
A new authentication account needs to be added to the app that is just used for Comala Document Control approvals.
The first time a user is required to approve content in the QMS workflow, they aree required to initialize the signing token to create their authentication account in the authentication app.
Initialize Signing Token
The very first time a user is expected to approve a page, they are asked to set up a personal code.
The two-step setup process is shown.
You must first download and install the 2FA app on your smart device.
the approval signing token is generated using one of several different apps such as Google Authenticator available from Google Play and Apple App Store
the authentication client must be installed and linked to your email for the Confluence instance
Once the 2FA app is installed on your device
add your email address to Step 2 in Comala Document Control signing token setup dialogue box
choose Validate to generate a confirmation email with a link that allows you to set up the authentication app installed on your device
There is an option to resend this email if required.
To validate your email address choose the Go to approval signing token settings link in the email.
The link for the email validation is time-limited to 15 minutes. After this period a new validation email is required.
The link returns you to the instance. A QR code is displayed to use for the signing token setup using the authenticator app installed on your smart device.
use of this QRCode or key is time-limited to 30 minutes
a key is also shown for the manual set up of the authenticator app
To initialize the approval signing token, the QRCode must be scanned to your smart device authenticator app. This will generate an authentication account specific to the user email and Comala Documentation Control.
Adding the approval signing token account to the authenticator app
The QR code will be used by the authenticator app to set up the authentication account linked to the user and the Confluence instance.
A numeric signing token will be generated by your authentication app using the QRCode. This signing token is specific to the content review and will be different to any 2FA token you may use for access to your Confluence instance.
Scan the QRCode generated to your authenticator app.
Choose the account details (such as logo or name, if appropriate).
Choose Save.
note the six-figure numeric signing token
the approval signing token is renewed every 30 seconds by the authenticator app
Add the approval signing token to the Comala Document signing token setup dialogue box.
Choose Validate.
signing token creation date for the setup and the expiry date are displayed
Confluence administrators can reset the need to initialize the signing token
Setting up approval signing token through the workflow report
An individual user can set up the signing token through the Document Report.
Select Document Report in the sidebar.
Choose the E-signature token setup link.
If the signing token setup is complete and valid, the link displays confirmation.
If there is no valid token setup, the link displays the signing token setup dialogue box.
Once set up for a user, new numeric signing tokens are generated every 30 seconds by the authentication app.
With e-signature set up, when the user undertakes an approval
the numeric signing token displayed by the authentication app is required to activate the content review
the e-signature credentials are checked when the approve or reject decision is made
Navigating away from the popup and returning later may require a new 6-figure numeric token generated by the authentication app.
Using an approval signing token to activate the review
In the content review workflow popup add your email address and the current authenticator app generated signing token displayed on your smart device.
If the signing token and email are accepted, the popup content review buttons become active for that user.
The content review for the In Approval state also requires an e-signature.
If the current user has already set up a signing token there is no prompt in the workflow popup. The approval buttons are simply disabled until the email and a token are added.
When a valid signing token and email address are added, the review buttons are activated.
Multiple reviewers
Where there are multiple reviewers, a separate approval signing token will be required by each reviewer
for usability, user validation is provided against previous, current, and the next calculated signing tokens generated by the authenticator app
the e-signature process submits the user email address and approval signing token through the Appfire Comala secure server without storing these details
Approval signing token admin
Administrators can view all setup tokens for users in the instance.
A global administrator can
remove the signing token for users, requiring users to re-authenticate with the app
set a signing token expiry date for a user