Setting up an approval signing token

Overview

Setting up the first time requires a few special steps. You must

  • add an authentication app to your smart device

  • initialize the signing token for the user for Comala Document Management approvals by adding a new authentication account to the app

  • generate a token from the linked authenticator app

E-signature must also be enabled for the workflow.

Add the authentication app to your smart device

Download and install a 2 Factor Authentication (2FA) app through your device app store. Here are some possible examples:

You may already have an app installed if you have 2FA for other internet sites.

If you are already using 2FA for Confluence login, this is not the same.

A new authentication account will need to be added to the app that is just used for Comala Document Management approvals.

For example, the first time a user is required to approve content in the QMS workflow, they will be required to initialize the signing token to create their authentication account in the authentication app.

Initialize Signing Token

The very first time a user is expected to approve a page, they are asked to set up a personal code.

Choose setup personal code.

The two-step setup process is shown:

You must first download and install the 2FA app on your smart device.

  • the approval signing token can be generated using several different apps such as Google Authenticator available from Google Play and Apple App Store

  • the authentication client must be installed and linked to your email for the Confluence instance

Once the 2FA app is installed on your device

  • add your email address to Step 2 in Comala Document Management signing token setup dialogue box

  • choose Validate to generate a confirmation email with a link that allows set up of the authentication app installed on your device

There is an option to resend this email if required.

To validate your email address choose the Go to approval signing token settings link in the email.

The link for the email validation is time-limited to 15 minutes. After this period a new validation email is required.

The link returns you to the instance.

A QR code is displayed to use for the signing token setup using the authenticator app installed on your smart device.

  • use of this QRCode or key is time-limited to 30 minutes

  • a key is also shown for the manual setup of the authenticator app

To initialize the approval signing token, the QRCode must be scanned to your smart device authenticator app. This will generate an authentication account specific to the user email and Comala Documentation Management.

Add the approval signing token account to the authenticator app

The QR code is used by the authenticator app to set up the authentication account linked to the user and the Confluence instance.

A numeric signing token is generated by your authentication app using the QRCode. This signing token is specific to the content review and is different to any 2FA token you may use for access to your Confluence instance.

Scan the QRCode generated to your authenticator app.

Choose the account details (such as logo or name, if appropriate).

Choose Save.

  • note the six-figure numeric signing token

  • the approval signing token is renewed every 30 seconds by the authenticator app

Add the approval signing token to the Comala Document Management signing token setup dialogue box.

Choose Validate.

  • signing token creation date for the setup and the expiry date are both displayed

  • Confluence administrators can reset the need to initialize the signing token

Set up the approval signing token through the workflow report

An individual user can set up the signing token through the Document Report.

Select Document Report in the sidebar.

Choose the E-signature token setup link.

If the signing token setup is complete and valid, the link displays the Comala Document Management signing token setup complete! confirmation box.

If there is no valid token setup, the link displays the signing token setup dialogue box. 

  • once set up for a user, new numeric signing tokens are generated every 30 seconds by the authentication app

  • at the time a user with an e-signature set up undertakes an approval, the numeric signing token displayed by the authentication app is required to activate the content review

The e-signature credentials are checked when the approve or reject decision is made.

Navigating away from the popup and returning later may require a new 6-figure numeric token generated by the authentication app.

Use an approval signing token to activate a review

In the content review workflow popup add your email address and the current authenticator app-generated signing token displayed on your smart device.

If the signing token and email are accepted, the popup content review buttons become active for that user.

The content review for the In Approval state also requires an e-signature.

If the current user has already set up a signing token there is no prompt in the workflow popup. The approval buttons are simply disabled until the email and a token are added.

A different approval signing token generated by the authenticator may be required for the same user if more than one minute has elapsed since the use of any previous token.

When a valid signing token and email address are added, the review buttons are activated.

Where there are multiple reviewers, a separate approval signing token is required by each reviewer

  • for usability, user validation is provided against previous, current, and the next calculated signing tokens generated by the authenticator app

  • the e-signature process submits the user email address and approval signing token through the Comala secure server without storing these details

  • e-signature does not work if your site is configured to use single sign-on (SSO) through Atlassian Access

Approval signing token admin

Administrators can view all setup tokens for users in the instance.

Admins can

  • remove the signing token for users, requiring users to re-authenticate with the app.

  • set a signing token expiry date for a user.

Related pages

Authentication apps