E-signature
Overview
In a workflow users can be required to electronically sign for document approvals. This can be enabled for each approval.
You need one of
your mobile device with a 2 Factor authentication app (for example, Authy, Google Authenticator, 1Password, Microsoft Authenticator)
desktop authenticator app, for example, Authy
browser extension such as the Google Chrome extension Authenticator.cc
A time-based token generated by the authentication app is required each time the user needs to approve a page that requires an e-signature.
If e-signature is enabled for an approval this is required for each reviewer.
How to require an e-signature
The e-signature credentials requirement is set for each approval in a workflow. The included Quality Management System workflow requires e-signature for several approvals in different states.
In a custom workflow, each approval can be edited using workflow builder to require credentials.
Global administrators can reset existing valid setup tokens for a user and amend the signing token expiry date.
E-signature process and approval signing token
The compliance review Quality Management Systems (QMS) workflow requires users to use their email and a signing token to confirm their identity when registering an approval. The workflow requires e-signature authentication for all reviewers in both the Draft and the In Approval states.
Users need to utilize a one-time signing token to digitally sign their documents
a user enters a signing token along with their email address
The first time a user is asked to electronically sign a Confluence page, they see a Set up a personal code link.
The approval decision buttons are disabled until the reviewer sets up the personal code and then adds their email and personal code token to the workflow popup.
The token is generated by a third-party app installed on a smartphone.
When the first-time user chooses the Set up a personal code link the user is asked to set up an authentication app
installation of an authenticator app (Authy, Google, etc) on the user’s smart device.
linking the authenticator app to the instance using an email-generated QR code link.
addition of an app-generated numeric token to confirm the setup for the specific user in the current instance.
Depending on the authenticator app, a new valid numeric signing token is generated usually every 30 seconds
Once set up, each approval requires a numeric signing token from the authenticator app to activate for the user.
E-signature for an approval
To activate each approval in a workflow, the e-signature process requires the user to add their email and a valid signing token generated by the authenticator app.
As long as a signing token is entered along with your email address, the approval becomes active.
Each approval signing token the app generates is temporary and expires quickly (less than a minute).
If a user navigates away from the content with an approval activated but not undertaken, a new signing token is required on returning to the page to activate the approval.
When the review is undertaken it will be logged as electronically signed.
Related Links
Authentication apps and browser extensions
Authenticator.cc (for Google Chrome)