E-Signature
Overview
Each individual approval in the workflow can be configured to require reviewer identity authentication.
This adds a credentials prompt for a reviewer to the workflow popup for the individual approval.
Global administrators can choose the authentication method to be used for the approvals in the workflow.
The required credentials for authentication can be configured to be one of the following:
Confluence username and password
time-based signing token
Confluence username and password
E-signature for an approval can be set by global admin to require a reviewer to authenticate their identity by entering their Confluence username and password.
The approval decision buttons are disabled until the reviewer adds the requested credentials to the workflow popup.
This can be:
the Confluence password for each user approval decision
the Confluence username and a password for each user approval decision
Entering the credentials will activate the Approve and Reject decision buttons. The credentials are validated when the reviewer makes their approval decision.
Signing Token
E-signature for an approval can be set by global admin to require a reviewer to authenticate their identity by entering their Confluence username and a time-based signing token.
The signing token is a time-based one-time password generated by a third-party app. The app must be set up by the user for the instance.
The approval decision buttons are disabled until the reviewer adds the requested credentials to the workflow popup.
This can be:
the time-based token for each user approval decision
the Confluence username and the time-based token for each user approval decision
Entering the username and token will activate the Approve and Reject decision buttons. The credentials are validated when the reviewer makes their approval decision.
Each reviewer will need to set up their own personal code for the instance using their Confluence login email address to set up a third-party app to generate the signing token for each review.
Setting up a signing token
The workflow popup for the approval will display a prompt to set up a personal code for a user if:
the approval requires reviewer authentication
AND
the global e-signature configuration is set to require the use of a signing token
If the user has already set up a personal code the workflow popup will only display the credentials prompt for the username and a signing token.
To be able to electronically sign using a signing token a reviewer will need:
a device with a 2 Factor Authentication (2FA) app (Authy, Google Authenticator, 1Password).
the username that they use to login to Confluence.
The user can then set up an account on the app to generate a time-based signing token. The signing token generated by the authentication app will be required each time the user needs to approve a page that requires an e-signature.
Once a user sets up the code with the third-party app the workflow popup will prompt for a signing token generated by the app to initialize the app to the user and the instance.
Each individual approval will then require a signing token from the authenticator app to activate the approval for the user.
the token is then validated when the user makes the approval decision.
the authenticator app generates a new valid numeric signing token every 30 seconds.
if the user navigates away from the content without undertaking the approval the next time they view the content a new time-based signing token will be required to activate the approval buttons.
Global administrator user token reset
Global administrators can reset existing valid setup codes for a user by choosing to Remove the user signing token in the Comala Document Management e-signatures configuration screen
Global admins can also amend the signing token setup expiry date for a user signing token.
If the expiry date for the user signing token expires or the user signing token is removed by the global administrator the user will need to reset their personal code for the instance using the third-party 2FA app.