/
Set up an approval signing token

Set up an approval signing token

Owned by Comala Publishing
Last updated: Jul 15, 2025

Contents:

Overview

When e-signature is enabled for the workflow, a reviewer needs to authenticate their identity using a third-party app. Setting up authentication for the first time requires a few special steps.

  • Add an authentication app to your smart device

  • Initialize the signing token for the user for Comala Document Management approvals by adding a new authentication account to the app

  • Generate a token from the linked authenticator app

The e-signature process submits the email address and approval signing token through the Comala secure server without storing these details.

The e-signature does not work if your site is configured to use single sign-on (SSO) through Atlassian Access.

Add the authentication app to your smart device

Download and install a two-factor authentication (2FA) app through your device's app store. Here are some possible examples:

If you are already using 2FA for Confluence login, this is not the same.

A new authentication account needs to be added to the app that is just used for Comala Document Management approvals.

For example, the first time a user is required to approve content in the included Quality Management System workflow, they are required to initialize the signing token to create their authentication account in the authentication app.

Initial signing token setup

The first time a reviewer is required to undertake an approval requiring identity authentication, they must set up a personal code.

To set up a personal code,

  1. Click the setup a personal code link in your workflow state dialog box.

cdmc_workflowdialogbox_approval_authenticationsetup_reviewstate.png

  1. The two-step setup process is shown. Enter your email address and click Validate.

There is an option to resend this email if required.

  1. You will receive an email from Comala Document Management to set up your approval signing token. Open the email, validate your email address, and click the Go to approval signing token settings link to complete the setup.

cdmc_approvalsigntoken_email_validation_linktosigningtokensettings.png

The link for the email validation is time-limited to 15 minutes. After this period, a new validation email must be requested.

  1. The link returns you to the instance. A QR code is displayed to use for setting up the signing token using the authenticator app installed on your smart device. The QR code or key is valid for 30 minutes.

 

  1. To set up your approval signing token, scan the QR code using a mobile phone authenticator app. This creates an authentication account linked to your email and Comala Document Management. A manual setup key is also provided if you can’t scan the QR code.

Add the approval signing token account to the authenticator app

Scan the QR code with your authenticator app to set up an authentication account linked to your user and Confluence instance.

The app will generate a numeric signing token used for approval. This token is specific to the approval process and is not the same as any 2FA token used to log in to Confluence.

cdmc_authenticationapp_addaccount.png

  1. Choose the account details (the logo or name, if appropriate).

  1. Click Save.

  1. Note the six-figure numeric signing token. The approval signing token is renewed every 30 seconds by the authenticator app

  2. Add the approval signing token to the Comala Document Management signing token setup dialogue box.

  1. Click Validate.

cdmc_validateauthenticationtoken_success.png

The signing token’s creation date and expiry date are displayed during setup.

Confluence administrators can reset the token setup if needed.

Set up the approval signing token through the document report

An individual user can set up the signing token through the Document Report.

Select Document Report in the sidebar.

cdmc_documentreport_sidebar.png

Choose the E-signature token setup link.

If the signing token setup is complete and valid, the “Comala Document Management signing token setup is complete!” screen is displayed.

If there is no valid token setup, the link displays the signing token setup dialog box. 

Use an approval signing token to activate a review

The approve and reject buttons in the workflow state dialog box are disabled when user authentication is required for an approval.

You must use the approval signing token to activate the approval buttons by adding:

  • Your email address

  • The numeric signing token in the state dialog box

cdmc_approvalpopup_esignature_email_token_elle.png

The token validity is checked when the decision to approve or reject is made.

Navigating away from the state dialog box and returning later can require a new numeric token.

Global administration of tokens

Global administrators can view all setup tokens for users in the instance in the app's global Signing Token Admin screen.

cdmc_globalsigningtokenadmin_oneusertoken_dropdownoptions_remove_setexpiry.png

Global administrator can:

  • Remove a user’s signing token, requiring them to re-authenticate

  • Set an expiry date for each signing token

Authentication apps

Need support? Create a request with our support team.

Copyright © 2005 - 2025 Appfire | All rights reserved.