E-Signature
Overview
Each individual approval in the workflow can be configured to require reviewer identity authentication.
This adds a credentials prompt for a reviewer to the workflow state dialog box.
Global administrators can choose the authentication method to be used for the approvals in the workflow.
The required credentials for authentication can be configured to be one of the following:
Confluence username and password
time-based signing token
Confluence username and password
E-signature for an approval can be set by global admin to require a reviewer to authenticate their identity by entering their Confluence username and password.
The approval decision buttons are disabled until the reviewer adds the requested credentials to the workflow popup.
This can be:
the Confluence password for each user approval decision
the Confluence username and a password for each user approval decision
Entering the credentials will activate the Approve and Reject decision buttons. The credentials are validated when the reviewer makes their approval decision.
Signing token
Global administration can set an e-signature for an approval to require a reviewer to authenticate their identity by entering their Confluence username and a time-based signing token.
The signing token is a time-based one-time password generated by a third-party app. The user must set up the app for the instance.
The approval decision buttons are inactive until the reviewer adds the requested credentials to the workflow state dialog box. This can be:
the time-based token for each user approval decision
The Confluence username and the time-based token for each user approval decision
Entering the username and token will activate the Approve and Reject decision buttons. The credentials are validated when the reviewer makes their approval decision.
Each reviewer needs to set up their own personal code for the instance using their Confluence login email address. The code is then used to set up a third-party app to generate the signing token for each review.
Setting up a signing token
The workflow state dialog box for the approval displays a prompt to set up a personal code for a user if:
The approval requires reviewer authentication, AND
The global e-signature configuration is set to require the use of a signing token
If the user has already set up a personal code, the workflow state dialog box only displaysdialog box the credentials prompt for the username and a signing token.
To be able to electronically sign using a signing token, a reviewer needs:
A device with a 2 Factor Authentication (2FA) app such as Authy, Google Authenticator, or 1Password
The username that they use to log in to Confluence.
The user can then set up an account on the app to generate a time-based signing token. The authentication app requires the signing token each time the user needs to approves a page that requires an e-signature.
Once a user sets up the code with the third-party app, the workflow dialog box prompts for a signing token generated by the app to initialize the app to the user and the instance:
Adding the token makes the approval decision buttons active
The token is validated when the user makes the approval decision
The authenticator app generates a new, valid numeric signing token every 30 seconds. If the user navigates away from the content without undertaking the approval, the next time they view the content, a new time-based signing token is required to activate the approval buttons.
Global administrator user token reset
Global administrators can reset existing valid setup codes for a user by choosing to Remove the user signing token in the Comala Document Management e-signatures configuration screen
Global admins can also amend the signing token setup expiry date for a user’s signing token.
If the expiry date for the user signing token expires or the global administrator removes it, the user needs to reset their personal code for the instance using the third-party authentication app.
Related pages
Need support? Create a request with our support team.