AssureSign provides a number of different authentication mechanisms that may be used to restrict access to documents and envelopes.
Signer Authentication
The recommended best practice is for some form of signer authentication be configured for all signers. There are two primary types of signer authentication that may be configured:
- Password authentication
- Knowledge-based authentication (KBA)
- 2 factor signer authentication
Password authentication
Password authentication is the most commonly used form of signer authentication for most AssureSign users. When configured, signers will be prompted to enter a password or piece of information that must be entered correctly in order for them to access the document or envelope for signing. Originators may configure:
- The text that is displayed to the signer to the prompt them to enter the password
- The actual password or piece of information that must be entered by the signer
For example, a signer might be configured like this:
- Password prompt: Please enter the last 4 digits of your social security number
- Password: 5555
For stand-alone documents that are launched manually from within the AssureSign web application, the Password prompt and Password are entered directly during the configuration of document workflow.
For documents based on templates, the Password prompt and Password are typically configured as parameters in the template workflow. So the corresponding parameter values are populated by the document originator during document setup.
Knowledge-based authentication (KBA)
Knowledge-based authentication involves presenting a set of questions to signers that must be answered correctly in order for them to access the document or envelope. These questions are signer-specific and are generated based on information provided about the signer such as their name, SSN, date of birth, address, etc. Note that use of this method of authentication does incur an additional cost.
After knowledge-based authentication has been completed successfully signers are typically assigned an automatically generated PIN (although they can always opt to change this PIN) that will allow later access to the document or envelope without having to be re-authenticated via knowledge-based authentication.
More information about knowledge-based authentication may found here.
Document/Envelope Authentication
Outside of the signer authentication methods described above, it is also recommended that all access to completed documents and envelopes be restricted. This can be done by assigning a password to the document or envelope.
When configured, any access to the completed document or envelope will require the assigned password to be entered correctly. For documents that belong to envelopes the password is not set at the document level but rather is applied to the envelope as a whole.
- This password is assigned at the time of document setup for documents created manually in the AssureSign web application.
- For stand-alone documents created via the DocumentNOW API this password is assigned in the Submit method.
- For envelopes created via the DocumentNOW API this password is assigned in the Create Envelope method.
Note that signers may also access the completed document by entering their individual signer password or KBA pin (if applicable) in lieu of the document/envelope password.