...
Please see the following sample for date validation:
| Input validation | Result |
|---|---|
Signature
For information about how to sign the different signature types please have a look at the Signer Guide.
...
- Signature fields can be assigned also to "Automatic Signing Activities", making the automatic signatures visible on the document
- Required
- Custom Signature Image (feature flag necessary: "ExternalSignatureImage"
- This allows signers to upload their picture (custom signature picture) and add it as additional graphics to the stamp imprint. Furthermore the signer can store the signature image which a gallery for later usage.
- By enabling the "Custom Signature Image" checkbox, the sender can allow (or enforce) that the signer is uploading an additional image to be shown in the signature field. Such custom signature images can be used to ask for placing a company stamp picture, or to insert Hanko stamps. See Story: Using external signature images for additional use case details. Note that the global setting here sets and overrules the signature-type specific settings, as this property can also be defined on a per-signature-type level in the Advanced tab.
- Batch Signature
With the "Batch Signature" checkbox enabled, it makes the signature field a member of a batch of several signature fields. Signatures being member of a batch can be signed all at once if the signer prefers, but allow the signer also to sign them one by one. When the batch signing option is enabled, the sender can distinguish between different batch signing behavior:
- Simple Batch
where the signer just knows how many signature fields are signed as part of the batch - Signature List (unselected)
where a list of all signature fields (document name and page number, or signature field label) are displayed in a list of checkboxes; the user needs to select those which should be signed as part of the batch (opt-in) - Signature List (preselected)
where a list of all signature fields (document name and page number, or signature field label) are displayed in a list of checkboxes; the user can deselect those which she/he doesn't want to sign as part of the batch (opt-out) - Signature List (selected, required mandatory)
Like "preselected", but without an option to uncheck the "mandatory signature fields) - Signature List (unselected, required mandatory)
Like "unselected", but mandators signature fields still preselected and without an option to uncheck the mandatory signature fields
- Simple Batch
The signature field, in the designer page's main editor, is represented by a different icon when the signature field is member of a batch:
Signature Field in standard representation Signature Field allowing batch signing
...
...
Following options available for
...
all signature
...
There is neither an additional configuration (setting) nor a feature flag needed for this signature type.
This is the simplest signature type, with the most convenient user experience. With this signature type the signer has just to click on the signature field to sign. As it is a pure browser-based signing experience, we consider the "ClickToSign" signature type as one of the "HTML5 signature types". This requires careful consideration of configuration of the activity to reach the necessary expression of power.
DrawToSign
| Info |
|---|
Please note: The additional setting for using qualified timestamp server is not available for this signature type. There is neither an additional configuration (setting) nor a feature flag needed for this signature type. |
This type allows the signer to draw his signature by mouse, finger or pen. Just an image of his signature is created and embedded into the document. In this case, only the flat picture of the signature and technical parameters of the session are recorded, but no biometric data. We consider also the "DrawToSign" signature type as one of the "HTML5 signature types".
TypeToSign
| Info |
|---|
Please note: The additional setting for using qualified timestamp server is not available for this signature type. There is neither an additional configuration (setting) nor a feature flag needed for this signature type. |
With this type the signer has to type in his name to sign the signature field. The signature itself is printed in a computer font that may look like someone's handwriting, but actually isn't the signer's handwriting itself. It's the third and last one of this guide which we consider as one of the "HTML5 signature types".
SwissCom On Demand Certificate
...
Following feature flag is necessary: SwissComOnDemandCertificate
Before starting the envelope please see the following configurations which are needed in order to send a SwissCom On Demand Certificate.
...
- Authentication certificate
- Customer key
- Name pattern
| Info | ||
|---|---|---|
| ||
Please see the following sample name pattern (can differ in other use cases): Please also note that the name patterns are case sensitive!
If an evidenceId is needed add it to the pattern like it is shown in the next sample and enable the checkbox "Determine and set Swisscom On-Demand Certificate 'Evidence ID' automatically:
|
After setting the organization configuration you can start with the envelope. Please do not forget to add the following data which is necessary to use the SwissCom On Demand Certificate:
...
...
- Mobile phone
- Country of residence
- Organization (optional)
Biometric Signature
| Info |
|---|
Following feature flag is necessary: BiometricSignature |
For the biometric signature you can additionally configure following setting:
- positioning
- intersects with field
- withinField
- onPage
Local Certificate
With the local certificate the signer can use a locally on his/her device installed certificate for signing.
...
Please see the following configuration available for local certificate signature:
...
Figure
...
Configuration
...
...
With the local certificate setting you can
validate the recipient and certificate holder name
enable signing certificate filter on intended use
and enable the certificate root CA verification with EUTL.
Digital Remote Signature
If the user has a long lived certificate you can use the Digital Remote Signature option. You can configure the User Id and the Device Id. If not configured the signer must provide those information:
Disposable Certificate
| Info |
|---|
Following feature flag is necessary: DisposableCertificate |
Please see the following configuration for the disposable certificate (those settings can be found in the organization settings)
...
...
Before you can send a disposable certificate you have to fill in some dates. First, in your organization settings and then if you send the envelope. The next figure shows you the configurations which has to be done before sending the envelope.
There are three checkboxes available:
- Use lean disposable (Has to be enabled, except there is a clear reason against it)
Note: There are differences in the validation rules between "regular" disposable and "lean disposable".- choose between the lean disposable with validity of 60 min or with validity of 30 days
- Show disclaimer before certificate request (to ensure that certificates are issued only with consent of the holder; but might be substituted with other process constraints which address the legal requirement)
- Send disposable disclaimer document emails (might be required in fulfillment of obligations of the LRA contract, unless other delivery methods ensure delivery of the certificate request form)
- Use lean disposable (Has to be enabled, except there is a clear reason against it)
types
In the section "Display following stamp imprint data", the sender can define which data to be contained on the signature representation on the PDF. Note that some items will be ignored when defining a custom stamp imprint configuration that simply does not contain a specific field for all or some signature types.
The following default values are used for all signature types:
Please note: If "Extra Information" is disabled, all other variables (such as "Name", "IP address" etc.) will be automatically disabled as well and no information will be displayed as stamp imprint.
- Signature rendering
- custom signature image: false
- Stamp imprint settings
- Extra information: true
- Email address: true
The signer's mail address, automatically filled with the information available on the activity. - Transaction Id: true
- Transaction token: true
- Phone number
Automatically filled with the information available on the activity, when applicable. Always printed in the international format with country prefix (e.g. +39 or +43) - IP address: true
- Name: true
the full name (given name and family name) of the signer, automatically filled with the information available on the activity. - Signature date: true
- Font name: Configured organization default is used
- Font size: Configured organization default is used
- Exceptions for Draw2Sign:
- "Extra Information", "Display Email Address", "Display IP Address", "Display Name", "Display Signed on Date" is used from the organization default settings (configurable in the Organization dialog under "Extended settings for 'Draw to sign')
The "Advanced Settings" tab allows to set additional parameters.
At the top of the advanced settings, the sender can change the appearance of the signature rendering:
- Define the date format used for rendering the date on a signature field
(this configuration will be ignored when defining a specific date format in a custom stamp imprint configuration that is applied organization wide for all or some signature types)
As many settings are different per signature type, the advanced settings tab also lists all signature types which have been allowed on the General tab. For each of the signature types, a settings section (which is by default collapsed) can be expanded. Some of these settings can be defined per signature type, but same options are available for all signature types to allow independent configuration.
UI signature validity in second. This setting is used by the following sigTypes:
- DisposableCertificate
- SwissComOnDemand
- RemoteCertificate
- OneTimePassword
ClickToSign
| Info |
|---|
Please note: The additional setting for using qualified timestamp server is not available for this signature type. There is neither an additional configuration (setting) nor a feature flag needed for this signature type. |
This is the simplest signature type, with the most convenient user experience. With this signature type the signer has just to click on the signature field to sign. As it is a pure browser-based signing experience, we consider the "ClickToSign" signature type as one of the "HTML5 signature types". This requires careful consideration of configuration of the activity to reach the necessary expression of power.
DrawToSign
| Info |
|---|
Please note: The additional setting for using qualified timestamp server is not available for this signature type. There is neither an additional configuration (setting) nor a feature flag needed for this signature type. |
This type allows the signer to draw his signature by mouse, finger or pen. Just an image of his signature is created and embedded into the document. In this case, only the flat picture of the signature and technical parameters of the session are recorded, but no biometric data. We consider also the "DrawToSign" signature type as one of the "HTML5 signature types".
TypeToSign
| Info |
|---|
Please note: The additional setting for using qualified timestamp server is not available for this signature type. There is neither an additional configuration (setting) nor a feature flag needed for this signature type. |
With this type the signer has to type in his name to sign the signature field. The signature itself is printed in a computer font that may look like someone's handwriting, but actually isn't the signer's handwriting itself. It's the third and last one of this guide which we consider as one of the "HTML5 signature types".
SwissCom On Demand Certificate
| Info | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Following feature flag is necessary: SwissComOnDemandCertificate Before starting the envelope please see the following configurations which are needed in order to send a SwissCom On Demand Certificate.
After setting the organization configuration you can start with the envelope. Please do not forget to add the following data which is necessary to use the SwissCom On Demand Certificate:
|
Biometric Signature
On a signature field which allows recording a biometric signature, the biometric verification can be enabled in case the (optional) SIGNificant Biometric Server was also installed and properly configured.
When enabling the biometric verification, the sender has to provide the signer's user ID which was used to enroll a profile.
The sender can configure behavior of the biometric verification:
- It is possible to allow to skip the verification (in case the matching score is below the required threshold).
- The signature field can be configured to allow enrolling signatures to a profile if there have not been enough signatures enrolled to the profile yet.
Another option allows the sender to define that only the validation response (which includes the validation score obtained from biometric server) should be stored in the signed PDF, instead of storing the entire biometric data. In this case, the document itself does not store the data required for a forensic examination of the handwritten signature, but legal considerations may result in preferring that option, in some countries.
| Info |
|---|
Following feature flag is necessary: BiometricSignature |
For the biometric signature you can additionally configure following setting:
- positioning
- intersects with field
- withinField
- onPage
Local Certificate
For a local certificate signature, the sender can define filters on certificates to be offered for signing. Currently it is possible to define a preferred signature algorithm. Certificates using this algorithm will be ranked higher in the certificates offered to the signer.
The sender can also enforce to use the selected (preferred) one, which avoids that the signer is using certificates based on another (probably weaker) digital signature algorithm. You can enable preferred hash algorithm and enforce the use of the chosen algorithm. The enforce shown algorithm will be dynamically changed if the preferred algorithm is changed.
| Info | ||||
|---|---|---|---|---|
Please see the following configuration available for local certificate signature:
|
Digital Remote Signature
If the user has a long lived certificate you can use the Digital Remote Signature option. You can configure the User Id and the Device Id. If not configured the signer must provide those information:
Disposable Certificate
Disposable certificate advanced settings now also contains the option to select a long lived certificate. You can also force this setting in the organization settings.
The Long-Lived Disposable Certificate (LLD) is a special variant of a Disposable certificate. The main difference is, that it is not being activated immediately, but after the signatures have been applied.
The Long-Life Disposable certificate profile allows to manage the Qualified Certificate issuance in restricted use-cases restricted to closed-group users contexts, where digital signatures do not produce any legal effect if the verification of the certificate holder identity is not completed with a positive result.
A typical use case is when the document to be signed is a contract that needs to be executed by two or more parties and it does not carry any legal effect until all parties have signed it.
| Info |
|---|
Following feature flag is necessary: DisposableCertificate |
Please see the following configuration for the disposable certificate (those settings can be found in the organization settings)
| Figure | Configuration |
|---|---|
|
|
After the configuration in the organization settings you also have to fill in the disposable data for the recipient. Please see the next figure:
| Figure | Configuration |
|---|---|
|
The signer will receive its email as usual and when the signer wants to sign a disposable certificate signature field he will get a one-time-password via SMS. The counter on the disposable certificate starts by signing the first signature. If “Show disclaimer before certificate request” is enabled in Settings->Organization->Disposable Certificate the signer first receives the disclaimer before the SMS-OTP. When the document is finished you can validate, for example, the qualified electronic signature in Adobe Reader.
SMS-OTP Signature
Following configuration (optional) can be set before sending the envelope with a SMS-OTP signature: You can either set the phone number for the signer or not. To set the phone number just add in the following space on the create envelope page. If you do not set the phone number, the signer has to fill in his/her phone number:
Automatic Remote Signature
| Info |
|---|
Following feature flag is necessary: AutomaticRemoteSignature |
If you create a workflow, a new type “Add Automatic” recipient is available. The automatic remote signature / eSealing is applied automatically to the document, if it is the automatic recipient turn. The workflow continues automatically with the next recipient after the automatic recipient.
- Automatic Remote Signatures / eSealing are an optional eSignAnyWhere feature
- User Managers can configure the automatic remote signature / eSealing profiles in the Organization settings page, when they have enabled the user option “Allow Automatic eSealing”
- Power use can use the automatic remote signature / eSealing profiles, if they have the user option “Allow Automatic eSealing” enabled
1) Automatic Remote Signature Profiles
The profiles for automatic remote signatures are managed via the organization’s settings page (so only by user managers). For creating an automatic remote signature profile you need a description (e.g. name), the username and the password.
Attention: if a power user wants to use the automatic remote signatures, the user must have enabled the user right “” (see “Settings” > “Users”).
2) User Settings
User must have enabled the option “Allow automatic eSealing” to use the automatic remote signatures / eSealing within a workflow.
|
3) Creating a workflow with automatic remote signatures
In the eSAW UI you can add an automatic signer / eSealing via button in the recipient list “Add Automatic”. Then the profile must be selected for the automatic signature / eSealing. Attention: the power user must have the right “Allow automatic eSealing” enabled (see “Settings” > “Users”).
|
Generic Signing Plugin
| Info |
|---|
| Note: This feature is not available with basic subscription, so please contact your Namirial sales. |
The “Generic Signing Plugin” (GSP) allows implementation of custom 3rd party signature creation implementations (HSM based, web service based, etc). It is typically used to integrate external CAs into eSignAnyWhere. A GSP based implementation of a 3rd party CA is available for envelopes created via eSAW API or via eSAW WebUI. New features and improvements allow wider usage of the GSP.
You can find the configuration for a generic signing plugin in the organization settings. After those configurations you can use the generic signing plugin.
BankId
BankId signature type can now be configured in the UI.
For more information please see: WSC HOWTO BankID Plugin (restricted access)
The BankID implementation we are talking about here is the Swedish BankID implementation. The BankID is a common identification method provided by a consortium of the Swedish banking sector, and the identities (which are bound to the national unique number of a citizen) are linked to confirmed identities based on Anti-Money-Laundry verifications. For that purpose, a local device (Mobile Device with BankID App, or Desktop PC with installed BankID Desktop application) has to be installed. The app or application on the local device has to be linked uniquely to the confirmed identity. In addition, the service offers a signing method to sign with a signer-individual certificate provided by the Swedish BankID consortium.
It can be used both as authentication method (when opening a workstep / signer activity), and as signature type on a signature field level
After the configuration in the organization settings you also have to fill in the disposable data for the recipient. Please see the next figure:
...
...
- Document type
- Identity card
- Driver license
- Passport
- Document number
- Document issued on
- Document issued by
- Document expiry date
- Identification Issuing Country
- Identification type
- Tax Code
- National unique number
- Passport
- Identity card
- Driving license
- Identification Number
- Mobile phone
- Country of residence
The signer will receive its email as usual and when the signer wants to sign a disposable certificate signature field he will get a one-time-password via SMS. The counter on the disposable certificate starts by signing the first signature. If “Show disclaimer before certificate request” is enabled in Settings->Organization->Disposable Certificate the signer first receives the disclaimer before the SMS-OTP. When the document is finished you can validate, for example, the qualified electronic signature in Adobe Reader.
SMS-OTP Signature
Following configuration (optional) can be set before sending the envelope with a SMS-OTP signature: You can either set the phone number for the signer or not. To set the phone number just add in the following space on the create envelope page. If you do not set the phone number, the signer has to fill in his/her phone number:
Automatic Remote Signature
| Info |
|---|
Following feature flag is necessary: AutomaticRemoteSignature |
If you create a workflow, a new type “Add Automatic” recipient is available. The automatic remote signature / eSealing is applied automatically to the document, if it is the automatic recipient turn. The workflow continues automatically with the next recipient after the automatic recipient.
- Automatic Remote Signatures / eSealing are an optional eSignAnyWhere feature
- User Managers can configure the automatic remote signature / eSealing profiles in the Organization settings page, when they have enabled the user option “Allow Automatic eSealing”
- Power use can use the automatic remote signature / eSealing profiles, if they have the user option “Allow Automatic eSealing” enabled
1) Automatic Remote Signature Profiles
The profiles for automatic remote signatures are managed via the organization’s settings page (so only by user managers). For creating an automatic remote signature profile you need a description (e.g. name), the username and the password.
Attention: if a power user wants to use the automatic remote signatures, the user must have enabled the user right “” (see “Settings” > “Users”).
2) User Settings
User must have enabled the option “Allow automatic eSealing” to use the automatic remote signatures / eSealing within a workflow.
...
- Enable automatic eSealing for the user
3) Creating a workflow with automatic remote signatures
In the eSAW UI you can add an automatic signer / eSealing via button in the recipient list “Add Automatic”. Then the profile must be selected for the automatic signature / eSealing. Attention: the power user must have the right “Allow automatic eSealing” enabled (see “Settings” > “Users”).
...
...
- Add automatic
Generic Signing Plugin
| Info |
|---|
| Note: This feature is not available with basic subscription, so please contact your Namirial sales. |
The “Generic Signing Plugin” (GSP) allows implementation of custom 3rd party signature creation implementations (HSM based, web service based, etc). It is typically used to integrate external CAs into eSignAnyWhere. A GSP based implementation of a 3rd party CA is available for envelopes created via eSAW API or via eSAW WebUI. New features and improvements allow wider usage of the GSP.
You can find the configuration for a generic signing plugin in the organization settings. After those configurations you can use the generic signing plugin.
Radiobutton
Following settings are available for a radio button:
...
Following settings are available:
| General |
|---|
|
Please also see the next figure for reading confirmation just for a specific area:
| Figure | Description |
|---|---|
|
If the field is selected as required the recipient must then confirm that he/she has read the selected area.
...
Please note the following general settings which are available to configure a link:
| General |
|---|
|
With the link form field it is possible to add hyperlinks to the document. This allows the recipient to just click on the link to navigate to linked pages.
...
Following settings are available for the static text:
| General |
|---|
|
Guiding Order
With this setting you can define a specific order for the tasks. In addition to order the tasks by drag and drop it is also possible to define a sequence mode:
...