We are pleased to announce the introduction of a new feature flag, "TypeToSignSignature", with this release. This feature flag brings forth notable implications for both existing and new organizations. Existing organizations as well as new organizations will have access to the TypeToSign signing method. However, we now offer the added flexibility of being more selective in activating this product feature to keep the UI a bit more clean. Furthermore, on-premise customers can configure on a per-organization basis if they want to allow TypeToSign signing method.

By implementing this feature flag, we empower organizations to tailor their signing preferences to their specific needs, ensuring a more customized and efficient experience.

For further details, please refer to Feature Flags#TypeToSignSignature.

We are pleased to introduce a new feature flag to allow an organization specific timestamp - "AllowUsingCustomTimestampService". This feature allows you to set a dedicated timestamp service for each organization. With "AllowUsingCustomTimestampService", you gain the ability to fine-tune timestamp configurations on a per-organization basis. This means that it is now possible to customize timestamp services to meet the specific needs of each organization in your instance, ensuring that timestamps align perfectly with their unique requirements. This feature provides enhanced control and flexibility, making timestamp management more precise and adaptable across your entire instance.

Please also see Feature Flags#AllowUsingCustomTimeStampService and the Organization Settings

We are excited to introduce new configuration options for OAuth in this release. You now have the flexibility to control how OAuth values are compared, whether it's case sensitive or not. Specifically, for the Signer OAuth Provider, the following comparison modes are additionally available:

• Validate (respect case): OAuth values will be validated with strict case sensitivity.
• Validate (ignore case): OAuth values will be validated while ignoring case differences.

Image Modified

This enhancements offer greater control and customization, ensuring your OAuth integration is tailored to your exact needs.

For general information about OAuth please refer to OAuth2 Authentication Reference and for samples OAuth2 Authentication Samples.

Improved the handling of the generic signing plugin. For general information about the generic signing plugin please see Generic Signing Plugin

It is possible to change the UI language via a route parameter e.g. https://demo.esignanywhere.net/en/Home/Index to view the UI in English language https://demo.esignanywhere.net/it/Home/Index to view it in Italian. This applies also for the agent drafts which can be opened with a defined language now e.g.: .../es/AgentRedirect/Index?draftId=##id## to view the UI in Spanish. Please see the supported languages here: Language Support

The language parameter is optional, if not set then the language will be set to the UI language setting from the authorized user.

Default signature type can now be set for drafts as well as for templates. Following signature types are supported:

• ClickToSign
• DrawToSign
• TypeToSign
• Digital Remote Signature
• Biometric Signature
• Local Certificate
• Disposable Certificate
• SMS-OTP Signature

For more information how to set the default signature type in API see Using Templates for Standard Processes and Using drafts to prepare envelopes.

Also available via UI in the Organization Settings → Default Signature Settings, on the create envelope page in the advanced settings as well as on the edit template page in the advanced settings.

In the organization settings you can now find a new configuration to show a warning dialog if there are fewer signature fields than signers. If this settings is enabled (default) the warning dialog will be shown if:

• only some of the signers have no signature
• when all of them have no signature

Image Modified

Please see the Organization Settings.

Furthermore, the import and export of an organization includes now also a node for this setting. Information can be found here: On-Premise operating and system integrator guide (restricted access)

The zip file which can be downloaded from the envelope details page is now named to the envelopeId (only if the envelope contains more than one document). This applies also for all Emails to CC where it is possible to download the documents. Please see the following email templates which are affected:

• Send copy of finished envelope to CC recipient
• Send copy of finished envelope to CC recipient (non-registered)
• Send signer list to CC recipient
• Send signer list to CC recipient (non-registered)

For more information about email templates please see Email Template Settings

In addition to various bug fixes, this version also addresses several moderately severe security issues.

Document retention can be enforced for an organization via the Admin Web. If the limit is changed (in the Admin Web) to a value which is more restrictive than the setting in the organization, the organization is reconfigured to match this new limit.

Image Modified

For detailed information see eSignAnyWhere AdminWeb#Details

SOAP has been removed in this release as already announced in the eSignAnyWhere version 20.28 and 20.42. See Migration Guide - SOAP to REST

REST API v1 and v2 were announced as deprecated (Migrate REST API clients from v1, v2, v3 to v4) and are now being removed in this release.

API v5 will remain part of the product beyond the announced removal of v3, while REST API v6 is already available. For existing integrations, staying on API v5 is ok as long as no new features of v6 are required, but our recommendation is to start early to migrate to API v6 even in consideration of the effort, to be prepared for the situation when you need a new functionality that is available on API v6 only.

Please note: The guides listed below refer to the new api version 6. If documentation for versions below v6 are needed please have a look at: Outdated documentation

With this setting it is possible to define a specific order for the tasks. In addition to order the tasks by drag and drop it is also possible to define a sequence mode:

• No sequence enforced - allow form filling in any order
• Sequence required tasks
• Sequence enforced - enforce sequence for all tasks

With the link form field it is possible to add hyperlinks to the document. This allows the recipient to just click on the link to navigate to linked pages.

Read confirmation (if one of the following is selected as required the recipient then must confirm that he/she has read the area, page or the document. You can choose between the following:

• Read confirmation (Area)
• Read confirmation (Page)
• Read confirmation (Document)

It is now possible to add a validation for the textbox. You can choose between the following validations:

• None
• Date
  • Format
  • Minimum value
  • Maximum value
• Email
• Number
  • Decimal Places
  • Symbol
  • Symbol location
  • Group Separator
  • Decimal Separator
  • Minimum value
  • Maximum value
• Phone
  • Phone type
    • international
    • international leading zeros
    • international leading plus
• Time
  • Format
  • Minimum value
  • Maximum value

By enabling the "Custom Signature Image" checkbox, the sender can allow (or enforce) that the signer is uploading an additional image to be shown in the signature field. Such custom signature images can be used to ask for placing a company stamp picture, or to insert Hanko stamps. See Story: Using external signature images for additional use case details. Note that the global setting here sets and overrules the signature-type specific settings, as this property can also be defined on a per-signature-type level in the Advanced tab.

Additionally to the general settings you can define the following in the advanced settings for attachment fields:

• Attachment icon
• Either enable or disable to set a custom file name and if enabled enter a file name

Additionally to font size and text color you can also choose between italic and bold. This option is available for the following fields:

The same settings (elementId and FieldDefinition) can also be set for the following predefined fields:

• EmailFields
• InitialsFields
• GivenNameFields
• SurnameFields
• FullNameFields
• DateFields
• Static Text

The middle name can now be added for the initials.

Image Modified

Additionally to the text field it is also possible to add a predefined static text to the document.

Please note the following: It is possible to add a static text although the document was already signed. This is the main difference between the textfield and the static text as a predefined element.

For the radio button following additional setting can be set:

• Select in Unison

Beside the language, email settings and the personal message you can now also add the following:

• Language
• Email settings
• Personal message
• Activity settings

You can now find the recipient finish actions on the create envelope page in the recipients section:

Image Modified

You can now find the recipient finish actions on the create envelope page in the recipients section:

Image Modified

Disposable certificate advanced settings now also contains the option to select a long lived certificate. You can also force this setting in the organization settings.

Image Modified

On a signature field which allows recording a biometric signature, the biometric verification can be enabled in case the (optional) SIGNificant Biometric Server was also installed and properly configured.

When enabling the biometric verification, the sender has to provide the signer's user ID which was used to enroll a profile.

The sender can configure behavior of the biometric verification:

• It is possible to allow to skip the verification (in case the matching score is below the required threshold).
• The signature field can be configured to allow enrolling signatures to a profile if there have not been enough signatures enrolled to the profile yet.

Another option allows the sender to define that only the validation response (which includes the validation score obtained from biometric server) should be stored in the signed PDF, instead of storing the entire biometric data. In this case, the document itself does not store the data required for a forensic examination of the handwritten signature, but legal considerations may result in preferring that option, in some countries.

Image Modified

For a local certificate signature, the sender can define filters on certificates to be offered for signing. Currently it is possible to define a preferred signature algorithm. Certificates using this algorithm will be ranked higher in the certificates offered to the signer.

The sender can also enforce to use the selected (preferred) one, which avoids that the signer is using certificates based on another (probably weaker) digital signature algorithm. You can enable preferred hash algorithm and enforce the use of the chosen algorithm. The enforce shown algorithm will be dynamically changed if the preferred algorithm is changed.

Image Modified

Options available for all signature types

In the section "Display following stamp imprint data", the sender can define which data to be contained on the signature representation on the PDF. Note that some items will be ignored when defining a custom stamp imprint configuration that simply does not contain a specific field for all or some signature types.

The following default values are used for all signature types:

• Signature rendering
  • custom signature image: false
• Stamp imprint settings
  • Extra information: true
  • Email address: true
    The signer's mail address, automatically filled with the information available on the activity.
  • Transaction Id: true
  • Transaction token: true 
  • Phone number
    Automatically filled with the information available on the activity, when applicable. Always printed in the international format with country prefix (e.g. +39 or +43)
  • IP address: true
  • Name: true
    the full name (given name and family name) of the signer, automatically filled with the information available on the activity.
  • Signature date: true
  • Font name: Configured organization default is used
  • Font size: Configured organization default is used
• Exceptions for Draw2Sign:
  • "Extra Information", "Display Email Address", "Display IP Address", "Display Name", "Display Signed on Date" is used from the organization default settings (configurable in the Organization dialog under "Extended settings for 'Draw to sign')

A-Trust signature type can now be configured in the UI.

Note: For the A-Trust signature configuration you need an A-Trust Signaturbox first. For more information please contact us.

Further information: A-Trust Guide (restricted access)

BankId signature type can now be configured in the UI.

Image Modified

For more information please see: WSC HOWTO BankID Plugin (restricted access)

The BankID implementation we are talking about here is the Swedish BankID implementation. The BankID is a common identification method provided by a consortium of the Swedish banking sector, and the identities (which are bound to the national unique number of a citizen) are linked to confirmed identities based on Anti-Money-Laundry verifications. For that purpose, a local device (Mobile Device with BankID App, or Desktop PC with installed BankID Desktop application) has to be installed. The app or application on the local device has to be linked uniquely to the confirmed identity. In addition, the service offers a signing method to sign with a signer-individual certificate provided by the Swedish BankID consortium.

It can be used both as authentication method (when opening a workstep / signer activity), and as signature type on a signature field level.

It is now possible to choose between the following validity times for disposable certificate:

• Regular disposable
• Lean disposable with validity of 60 min
• Lean disposable with validity of 30 days

It is possible to either change the validity in the web UI:

Image Modified

or it can be changed in the _global.xml (for more information please have a look at the RemoteSignaturePlugin - restricted access).

<!-- Defines the type for disposable certificate (Overridden by customization service) -->
<DisposableType values="Disposable;LeanDisposable;LeanDisposableExtendedValidity">Disposable</DisposableType>

A complexity check is now available for the signature type Draw2Sign. Please see the following sample configuration (customization.zip) for a complexity check:

 <signaturecomplexitychecks>
      <draw2sign>
        <minimumpackets>
          <!--Minimum count/amount of packets for a signature. Default is empty value or 0 => All signatures are accepted in terms of length-->
          <variable name="SignatureComplexity_Draw2Sign_MinimumPackets" value="0" comment="Minimum count/amount of packets for a signature. Default is empty value or 0 => All signatures are accepted in terms of length" category="global/ViewerPreferences/SignatureComplexityChecks/Draw2Sign/MinimumPackets" />
        </minimumpackets>
        <minimumtimeinms>
          <!--Minimum time in milliseconds for a signature. Default is empty value or 0 => All signatures are accepted in terms of duration-->
          <variable name="SignatureComplexity_Draw2Sign_MinimumTimeInMs" value="0" comment="Minimum time in milliseconds for a signature. Default is empty value or 0 => All signatures are accepted in terms of duration" category="global/ViewerPreferences/SignatureComplexityChecks/Draw2Sign/MinimumTimeInMs" />
        </minimumtimeinms>
      </draw2sign>
    </signaturecomplexitychecks>

Please note that in the given configuration all signatures are allowed without checking time and packets.

• It is now allowed to have multiple identity providers in use for a single recipient. Please note that this is only allowed if the providers have a completely identical set of update rules.
• Nested JSON in JWT are now also accepted by the OAuth2 checks.
• The separation is now more visible between the OAuth2 Authorization Providers and the OAuth2 Identity Providers. In detail:
  • In the OAuth2 Authorization Providers list you will now only find OAuth2 providers with just validation rules
  • In the OAuth2 Identity Providers list you will now only find OAuth2 providers with at least one update rule
• Stabilization of OAuth2
  
  • Stabilization of the OAuth2 provider authentication via api.
  • The template which was created from an envelope with OAuth2 configuration now also includes the OAuth2 configuration from the original envelope.

For more information about the OAuth2 configuration please have a look at the OAuth2 guide and for samples please also see the OAuth2 sample guide.

• Additionally to the hash of the finished envelope you can now also find the hash of the initial document in the audit trail
• The audit trail now also contains the eSAW version information
• The audit trail sealing now considers PAdES signature level.
• Stabilization of the audit trail
  • You can now find information about the OAuth2 authentication in the audit trail.
  • Timezone formatting issue fixed.
  • Chinese characters are now supported to be displayed correctly in the audit trail.

For more information about the audit trail please see the electronic signature guide.

There will no longer appear exceptions if a document is uploaded with predefined syntax which do not meet the requirements. Instead you will get the following warning:

Image Modified

You can either proceed with the uploaded document or cancel the upload.

For more information about the field markup handling in general please see the following guide: Field markup

We improved again the performance of our solution to provide you an excellent user experience.

The identity settings providers moved to a separate configuration page. Those settings can now be found in Settings → Identity Providers. Please also see the next figure:

Image Modified

The SwissCom OnDemand Certificate is now also available in the UI. You can find the settings for the SwissCom OnDemand Certificate in Settings → Organization.

Image Modified

The settings for the recipient can be found on the create envelope page. There you have to fill in the mobile phone number, the country of residence and the organization (optional).

Image Modified

After these configurations you can use the SwissCom OnDemand Certificate as signature field in the UI:

Image Modified

Moreover, you can create a SwissCom OnDemand certificate signature field with Advanced Document Tags.

Just add the following code to your document to place a SwissCom OnDemand certificate signature:

[[!sigField1:signer1:signature(sigType="SwissComOnDemandCertificate"):label("some label"):size(width=150,height=60)]]

For general information about the advanced document tags please see: Use Advanced Document Tags to insert Form Elements or Signature Fields

The recipient who has to view the document was renamed to "Must view" recipient instead of "Acknowledge" recipient. For example:

Image Modified

You can now configure the following viewer preference: AcceptAgreementDisabledUntilRequiredActionsDone

Note: You can configure the viewer preference in the UI in the section organization->design of the document viewer. Download the design template or your current design and set the variable AcceptAgreementDisabledUntilRequiredActionsDone to 0,

to disable this preference or to 1, to enable this preference. You can also configure this viewer preference via API. Therefore, just add the following variable in the section viewer preferences like it is shown in the next sample:

"ViewerPreferences": {
          "AcceptAgreementDisabledUntilRequiredActionsDone": true,
          "VisibleAreaOptions": {
            "AllowedDomain": "*",
            "Enabled": false
          }         },

Please also make sure that the "Allow Electronic Record and Signature Disclosure" is enabled:

Image Modified

If the preference is set to true and the agreement configuration is enabled the signer will then see the following interface before accessing the document:

Image Modified

On-premise only.

Organization Export

Allows you to export an organization’s settings and use it to create/update other organizations. Organizations can be exported, created and updated using the DB Manager or Admin Web. The result of the export operation is a Zip file that holds 3 files as follows:

• Logo – The organization logo. (If the organization has no logo, then this file will be missing from the Zip file)
• CustomizationZip.zip – Customization file of the organization. (If customization is not allowed for the organization, then this file will be missing from the Zip file)
• ExportedSettings.xml -The actual settings of the organization in XML format.

Organization Import

There are two options for organization import:

• Create new organization using the exported data of other organization.
• Update an existing organization with the exported data of other organization.

The update process will skip updating the settings below (even if they are in the xml file) since they can affect ongoing/draft envelopes.

• OAuth settings
• Saml settings
• Bank Id settings
• SwissCom settings
• Disposable certificate settings

Note: Data such as envelopes, address book etc. are not supported with the export/import of the organization.

If you use lean disposable via API, you have to provide the document issuing country instead of the country of residence. Therefore, we introduced the DocumentIssuingCountry via API. For compatibility with existing implementations, we allow to use the field CountryOfResidence but for legal reasons you also have to provide here (when using lean disposable) the country which issued the identification document.

If you do not use lean disposable (but consider that the “traditional” non-lean disposable should be used only in exceptional cases), you have to continue using the field CountryOfResidence as in the past.