Authenticating Signers

This section discusses the following topics relevant to authenticating signers:

Standard Authentication

When you add a signer to a document package, you can select any of the following standard methods of authenticating the signer:

You can also specify different methods for different signers, as explained in the following section:

Email

This is the default authentication method. A signer authenticated by email is sent an email that contains a link to the document package. Their clicking that link is sufficient to authenticate the signer.

The following code samples illustrate how to use email authentication to invite a signer:

Question & Answer

A signer authenticated by Q&A receives an email that contains a link. When the signer clicks that link, they are asked one or more questions specified by the sender. To gain access to the document package, the signer must answer one of those questions correctly. To provide additional security, it's possible to mask the signer's input as they answer the question.

If a question contains a string in angle brackets, that string will be stripped out, and will not be visible to the signer. In other words, OneSpan Sign does not accept strings such as <Transaction Name, Recipient Name, etc.>.

The following code samples illustrate how to use Q&A authentication to invite a signer.

SMS

A signer who will be authenticated by SMS receives from OneSpan Sign:

  • An email that contains a link
  • An SMS message that contains a numeric pass code

When the signer clicks the link in the email, they are asked to input the pass code which they received by SMS. To gain access to the document package, they must enter the correct code.

The SMS code can only be used once, and by default expires 5 minutes after being sent. The maximum expiry time is 90 minutes (1.5 hours). To change the expiry time, please contact Technical Support (sign.support@onespan.com; 1-855-MYESIGN).

If the signer is calling an SMS number outside North America, they must dial the exit code first (011), followed by the country code, followed by the local number. They should omit any listed trunk code (typically a 0 at the beginning of the number).

The following code samples illustrate how to use SMS authentication to invite a signer.

SSO

The identity of a signer assigned to SSO (Single Sign-On) authentication is verified by an Identity Provider (IdP).

The following code samples illustrate how to assign SSO authentication to a signer.

Using Multiple Methods

The following code samples invite three signers to sign a document. The first signer (Anna) will use simple email authentication. The second signer (Bobby) will use Q&A authentication. The third signer (Charlie) will use SMS authentication.

Knowledge-Based Authentication

Knowledge-Based Authentication (KBA) is an authentication method that asks a signer dynamically generated questions, based on information in the signer's personal Credit Report. OneSpan Sign uses the following organizations to provide that authentication for signers in the USA and Canada, respectively:

Equifax USA

To add a signer by KBA authentication using Equifax USA, the package owner must provide the following personal information about the signer:

  • First name, Last name, Address, City: Latin characters only
  • Time at address in years (optional). Enter a value of 0 if the time at the present address is less than 1 year.
  • Home phone: Maximum of 10 digits
  • Date of birth: 8 digits only (MMDDYYYY)
  • Driver 's license: Maximum of 30 digits
  • State: Must be 2 capital letters
  • ZIP: Must be 5 digits
  • SSN: Must be 9 digits

The following code samples illustrate how to use KBA authentication with Equifax USA to invite a signer.

Equifax Canada

To add a signer by KBA authentication using Equifax Canada, the package owner must provide the following personal information about the signer:

  • First name, Last name, Address, City: Latin characters only
  • Time at address in years (optional). Enter a value of 0 if the time at the present address is less than 1 year.
  • Home phone: Maximum of 10 digits
  • Date of birth: 8 digits only (MMDDYYYY)
  • Driver 's license: Maximum of 30 digits
  • Province: Must be 2 capital letters
  • Postal Code: Must be 6 characters, and must include 3 letters (either UPPER CASE or lower case is accepted) and 3 digits.
  • SIN: Must be 9 digits

The following code samples illustrate how to use KBA authentication with Equifax Canada to invite a signer.