Can you mix-and-match remote authenticated signing with in-person signing within a single signature package?
Monday, March 27, 2023 at 09:11amHello, we currently are using e-signature packages (created using the RESTful API) where all signers are fully remote e-signers. Signers must be authenticated by the combination of access to the e-mail address we specify for them plus SMS-based code authentication at the cell phone number we specify.
This, of course, requires that all signers have a verified, private e-mail account and verified, private cell phone number that we have on file for them.
I am interested in using a mix-and-match approach within a single signature package where some signers use the remote authenticated signing approach above and some are able to use in-person signing.
This would allow one or more in-person signers to either come into one of our locations or one of our staff be with the signer in person at their business or home and we do in-person identity verification before handing the signer a phone or tablet with this signer's custom URL (with this URL containing this signer's URL auth token code we have generated) to complete their signing event. In this case, there are no e-mail or SMS messages involved at all for this signer.
I have been examining this OneSpan blog post, which is the best reference I have found for in-person signing:
https://www.onespan.com/blog/onespan-sign-developer-person-signing
However, this page only describes the case where all signers in a signature package are in-person.
In addition, the setting to use "eSigning" or "In-Person eSigning" (pic below) is set at the package level, not at a per-signer level. This suggests a single package can only be all of one approach or all of the other.
I would like to ask if OneSpan supports creating a single signature package where some signers using the fully remote/e-mail/SMS authentication signing path and some signers use the in-person authentication signing path?
And are there any documentation pages on doing this?
Thanks,
Tim
Pic: UI for creating a new signing package
Reply to: Can you mix-and-match remote authenticated signing with in-person signing within a single signature package?
Monday, March 27, 2023 at 09:53amHi Tim,
This is natively supported by OneSpan Sign in-person signing that signers can use a mix of remote and in-person signings. Although the in-person setting is set at package level, you may notice that signers will still receive the signing invitation email (in this aspect, in-person signing is more like an additional way to launch signing ceremony).
Two extra features related to in-person signing:
(1)Disable InPerson Activation Email
As above described, in-person signing transaction signers will still receive activation emails by default. You can contact our support team and disable the email notifications for in-person transactions. If a signer requires to sign remotely, you can programmatically send a notification email with the signing link.
(2)In-person SMS Authentication
By default, in-person signing will skip signer authentication and do in-person identity verification, this feature allows to force SMS authentication even for in-person signing scenarios.
Duo
Reply to: Can you mix-and-match remote authenticated signing with in-person signing within a single signature package?
Monday, March 27, 2023 at 10:18amHi Duo, thanks so much for the quick response!
Re: (1) Disable In-Person Activation Email
Regarding e-mail addresses for in-person signers, we will have some in-person signers that do not provide us with e-mail addresses or possibly have no e-mail accounts. Do we need to make up fake e-mail addresses simply to fill in data for in-person signers?
Thanks for the link to the API to send e-mail notifications for those signers that are not using in-person signing.
Re: (2) In-person SMS Authentication
Ah, so it sounds like if we configure the package for in-person signing, we need to take special steps to still force the remote signers to do SMS Authentication like we require them to do now.
Is there a specific REST API JSON parameter we need to set to do this for this on a per-signer level? Right now, we get SMS Authentication to be enforced just by sending:
"auth": {
"scheme": "SMS",
...
for each signer with their cell phone number.
Thanks,
Tim
Reply to: Can you mix-and-match remote authenticated signing with in-person signing within a single signature package?
Monday, March 27, 2023 at 11:00amHi Tim,
For your questions:
(1)For in-person signers that do not provide us with e-mail addresses or possibly have no e-mail accounts.
Yes, you will still need to fill in emails for those recipients who didn't provide email.
(2)If we configure the package for in-person signing, we need to take special steps to still force the remote signers to do SMS Authentication
Sorry for the misleading here, no, you don't need to take extra steps. Remote signers will always be prompted for SMS authentication, it is the in-person signers that will be skipped authentication. The feature I referenced here is an account level flag which forces SMS authentication even for in-person signing ceremony (which I doubt you need because you mentioned you do in-person identity verification before handing the signer a phone or tablet).
Duo
Reply to: Can you mix-and-match remote authenticated signing with in-person signing within a single signature package?
Monday, March 27, 2023 at 11:55amThanks again for these responses, Duo!
This is good to hear. It sounds like we should have no technical barriers then to getting mixed in-person+URL-auth and remote+SMS-auth signers in the same signature package.
Regards,
Tim