You must provide the URL of a OneSpan Sign server.

If you are exploring the system or performing tests, you can connect to our Sandbox environment. Alternatively, if you have completed your integration with our system and want to launch your product, you can connect to our Production environment.

Sandbox Accounts are not equivalent to Production Accounts. To connect to the OneSpan Sign Production Environment, you must purchase a Production Account.

Your configuration settings depend on the URL into which you log. If you aren't sure which URL to use, in the email you received when you signed up, click Log into your account. In the Login screen that appears, your login URL will appear in your browser's address bar.

To ensure continuous service, you must whitelist certain IP addresses. To see which IP addresses need to be whitelisted, consult the tab for your environment.

New Incoming IP Whitelists for OneSpan Sign

Please review this section to ensure your OneSpan Sign service continues to function normally.

In order to further optimize the security posture of OneSpan Sign, we are making the following changes:

  1. We are introducing a Web Application Firewall (WAF) and additional protection against Denial-of-Service attacks. This protection will be provided through Cloudflare and we will be switching the inbound IP addresses used by OneSpan Sign to IP addresses of Cloudflare.

  2. We are enhancing the TLS cipher suites supported by OneSpan Sign. Transport Layer Security (TLS) is a protocol that protects the confidentiality and integrity of data exchanged between OneSpan Sign and customers. For more information, see TLS Support.

Please read below for more details about these changes:

IP address switch

Please find below the calendar of our expected maintenance windows per environment. During these maintenance periods, we will be performing an IP migration which could result in our system being unavailable for a period of up to 1 hour:

  • US1 Sandbox: Wednesday, April 28 at 10pm EDT

  • Canada Sandbox: Wednesday, May 5 at 10pm EDT

  • US2 Sandbox: Thursday, May 20 at 10pm EDT

The changes to the production environments will occur on these dates:

  • Europe Production: Sunday, June 27 at 1am CEST (7pm EDT)
  • US2 Production: Sunday, July 11 at 12:01am EDT
  • US1 Production: Sunday, July 18 at 1:30am EDT
  • Canada Production: Sunday, August 29 at 12:00am EDT

What do I need to do?

If you are not whitelisting IPs in your integration, there is no action required on your part.

If you are whitelisting our public IPs, please add the respective FQDN (fully qualified domain name) to your inbound whitelist to continue accessing our services after the IP switch has been made on the specified dates above:

Environment FQDN
Canada Sandbox sandbox.e-signlive.ca
US2 Sandbox sandbox.esignlive.com
US1 Sandbox sandbox.e-signlive.com
Europe Production apps.esignlive.eu
Canada Production apps.e-signlive.ca
US2 Production apps.esignlive.com
US1 Production apps.e-signlive.com

If your Security policy does not permit FQDN whitelisting, see Cloudflare's IP ranges. These IPs are subject to change at Cloudflare's discretion.

IP whitelisting for outgoing IP addresses is not impacted by this change and is still required.

IPv6 will not be supported on the AU Production environment as of October 3, 2021, at 2am, AEST.

Below is the list of New Incoming IP addresses (IPv4) applicable to all environments:

  • 173.245.48.0/20

  • 103.21.244.0/22

  • 103.22.200.0/22

  • 103.31.4.0/22

  • 141.101.64.0/18

  • 108.162.192.0/18

  • 190.93.240.0/20

  • 188.114.96.0/20

  • 197.234.240.0/22

  • 198.41.128.0/17

  • 162.158.0.0/15

  • 104.16.0.0/13

  • 104.24.0.0/14

  • 172.64.0.0/13

  • 131.0.72.0/22

Changes to TLS cipher suites

At the same time as the above-mentioned IP switch, we will update the TLS configuration used by OneSpan Sign. OneSpan Sign will use the following TLS versions and cipher suites:

TLS 1.2 cipher suites

  • ECDHE-RSA-AES128-GCM-SHA256
  • ECDHE-RSA-AES128-SHA256
  • ECDHE-RSA-AES256-GCM-SHA384
  • ECDHE-RSA-AES256-SHA384
  • AES128-GCM-SHA256
  • AES128-SHA256
  • AES256-GCM-SHA384
  • AES256-SHA256

TLS 1.3 cipher suites

  • TLS13-CHACHA20-POLY1305-SHA256

  • TLS13- AES-256-GCM-SHA384

  • TLS13- AES-128-GCM-SHA256

What do I need to do?

We recommend that you start working with your IT team immediately to upgrade your integration framework to the latest security library supporting the above-mentioned TLS versions and cipher suites. Once completed, please test your OneSpan Sign sandbox environment after the following dates to ensure all TLS communications are working properly. This is an important step to ensure your organization does not encounter service disruptions:

  • US1 Sandbox: Thursday, April 29, 2021
  • Canada Sandbox: Wednesday, May 5, 2021
  • US2 Sandbox: Thursday, May 20, 2021

The changes to the production environments will occur on these dates:

  • Europe Production: Sunday, June 27 at 1am CEST (7pm EDT)
  • US2 Production: Sunday, July 11 at 12:01am EDT
  • US1 Production: Sunday, July 18 at 1:30am EDT
  • Canada Production: Sunday, August 15 at 00:00am (midnight) EDT

URL Update for OneSpan Sign Sign API Calls

What do I need to do?

If you have not integrated OneSpan Sign via our API/SDKs and are not using mutual TLS protocols in your integration, there is no action required on your part.

If you HAVE integrated OneSpan Sign via our API/SDKs and are using mutual TLS protocols, in addition to the requirement of switching the IP addresses used by OneSpan Sign to IP addresses of Cloudflare as described above, please change your integration from using port 8443 to using a path.

For example:

Old New
https://apps.esignlive.com:8443/api https://apps.esignlive.com/mtls/api

We also recommend that you start working with your IT team immediately to upgrade your integration framework to the latest security library using strong ciphers. Once completed, please test your OneSpan Sign sandbox environment after the following dates to ensure all TLS communications work properly. This is an important step to ensure your organization does not encounter service disruptions:

  • US1 Sandbox: Thursday, April 29, 2021
  • Canada Sandbox: Wednesday, May 5, 2021
  • US2 Sandbox: Thursday, May 20 at 10pm EDT

The changes to the production environments will occur on these dates:

  • Europe Production: Sunday, June 27 at 1am CEST (7pm EDT)
  • US2 Production: Sunday, July 11 at 12:01am EDT
  • US1 Production: Sunday, July 18 at 1:30am EDT
  • Canada Production: Sunday, August 29 at 12:00am EDT

Your configuration settings depend on the URL into which you log. If you aren't sure which URL to use, in the email you received when you signed up, click Log into your account. In the Login screen that appears, your login URL will appear in your browser's address bar.

To ensure continuous service, you must whitelist certain IP addresses. To see which IP addresses need to be whitelisted, consult the tab for your environment:

>

Before continuing, verify the domain that you are using for your OneSpan Sign instance. The following domains are available:

US 2 (esignlive.com)

US instances that use US 2 (esignlive.com) as their domain must whitelist the following IP addresses:

Environment URL Incoming IP Address Outgoing IP Address
US 2 OneSpan Sign Production apps.esignlive.com

52.4.146.88

23.22.76.174

52.38.114.149

54.213.153.138

IPv4

173.245.48.0/20

103.21.244.0/22

103.22.200.0/22

103.31.4.0/22

141.101.64.0/18

108.162.192.0/18

190.93.240.0/20

188.114.96.0/20

197.234.240.0/22

198.41.128.0/17

162.158.0.0/15

104.16.0.0/13

104.24.0.0/14

172.64.0.0/13

131.0.72.0/22

52.200.120.227

52.38.93.133

3.223.61.148

US 2 Sandbox sandbox.esignlive.com

54.85.59.26

54.164.84.186

IPv4

173.245.48.0/20

103.21.244.0/22

103.22.200.0/22

103.31.4.0/22

141.101.64.0/18

108.162.192.0/18

190.93.240.0/20

188.114.96.0/20

197.234.240.0/22

198.41.128.0/17

162.158.0.0/15

104.16.0.0/13

104.24.0.0/14

172.64.0.0/13

131.0.72.0/22

18.204.61.4

3.227.220.132

US 1 (e-signlive.com)

US instances that use US 1 (e-signlive.com) must whitelist the following IP addresses:

Environment URL Incoming IP Address Outgoing IP Address
US 1 OneSpan Sign Production apps.e-signlive.com

54.85.79.26

54.85.78.62

54.201.3.64

54.200.10.69

IPv4

173.245.48.0/20

103.21.244.0/22

103.22.200.0/22

103.31.4.0/22

141.101.64.0/18

108.162.192.0/18

190.93.240.0/20

188.114.96.0/20

197.234.240.0/22

198.41.128.0/17

162.158.0.0/15

104.16.0.0/13

104.24.0.0/14

172.64.0.0/13

131.0.72.0/22

54.85.128.97

54.201.188.127

52.25.125.58

18.235.196.149

US 1 Sandbox sandbox.e-signlive.com

54.84.132.241

54.85.54.201

IPv4

173.245.48.0/20

103.21.244.0/22

103.22.200.0/22

103.31.4.0/22

141.101.64.0/18

108.162.192.0/18

190.93.240.0/20

188.114.96.0/20

197.234.240.0/22

198.41.128.0/17

162.158.0.0/15

104.16.0.0/13

104.24.0.0/14

172.64.0.0/13

131.0.72.0/22

54.84.89.182

US Government instances must whitelist the following IP addresses:

Environment URL Incoming IP Address Outgoing IP Address
OneSpan Sign Production for Government signer-gov.esignlive.com 23.97.15.51 52.227.164.112
OneSpan Sign Sandbox for Government signer-sandbox-gov.esignlive.com 23.97.15.51 13.72.53.92

Canadian instances on esignlive.ca must whitelist the following IP addresses:

Environment URL Incoming IP Address Outgoing IP Address
PRDC Canada Production apps.e-signlive.ca

52.60.92.229

52.60.122.173

169.54.69.11

169.54.69.14

IPv4

173.245.48.0/20

103.21.244.0/22

103.22.200.0/22

103.31.4.0/22

141.101.64.0/18

108.162.192.0/18

190.93.240.0/20

188.114.96.0/20

197.234.240.0/22

198.41.128.0/17

162.158.0.0/15

104.16.0.0/13

104.24.0.0/14

172.64.0.0/13

131.0.72.0/22

52.60.142.251

52.60.143.116

169.54.69.6

169.54.69.10

SBXC Canada Sandbox sandbox.e-signlive.ca

52.60.105.234

52.60.155.238

158.85.81.52

IPv4

173.245.48.0/20

103.21.244.0/22

103.22.200.0/22

103.31.4.0/22

141.101.64.0/18

108.162.192.0/18

190.93.240.0/20

188.114.96.0/20

197.234.240.0/22

198.41.128.0/17

162.158.0.0/15

104.16.0.0/13

104.24.0.0/14

172.64.0.0/13

131.0.72.0/22

52.60.135.61

52.60.146.3

158.85.82.181

158.85.82.182

Australian instances on esignlive.com.au must whitelist the following IP address:

Environment URL Incoming IP Address Outgoing IP Address
Australia Production apps.esignlive.com.au

52.62.209.65

13.55.131.135

168.1.38.249

168.1.38.253

168.1.69.165

168.1.69.174

13.236.244.18

13.237.181.70

168.1.38.251

13.55.54.140

52.62.192.176

168.1.69.163

168.1.69.169

13.237.234.180

3.105.3.153

   

Cloudflare IP ranges (new)

IPv4

173.245.48.0/20

103.21.244.0/22

103.22.200.0/22

103.31.4.0/22

141.101.64.0/18

108.162.192.0/18

190.93.240.0/20

188.114.96.0/20

197.234.240.0/22

198.41.128.0/17

162.158.0.0/15

104.16.0.0/13

104.24.0.0/14

172.64.0.0/13

131.0.72.0/22

IPv6

2400:cb00::/32

2606:4700::/32

2803:f800::/32

2405:b500::/32

2405:8100::/32

2a06:98c0::/29

2c0f:f248::/32

 

European instances on esignlive.eu must whitelist the following IP address:

Environment URL Incoming IP Address Outgoing IP Address
Europe Production apps.esignlive.eu

18.196.249.213

34.243.5.41

34.243.143.168

35.157.85.150

IPv4

173.245.48.0/20

103.21.244.0/22

103.22.200.0/22

103.31.4.0/22

141.101.64.0/18

108.162.192.0/18

190.93.240.0/20

188.114.96.0/20

197.234.240.0/22

198.41.128.0/17

162.158.0.0/15

104.16.0.0/13

104.24.0.0/14

172.64.0.0/13

131.0.72.0/22

18.197.87.157

18.197.87.175

52.215.67.32

52.209.144.54