OneSpan Sign Release Notes

SaaS 2022-May: Release 11.46.2

Bug Fixes

New User Experience

• PB-84695: We experienced increased processing times and a combination of Web UI errors, API errors and failed SSO login operations. This issue is now resolved.

• PB-84571: Fixed an issue in which exceptions caused by invalid SSO metadata were not managed properly. This created a performance issue in SSO.

• PB-81815: Fixed an issue in which changing a SAML setting in OneSpan Sign BackOffice necessitated a restart of the sso-service.

Signer Experience

• PB-84021, PB-84359: Fixed an issue in which signing via the Uanataca Trusted Service Provider was failing due to an internal error.

SaaS 2022-May: Release 11.46.1

What's New

Senders

• Prevent senders from permanently deleting transactions: Before this release, senders could permanently delete a transaction, no matter what its state (e.g., In Progress, Completed). A new setting in OneSpan Sign BackOffice enables Account Administrators to hide the Permanently Delete button in the sender part of the New User Experience. When that button is hidden, senders cannot permanently delete any transaction.

Bug Fixes

Signer Experience

• PB-83815: Fixed the following issue. When signed documents were viewed using the PDF Preview feature of Firefox or a Chromium-based browser, the browser might not correctly render certain components (e.g., a cross in a checkbox). We strongly recommend viewing signed documents with Adobe Reader/Acrobat Pro.

Known Issues

• PB-84021: Signing via the Uanataca Trusted Service Provider fails in the US1 Production environment. This failure has been traced to an internal error that occurs during data storage. That error will be fixed in an upcoming release.

SaaS 2022-Apr: Release 11.46

What's New

Senders

• Can create conditional logic on optional signatures: It is now possible to create conditional logic rules based on optional sigatures. Specifically, when a sender creates a transaction, they can specify certain rules to be triggered when a signer signs an optional signature.
• Can set new rules for Checkbox Groups: Senders can now configure the following validation rules for a Checkbox Group: (1) At least (enforces a minimum number of boxes to be checked for the group); (2) At most (enforces a maximum number of boxes to be checked for the group); (3) Exactly (enforces an exact number of boxes to be checked for the group); (4) Range (enforces a minimum and maximum number of boxes to be checked for the group).
• Can download Evidence Summary & documents together: Senders can now download a transaction’s documents and its Evidence Summary together in a zipped file. Formerly, they had to download the Evidence Summary and documents separately.
• Can download Evidence Summary for incomplete transactions: Enabled the Evidence Summary to be downloaded from the sender part of the User Experience, even if the associated transaction is not completed. Note: This feature must be enabled per account, and is OFF by default. To activate it, please contact our Support Team.
• Better handling of large download files: Formerly, senders couldn’t receive an email with a completed transaction’s documents and/or Evidence Summary if the associated attachment was larger than 10 MB. If the attachment exceeds 10 MB, the sender now receives an email with a download link that will direct them to the relevant Transaction Details page. There, they can download the transaction’s documents and Evidence Summary in the usual way.
• Senders are warned of visibility issues: When a sender chooses a primary Branding color or an Alert color that has a low contrast ratio, the following warning message now appears: This color might cause visibility issues.

Signer Experience

• Can apply QES with Swisscom: Qualified electronic signatures (QES) can now be applied via Swisscom within the jurisdictions of eIDAS and ZertES. This integration with Swisscom: (1) on-boards new signers quickly and easily; (2) improves the User Experience when documents are signed with QES. Limitation: This feature is not yet available in all supported languages.

Developers

• SDK can add signature images: The SDK can now be used to add Image files as signatures in documents.
• Enabled new rules for Checkbox Groups: New validation rules for Checkbox Groups are described in the What's New > Senders section above. To successfully implement these rules, we needed an RHF library (react-hook-form.com). This in turn required us to change the syntax of our Field IDs. Field IDs are now “sanitized” by replacing all special characters with alphanumeric characters. Please take this into account if you are testing OneSpan Sign’s User Experience through an automated UI test framework such as Selenium (www.selenium.dev).

Virtual Room

• Host can extend a session indefinitely: The host can now extend a Virtual Room session any number of times. Before this release, a Virtual Room session could be extended only once.
• Host can close a session: The host can now close a Virtual Room session via an option in the More actions menu.
• Signers can review documents before a session: Signers can now review the documents associated with a Virtual Room transaction before a Virtual Room signing session. Specifically, signers can click a new Review button in the Virtual Room’s waiting room. Clicking it takes a signer to the documents, which can be reviewed but not yet signed. Once the host starts the Virtual Room session, the signers are admitted to the session, and documents can then be signed.
• Notifications sent when videos are downloadable: Added an API Event notification that is sent when a Virtual Room video recording is ready for download.
• Better mobile experience: We improved the mobile experience of Virtual Room sessions. Note: This is a work-in-progress that future releases will continue to improve.

Evidence Summary

• Can store a signer's geolocation: Enabled the system to gather a signer’s geolocation from their browser information, and store that geolocation in the Evidence Summary document. Note: (1) signers can configure their browser to block it from providing their geolocation; (2) this feature is enabled via a setting in OneSpan Sign BackOffice.

eOriginal

• Notification sent if an eDeposit fails: Customers are now notified if an attempt to eDeposit their documents in an eOriginal vault has failed.

• Cannot download authoritative copies: Users are now prevented from downloading authoritative copies of documents that will be deposited in eOriginal vaults. If they try to do so, they will end up downloading non-authoritative copies that are watermarked and flattened.

Bug Fixes

Signer Experience

• PB-80810: Fixed a Signer Experience issue in which Firefox 96 prevented signers from signing.
• PB-80838: Fixed the following issue. If radio buttons were added as required fields, a bug affected the Required Actions counter in the upper-right corner of the Signer Experience. In particular, selecting a radio button failed to increment the "completed actions" counter of the Required Actions widget (i.e., the "x" in "Required Actions x of y").
• PB-79623: Fixed an issue in which the system presented the Capture Signature dialog box to a signer multiple times, thus enabling them to apply different signatures in the same document. Instead, the system should have applied the signature it first captured to all the signer's Signature Boxes.
• PB-80806: Fixed an issue in which the system truncated the image of a captured signature if the signature had been captured on a mobile device; and the image was retrieved via an API call.
• PB-78788: Fixed an issue in which the user was getting a blank screen on their mobile device when they tried to access a transaction that required their Mobile Signature.
• PB-80811: Fixed an issue in which Signature Fields appeared in wrong places when documents were previewed in the Web UI via the "eye" icon.
• PB-82274: Fixed the following issue. When a signer had multiple Capture Signature fields in a document of an e-Notary transaction, an error occurred in the following situation. If the signer drew their signature in one of those Capture Signature fields, and then uploaded a signature image using the "Capture Signature from file" option, the system failed to place the drawn signature in all the signer’s Capture Signature fields.

Senders

• PB-78448: Fixed an issue in which a shared template could not be seen by anyone except the sender who created it.
• PB-76293: Fixed the following issue. After a sender deleted all transactions on the second page of listed transactions, they saw no transactions. Instead, the sender should still have seen the transactions on the first page.
• PB-80510: Fixed an issue that sometimes triggered an error when a conditional logic rule was being created for a transaction in which the Transaction Owner was also a signer.
• PB-78452: Fixed an issue that arose when the system imported fields from an accessible transaction’s PDF. The problem was that the names of fields in a drop-down list in the sender part of the User Experience had been changed from the fields' original names in the PDF.
• PB-78481: Fixed an issue in which special characters (e.g., apostrophes, double quotes) were rendered with a "Z0" prefix in the Field Import drop-down list when accessible transactions were being created.
• PB-78893: Fixed an issue in which the system failed to send email reminders that had been configured in a transaction template.
• PB-78169: Fixed an issue in which reminder emails were sent after a transaction was complete, but optional signatures had not been signed.

User Experience

• PB-78245: Fixed an issue in which the More actions menu was disabled for transactions, but subsequently appeared on user-authentication pages.
• PB-78166: Fixed incorrect Japanese translations of text in the product's Terms and Conditions.
• PB-78052: Fixed an issue in which the system presented a 403 error to a delegated user when they tried to view a delegated transaction.

Account Owners & Admins

• PB-79434: Fixed an issue that prevented groups from being created when sub-accounts were enabled.
• PB-61105: Fixed an issue in which the system threw an error when a user tried to create a group in a sub-account.
• PB-60392: Fixed an issue in which a sub-account user could not be deleted.
• PB-77955: Fixed an issue in which a 401 error appeared if a user requested an API token for a sender whose email address had the same suffix as the email address of another sender in the same account.

Developers

• PB-80323: Fixed the following issue. When a developer injected text fields in a PDF document, the JSON payload specified a font size for the injected fields. The problem was that the system failed to apply the specified font size to those fields.

Evidence Summary

• PB-79270: Fixed an issue in which the Evidence Summary failed to record a user’s remote signing of an in-person transaction.

Data Retention

• PB-79004: Fixed an issue in which transactions sometimes failed to expire on their configured expiry dates.

Accessibilty

• PB-75886: Fixed an accessibility issue in which Screen Readers read a banner about cookies every time they focused on a Close button or an OK, I agree button.

eOriginal

• PB-79122, PB-78928: Fixed an issue in which our Digital Mortgage or Digital Lending workflow failed to trigger the eDeposit of documents in an eOriginal vault.

Vulnerabilities

• PB-61589: Mitigated a vulnerability in which OneSpan Sign session cookies were set with a redundant "secure;" attribute.

• PB-72042: Mitigated a vulnerability in which multiple Oracle patches were missing. We applied the latest Oracle patches to the affected areas.

• PB-79609: Mitigated the CVE-2021-42575 vulnerability by upgrading the OWASP Java HTML Sanitizer library to version 20211018.2.

• PB-80502: Mitigated log4j vulnerabilities by upgrading each affected library to version 2.17.1 of the Log4j Core library.

• PB-79017: To remove vulnerabilities, we: (1) upgraded the libraries velocity-1.7.jar and jstl-1.2.jar; (2) removed the library plexus-utils-1.5.6.jar from the OneSpan Sign Application Backend.

Performance Improvements

• PB-75685: Improved the Signer Experience’s performance by disabling image rendering. Image rendering has not been needed since we deprecated the Classic Signer Experience.

• PB-79926: Improved the Signer Experience’s performance by improving Front End algorithms.

• PB-75902: Improved the User Experience's performance by implementing document-caching techniques.

Changed Behavior

• PB-79665: Changed the system’s Data Retention behavior so transactions are deleted the day after the date on which their retention is due to end.
• PB-77813: We modified the behavior of groups of radio buttons. Now if a radio button from a group is marked as required, the entire group is marked as required. These requirements are nonetheless satisfied when a single button from the group is selected.
• PB-78887: Changed the Evidence Summary's encoded hash for a Virtual Room video recording from a base-64-encoded hash to a plain-text MD5 hash. The latter is easier to decrypt.
• PB-78682: To ensure compliance with ADA standards (WCAG 2.1), we now warn senders when their chosen primary Branding color or Alert color has a low contrast ratio. Such warnings also enable senders to prevent the disappearance of UI components due to a color conflict (e.g., white alerts on a white background).

Known Issues

• PB-84003: An issue arises in the following circumstances: (1) Senders A and B are members of the same sub-account; (2) Senders A and B are each other’s delegates; (3) Sender A creates a template in the sub-account. When Sender B is subsequently in the sub-account, and is acting as a delegate for Sender A, they should be able to see the new template. However, they can’t. A workaround is for Sender B to re-select the sub-account from the Accounts menu. They can then see the new template.
• PB-74520: Suppose an API user creates a transaction, and specifies the value '0' for the maxLength parameter on Text Fields. If a signer subsequently enters any amount of text into a Text Field, it will trigger the following error: The field's value is too long. This issue will be fixed in an upcoming release. Meanwhile, the workaround for API users is to exclude the maxLength parameter from the payload. This issue does not affect SDK users.
• PB-80669: Sometimes an account owner with the User Management permission cannot delete other users from their account. Recent code changes mean that deleting other users now requires both the User Management permission and the Roles permission. A sufficient workaround is to assign the account owner the Admin role (via OneSpan Sign BackOffice).
• PB-82567: Giving a group of checkboxes and a group of radio buttons the same name causes errors in the Signer Experience. The workaround is to ensure that these different kinds of groups have different names.
• PB-82023: Windows Explorer is the default file-compression application for versions 10 and 11 of Microsoft Windows. A bug or limitation in Windows Explorer is preventing users from viewing the content of the EslTransactionsPIIReport file created by the Schedule Reports feature of OneSpan Sign BackOffice. This problem can easily be mitigated by using a third-party file-compression application such as 7zip or winrar.
• PB-82852: When trying to create an accessible transaction, an "HTTP 400 Bad Request" error occurs if the parameters Stop Image Rendering and Extract Text Tags are both enabled in OneSpan Sign BackOffice. This issue will be fixed in an upcoming release.
• PB-83384: When trying to confirm signed documents (accessible or not), the Confirm button sometimes fails to respond when it's clicked. This occurs only if the name in one of the documents' Signature Fields contains a period (.). The functionality of the Confirm button can easily be restored by refreshing the browser.
• PB-83688: This issue arises when a signer repeatedly fails to authenticate themselves via ID Verification, and is locked out of a transaction. When the sender subsequently views that signer’s status in the User Experience, they should see a “locked signer” icon. The sender can then interact with that icon to unlock the signer, and resend the transaction. The problem is that the icon is not appearing, so the signer cannot be unlocked.
• PB-83742: Signing a document on Windows 11 via PCC with a soft certificate sometimes causes a Personal Certificate Client Error. The document cannot be signed because the certificate selected for this purpose is invalid. If this happens, please select a different certificate and try again.
• PB-83815: When signed documents are viewed using the PDF Preview feature of Firefox or a Chromium-based browser, the browser may fail to correctly render certain components (e.g., a cross in a checkbox). If this happens, please view the document using Adobe Reader/Acrobat Pro.
• PB-84199: An issue arises when the Signature Navigator has been configured to iterate through a document’s checkboxes. The problem is that it skips over checkboxes if they are in a Checkbox Group.
• PB-84341: If a signer has been assigned the SMS authentication method, using a Safari v13 browser with iOS 13 crashes the signing process. The error message that appears is Unhandled Server Error. As a workaround, signers can do any of the following: (1) use a different browser; (2) upgrade to a higher version of Safari; (3) upgrade to a higher version of iOS.
• PB-84954: An issue arises in the following circumstances: (1)a template is created with multiple signers, one of whom is assigned Conditional Fields; (2) a transaction is created from the template, and the signer with the Conditional Fields is removed; (3) the transaction is distributed for signing; (4) a signer completes their portion, and clicks Confirm. At this point, an error message appears. This issue will be fixed in an upcoming release. Meanwhile, the workaround is to: (1) manually delete the relevant document from the transaction; (2) add the document to the transaction again; (3) redistribute the transaction for signing.

SaaS 2022-Jan: Release 11.45.3

Bug Fixes

• PB-80515: Fixed an issue that prevented signers from signing a transaction with an iPad or iPhone. When a signer tried to access the Signer Experience, the document would not load. This in turn caused the browser to continuously refresh itself until an error was thrown.
• PB-80810: Fixed an issue in which the Designer would not load in an iFrame when Firefox v96 was being used.

Known Issues

• PB-80838: If radio buttons have been added as required fields, a bug affects the Required Actions counter in the upper-right corner of the Signer Experience. In particular, selecting a radio button fails to increment the "completed actions" counter of the Required Actions widget (i.e., the "x" in "Required Actions x of y").

SaaS 2021-Dec: Release 11.45.2

Bug Fixes

• PB-80033: Fixed an issue in which users couldn't access a shared template in a sub-account.

Vulnerabilities

• PB-80115: Recently the Apache foundation announced a number of security vulnerabilities (CVE-2021-44228 and CVE-2021-45046) in the Log4j2 library for Java applications, affecting all versions from 2.0-beta-9 to 2.15.0. In order to mitigate these vulnerabilities, we have upgraded the affected libraries to Log4j Core library version 2.16.0. This version of the library mitigates the remote code execution and denial-of-service attacks that could result from the vulnerabilities, and is the latest version provided by Apache.

SaaS 2021-Dec: Release 11.45.1

Bug Fixes

• PB-78695: Fixed a Signer Experience performance issue that was causing a noticeable delay in the system's response to the signer's selection of a radio button or checkbox. This gave signers the impression that they had not successfully made a selection. This release has greatly improved the system's response time to the selection of a radio button or checkbox.
• PB-79716: Fixed an issue in which transaction documents could not be opened if a user tried to sign using the Mobile Capture method.

Known Issues

• PB-77405: Disabling a Checkbox Group does not clear a checkbox if it has already been selected. This could occur as follows: (1) conditional logic is configured to disable a Checkbox Group if the signer interacts with a different field (e.g., a text field); (2) the signer selects a checkbox in the group: (3) the signer then interacts with the different field that triggers the conditional logic; (4) that logic disables the Checkbox Group. In this situation, the value entered for the checkbox will persist, even though its group is supposed to be disabled.
• PB-77381: The Action Progress Bar in the Signer Experience may not accurately reflect the number of actions a signer has left to complete. For example, the progress bar may read Required Actions 0 of 2, when it should read Required Actions 0 of 3. Such errors can arise when conditional logic is applied to the first item in a group of checkboxes or radio buttons.

SaaS 2021-Dec: Release 11.45

What's New

Signing Ceremony

• More user-friendly Cookie Policy: Signers who have accepted the Cookie Policy once will no longer be prompted to accept that policy when they access the Signing Ceremony again. Note: (1) the Cookie Policy Consent Agreement is browser-specific; (2) a prompt to accept the Cookie Policy will reappear if the signer clears their browser cache, or if they access their browser window in Incognito/Private mode.

Virtual Room

• Delegates can host meetings: Delegates can now act as the host of a Virtual Room meeting.
• Hosts can see attachment numbers: During a Virtual Room meeting, the host can now see how many attachments the sender asked each recipient to upload.
• Senders reminded that videos will be deleted: Email notifications will now be sent to the sender of a completed Virtual Room transaction to remind them that the transaction’s Video Recordings will soon be deleted. These reminders will be sent: (1) three days before the recordings are deleted; (2) one day before the recordings are deleted.

In-App Reporting

• Reports have more ID Verification info: Transaction Reports now contain more information about transactions that have ID Verification enabled. For each ID Verification attempt in a transaction, the reports now record: (1) if the attempt was for Document Verification Only or Document Verification with Facial Comparison; (2) if the attempt succeeded or failed ; (3) the signer's unique identification number (signer uid).

Developers

• SDKs can manage Checkbox Groups: SDKs can now be used to manage (e.g., create, update) Checkbox Groups.

Bug Fixes

Signing Ceremony

Accessibility

• PB-76252: Fixed an accessibility issue in which the NVDA Screen Reader failed to read the Enable accessibility mode button when signers tabbed to it.

• PB-76623: Fixed the following issue. After using the keyboard’s arrow keys to navigate to the Next button on the Reassign Recipient screen, the NVDA Screen Reader read the text for two buttons (Next and Cancel).

• PB-76625: Fixed the following issue. After using the keyboard’s arrow keys to navigate to a single button on the Signature Capture screen, the NVDA Screen Reader read the text for all that panel's buttons (Clear, Cancel and Done).

• PB-77993: Fixed an issue in which an Unhandled Server Error occurred when a signer switched to Accessibility Mode.

In-Person Transactions

• PB-77012: Fixed an issue in which the Enter key became disabled after an incorrect SMS passcode was entered for an in-person transaction.
• PB-77018: Fixed an issue in which the Signer Locked Out page failed to appear after a signer repeatedly failed SMS authentication in an in-person transaction.

Other

• PB-77728: Fixed an issue in which a document could not be accessed if it had a Checkbox Group whose name contained a period.
• PB-77173: Fixed the following issue, which occurred when the Overview page was enabled. After External Signer Verification was successful, the system presented an unexpected signing flow.
• PB-76567: Fixed the following issue. If a signer dismissed an error banner on a document during a Virtual Room session, the system automatically scrolled to the top of the document.
• PB-76013: Fixed the following issue. If OFAC Blacklist was enabled on a sub-account, an error was thrown when a signer tried to access a transaction created in that sub-account.
• PB-76086: Fixed the following issue. When a delegate tried to capture their signature from a file, the system failed to properly process their registered signature image.
• PB-76670: Fixed an issue in which the feedback bar failed to minimize to the top bar when the signer scrolled down to other pages of a document. This occurred when the New Signer Experience was accessed within an iFrame from a mobile device.
• PB-76690: Fixed an issue in which the feedback bar displayed incorrect information when the BackOffice settings for the relevant account: (1) enabled conditional fields; (2) configured the Signature Navigator to iterate through all the fields in a document (both required and optional).
• PB-76830: Fixed an issue in which the signature button’s background color was changed to white, but the button’s font color did not respond to this change. The font color remained white, so the button’s caption became invisible.
• PB-77359: Fixed an issue in which characters entered in very small Text Fields or Text Areas failed to appear in the New Signer Experience. Note: This problem has never occurred in the Classic Signing Ceremony.
• PB-78194: Fixed the following issue. Signatures associated with an auto-field (e.g., signing date) were applied within a document. The problem is that these signatures were rendered invalid by the subsequent application of a Capture Signature in the document.
• PB-77810: Fixed an issue in which the Signing Ceremony failed to reflect a label field’s specified font size.

Senders

Designer

• PB-77843: Fixed an issue in which the following error message appeared when a sender tried to delete documents from the Designer: Something went wrong and your request could not be completed. Please try again.
• PB-77069: Fixed an issue in which some uploaded PDF files could not be viewed in the Designer from a Chrome browser.

Other

• PB-76530: Fixed an issue in which the Success message was displayed for a Bulk Sending operation, but the system failed to process the sent transactions.
• PB-77639: Fixed the following issue, which occurred when an account’s Roles and Permissions feature was enabled. A sender's permissions were by-passed when they created a transaction. This occurred because the system validated the sender's access only by checking their user type, which was Manager.
• PB-73499: Fixed an issue in which the system seemed unable to apply a layout to a transaction.
• PB-72456: Fixed the following issue, which occurred when a transaction required the sender’s signature. The Info icon failed to appear next to the transaction in the Dashboard's Recent Transactions list.
• PB-74349: Fixed the following issue. When a Transaction Owner previewed a document that was part of a transaction in the state SENT, a Document View callback notification was wrongly triggered, and a Document View audit event was wrongly logged.
• PB-75294: Fixed an issue in which the Preview panel in the sender part of the New User Experience failed to display a logo that a sub-account had inherited from its parent account.
• PB-77194: Fixed some Japanese translations that confused senders who were trying to create or manage transactions.

Developers

• PB-76585: Fixed an issue in which the system failed to replace the variable $PACKAGE_OWNER_NAME with the name of the Transaction Owner in the Bulk Send Completed email (email.bulk.send.completed).

• PB-77900: Fixed an issue in which the API was used to create a template with the same name as an existing template.

• PB-64815: Fixed an issue in which customers were able to send our system an incorrect AccountUID via the API.

Account Owners & Admins

• PB-77560: Fixed the following issue. After an account was canceled, the system failed to delete the associated CMK (Customer Master Key).

• PB-77745: Fixed an issue in which SSO auto-provisioning would not work if the user attributes accountid and role were not specified.

Virtual Room

• PB-77875: Fixed an issue in which the system failed to create a Video Recording file for a Virtual Room meeting if the meeting being recorded timed out.

In-App Reporting

• PB-76524: Fixed an issue in which a user with the Reports permission could not access Transaction Reports or Account Reports about their account.

Changed Behavior

• PB-77005: It is no longer possible to save layouts that have masked fields.

• PB-77808: The new buttons Review, Sign and Join may now appear on the Transaction Details page for Virtual Room transactions. Clicking the Review button takes a reviewer to the transaction’s Signing Ceremony. Clicking the Sign button takes a signer to the transaction’s Signing Ceremony. Clicking the Join button takes the user to a Welcome page that provides an overview of the transaction.

Known Issues

• PB-78762: When a “Make required” or “Make optional” condition has been configured for a Signature Field in a document, and that condition changes after a different signer has confirmed the same document, there is an issue with that Signature Field in the resultant PDF.

• PB-79423: When a signer has enabled accessibility mode, and then views a document, some of the document’s fields (e.g., text boxes, checkboxes) may extend beyond the document’s right edge.

• PB-79517: When senders view the Field Settings panel, they cannot see all of a checkbox’s settings at once if their computer’s display has been scaled to more than 125%. Until this issue is fixed, the workaround is to zoom out.

• PB-82274: When a signer has multiple Capture Signature fields in a document of an e-Notary transaction, an error occurs in the following situation. If the signer draws their signature in one of those Capture Signature fields, and then uploads a signature image using the "Capture Signature from file" option, the system will fail to place the drawn signature in all the signer’s Capture Signature fields. This issue will be fixed in OneSpan Sign 11.46.

SaaS 2021-Oct: Release 11.44

What's New

Virtual Room

• Added video recording: Video recording is now possible for Virtual Room transactions. Note: (1) Video recording is available only for Virtual Room transactions, and must be turned on for an account. To turn the feature on, please contact a Sales representative. (2) The transaction host can turn the recording on and off during signing sessions. If a recording is paused and then resumed during a single session, a single video will be created at the end. If there are multiple signing sessions, multiple videos will be created for the transaction. (3) Processing of the videos is done after the transaction is completed, and may take up to an hour. The recordings will be available on the Transaction Details page in the sender part of the New User Experience. (4) Each video will consist of composed audio and video tracks of all participants. (5) Recordings will be deleted seven days after their creation, so senders must download and store the recordings before then.
• Added info in the Evidence Summary: If a transaction is a Virtual Room transaction, the Evidence Summary document now: (1) shows the Transaction Type; (2) stores Virtual Room actions.

Enterprise Administration

• Sub-account actions for API users: An API user with suitable account and user permissions can now: (1) retrieve a given user’s roles in one or more sub-accounts; (2) assign one or more roles in a sub-account to a given user. Both these API procedures require the following prerequisites: (1) sub-accounts must be enabled for the account via BackOffice; (2) the API user must have access to the API via their own API key; (3) the API user must have the User-Management permission on the sub-account.

User Authentication

• Support for a second authentication method: Formerly, if ID Verification was assigned to a recipient, another authentication method could not be assigned to that recipient at the same time. Starting with this release, ID Verification and KBA Authentication can both be assigned to a recipient. To access the relevant transaction, the recipient must pass both authentication methods.
• Display of remaining ID Verification attempts: Each non-final time that a recipient tries and fails to authenticate themselves via ID Verification in order to access a transaction, a screen now shows them the number of remaining permitted authentication attempts they have.

Signing Ceremony

• Added support for Arabic: Added support for the Arabic language in the New Signer Experience. This includes support for right-to-left word wrapping in Text Area fields. Arabic is not yet supported in the sender part of the New User Experience. Known issues: (1) watermarks in Arabic are not yet fully working; (2) new lines entered in Text Area fields appear as a "?" in the Evidence Summary document.
• Improved accessibility flow: Enhanced accessibility flow by ensuring that navigation to a subsequent document takes the signer directly to the document instead of to the top menu.
• Improved document accessibility: A Go to document shortcut is now available for all transactions (accessible and non-accessible). It redirects users to the transaction's main document.

Senders

• Added support for groups of checkboxes: Senders can now create a group of checkboxes. If the sender sets any checkbox in a group as required, then during signing the signer must select at least one member of the group. Note: (1) Conditional logic on a group of checkboxes is not supported. (2) SDK support is not yet available. It will be added in a future release. (3) Extraction is not yet available. It will be added in a future release. (4) This feature is not yet 100% ADA compliant. This will be added in a future release. (5) Periods (".") are not currently supported in Checkbox Group names. This issue will be resolved in a future release.
• Full display of long messages: The window on the Transaction Details page that contains the message sent to recipients now expands if the message exceeds that window's default size. This ensures that senders can see the entire message.

Bug Fixes

Signing Ceremony

In-Person Transactions

• PB-75437: Fixed an in-person transaction issue in which a subsequent signer's Capture Signature was not reset after the signer clicked Undo, and tried to sign again.
• PB-70667: Fixed an issue in which an in-person transaction host who was not the Transaction Owner could access the Transaction Edit page after the transaction was declined. Now for such hosts: (1) the Done button is hidden on the Transaction Declined page; (2) they must select Exit Signing to exit the Signing Ceremony, at which point they are redirected to the Dashboard.
• PB-76187: Fixed an issue in which the Transaction Owner couldn’t access the in-person Thank You page when auto-redirect was enabled for the Handover URL.
• PB-76795: Fixed an issue in which the SMS verification prompt failed to appear to a signer in an in-person transaction when the Second In-Person Affidavit was disabled.

Accessibility

• PB-70964: Fixed an accessibility issue in which Screen Readers failed to automatically read the Cookie Policy screen.
• PB-58816: Fixed an accessibility issue in which multiple tabs were required to reach the hidden Enable accessibility option. That option is now available right after the Cookie Policy screen.
• PB-65060: Fixed an accessibility issue in which, upon signing a Signature Block, the Screen Reader mistakenly read the word Unavailable.
• PB-75200: Fixed an accessibility issue in which there were two H1 headings on the Summary Complete page.
• PB-72644: Fixed an accessibility issue in which Screen Readers failed to vocalize the correct total number of uploads for a Virtual Room transaction when the host expanded the Uploads list.

Conditional Fields

• PB-76935: Fixed an issue in which transactions using Conditional Fields on radio buttons or checkboxes failed to show the correct transaction status in the Required Actions feedback bar.
• PB-76573: Fixed an issue in which radio buttons and checkboxes in a document with Conditional Fields failed to appear as selected until the document was refreshed.
• PB-76663: Fixed a performance issue that was triggered when documents with Conditional Fields were confirmed.

Other

• PB-76845: Fixed an issue in which selecting or clearing a checkbox didn't work properly in certain scenarios.
• PB-76834: Fixed an issue in which the document status was not properly updated in the Documents pane.
• PB-76455: Fixed an issue in which the Summary Complete page was displayed to a signer in a transaction that was assigned to a group, though it was not yet that signer's turn to sign.
• PB-75628: Fixed an issue in which the Reassign Recipient option (also known as Change Signer) was still present for Declined transactions.
• PB-76354: Fixed the following issue. If Enforce Capture Signature was enabled, a hand-drawn signature was not reset after undoing the signature.
• PB-76087: Fixed the following issue. A sender accessed a transaction for which they were not the Transaction Owner, and they declined to sign. The Transaction Declined screen appeared, on which the user clicked More Actions > Exit Signing Mode. The user should then have exited Signing Mode with no error messages, but an error message did appear. When the user closed the error message, they landed on an Access Denied page with no navigation options. The fix lets such users exit Signing Mode without an error message, and redirects them to the Dashboard.

Senders

Designer Page

• PB-75242: Fixed an issue in which senders couldn’t go to the Designer page after they created a transaction from a shared template that had been created by another sender.
• PB-76282: Fixed an issue in which senders could go to the Designer page when the relevant transaction had been created without a document via the API.
• PB-72709: Fixed a Designer page issue in which certain conditions led to a failure to save the Is Required flag's value for Form Fields.

Other

• PB-70909: Fixed the following issue. When users click the CANCELLED part of the Dashboard's pie chart, they should be redirected to view recent Declined transactions. Instead, they were redirected to view the status of trashed transactions.
• PB-74870: Fixed an issue in which the Cookie Policy screen prevented senders from creating a handwritten signature on the Signature page (among the My Account set of pages).
• PB-75387: Fixed an accessibility issue in which the aria-label attributes for radio buttons and checkboxes had unexpected values.
• PB-76375: Fixed an issue in which Japanese translations for Access Delegation were not intuitive.

Account Owners & Admins

Accessibility

• PB-75982: Fixed an accessibility issue in which the NVDA Screen Reader did not properly read a Close button.
• PB-75918: Fixed an accessibility issue in which the NVDA Reader did not completely read several links.
• PB-76095: Fixed the following accessibility issue. When a user navigated to the Reports link using the arrow keys, the NVDA Screen Reader should have read just the Reports link. Instead it read the Reports link and the Admin link.

Other

• PB-74985: Fixed an issue in which a 504 Gateway Time-out error occurred while trying to enable sub-accounts.

Developers

• PB-64787: Fixed an issue by ensuring that when the Roles and Permissions feature is enabled, only users with the Data management self-service permission can access our Data Retention feature via the API.

Changed Behavior

• PB-74060: To improve accessibility, we converted the Exit Signing Mode pop-up window for senders into a notification that appears in the top bar of the New Signer Experience.

Known Issues

• PB-77728: Periods (".") are not currently supported in Radio Group names or Checkbox Group names. This issue will be resolved in a future release.

• PB-77822: A signer is auto-redirected to the Handover URL if the auto-redirect option is enabled, and the New Signer Experience is accessed from the sender interface. This should not happen for regular transactions. This issue will be resolved in a future release.

• PB-78102: This issue arises when the API is used to add to a document: (1) a Checkbox Group; (2) other checkboxes for which validation rules have not been configured ("validation":null). If this happens, an error will appear when the recipients try to access the transaction in the New Signer Experience. This issue will be resolved in a future release.

• PB-78194: This issue arises when signatures associated with an auto-field (e.g., signing date) are applied within a document. The problem is that these signatures are rendered invalid by the subsequent application of a Capture Signature in the document.

• PB-78448: When a template is being created, the Share template toggle switch is not working properly. If clicked, the status is not saved visually. Nonetheless, the template is shared with other senders on the account. This issue will be resolved in a future release.
• PB-77810: The Signing Ceremony is failing to reflect a label field’s specified font size. Instead, the field's text appears with the field's default font size. This issue will be resolved in the next release.

• PB-78762: When a “Make required” or “Make optional” condition has been configured for a Signature Field in a document, and that condition changes after a different signer has confirmed the same document, there is an issue with that Signature Field in the resultant PDF.

SaaS 2021-Sep: Release 11.43.2

Bug Fixes

New User Experience

• PB-77545: Fixed an issue in which documents failed to load in the Designer and in the New Signer Experience if the user’s browser was Safari 12.x.

SaaS 2021-Sep: Release 11.43.1

Bug Fixes

Signing Ceremony

• PB-77019: Fixed an issue in which recipients couldn’t access a transaction from an email link.

• PB-76908: Fixed an issue in which the tops of Japanese characters were cut off in multi-line Text Area fields.

Senders

• PB-76961: Fixed an issue in which senders couldn’t access the full list of groups.

SaaS 2021-Aug: Release 11.43

What's New

ID Verification

• Introducing ID Verification: This release introduces the following new methods of authenticating a recipient's identity: (1) Document Verification Only validates the recipient's driver’s license, passport, or national identity card; (2) Document Verification with Facial Comparison examines one of those identity documents, and compares the recipient's photo on that document with the recipient's selfie. Collectively, these two methods are called ID Verification. To enable and configure ID Verification for your account, contact your Account Representative. Note: ID Verfication for OneSpan Sign is available only in the following environments: US1, US2 , CA and EU. It is not available in the US FedRAMP or AU environments.

New User Experience

• Guidance on Fonts: New documentation tells users how to avoid problems with the fonts in documents that are created or uploaded for use in transactions — see Supported Fonts.

Signing Ceremony

• Can sign via Uanataca without cookies: Signing via the Uanataca Trusted Service Provider no longer uses cookies to store session information. This complements similar Signing Ceremony functionality introduced in OneSpan Sign 11.42 and 11.38. Nonetheless, scenarios that have integration points with third-party entities such as Equifax or an IdP server may require the use of cookies — such requirements are beyond our control.
• Bottom bar on Uploads page: As of this release, the informative bottom bar on the Uploads page will always appear if there are optional and/or required attachments to be uploaded by the signer.
• Removed Sudan from OFAC list: Removed Sudan from the OFAC list, since OFAC no longer lists Sudan as an embargoed country.

Senders

• Renamed transaction types: When a sender creates or edits a transaction or template in the New User Experience, the drop-down menu of transaction or template types now lists the following renamed options: (1) eSigning (a normal signing transaction that isn't an in-person, notarization or Virtual Room transaction); (2) In-Person eSigning; (3) In-Person Electronic Notarization ceremony (formerly called Notarization); (4) Virtual Room.
• Virtual Room details on Transaction Details page: Virtual Room information now appears on the Transaction Details page of a Virtual Room transaction.
• Can mask fields in the Virtual Room: Selected fields in a Virtual Room transaction can now be masked. When a sender adds a field to a document, they can slide its Mask field toggle switch to ON. If that has been done, during the Signing Ceremony that field will be visible only to: (1) the signer to whom the field is assigned; (2) the host.
• Improved import of accessible documents: When a sender uses the New User Experience to import an accessible document, a radio-button group in the document will now be imported as an entire group (not as particular radio buttons).
• Can send one transaction for all languages: When a document needs to be signed by signers who speak different supported languages, the sender can now send a single transaction to all the signers. The sender no longer needs to create a separate transaction for each language. A signed document will properly display the signers' Inputs in all the languages they used (regardless of the language specified for the transaction).

Developers

• New Callback Notification for SDKs: SDKs can now be used to configure a Callback Notification called Document Viewed. This notification is triggered when a signer views a document.
• New Event Notification: Created a JavaScript Event Notification that is triggered when the signer in an in-person or e-Notary transaction clicks the Done button on their Thank You page. Note: The signer Id is appended to the event: ESL:MESSAGE:SUCCESS:SIGNER_DONE:<signer id>
• Improved Costa Rican signatures: Documents that are signed with a Costa Rican timestamp are now PAdES BL-T LTV enabled. This empowers them to pass the Banco Central de Costa Rica's validation tool (Central Directo portal).
• SDKs can retrieve sub-account API keys in one call: Release 11.42 enabled a user to retrieve the API keys from all their sub-accounts via a single REST API call. This functionality is now available through the Java and .NET SDKs.

In-App Reporting

• Added a loading spinner: A loading spinner now appears while users are waiting for the system to finish downloading reports.

Bug Fixes

Signing Ceremony

In-Person Transactions

• PB-75491: Fixed an issue in which the hand-off between signers in an in-person transaction failed because the recipient had been assigned an unsupported language code.
• PB-74075: Fixed an issue that arose when an external signer accessed an in-person transaction using their Signer Authentication Token. In this case, the Completion Summary page failed to appear when the signer finished signing.
• PB-74140: Fixed an issue that arose when an in-person transaction was accessed using the Signer Authentication Token of a signer who could not host the session. For this signer, the Exit Signing option should not be available under the More Actions menu, but it was.
• PB-74686: Fixed an issue that arose in in-person and e-Notary transactions. When a signer completes and exits signing, they should see the signer's Thank You page. However, the system failed to display it for these transactions.
• PB-75247: Fixed an issue in which the host's Thank You page in an in-person transaction was missing the Download Documents button.
• PB-74695: Fixed an issue in which an in-person transaction's Thank You page for the host failed to appear after all signers had completed signing . This happened when the transaction had been configured to be completed manually, and so was not yet complete.

Accessibility

• PB-75409: Fixed an issue in which pre-filled text in a PDF's multi-line Text Field did not display properly in accessibility mode.
• PB-72717: Fixed an accessibility issue in which certain Screen Reader instructions were not clear enough. Those instructions described how to use a mobile device to apply a Capture Signature.
• Fixed multiple accessibility issues, mostly related to Screen Readers' failing to correctly read labels and other elements.

User Authentication

• PB-75220: Fixed an issue that arose when a recipient typed a correct code for SMS Authentication or a correct answer for Q&A Authentication, and then pressed Enter. At that point, the system should have let the recipient into the associated transaction, but it didn't.
• PB-70833: Fixed an issue in which a loading spinner continued to appear on a recipient's authentication page after the page was fully loaded.

Language

• PB-75563: Fixed an issue in which variations in the language code for a supported language caused an error when users tried to access the New Signer Experience.
• PB-74062: Corrected some translations into Japanese.

Other

• PB-75957: Fixed an issue in which PDF documents that did not have embedded fonts would not render correctly in the Signing Ceremony. For more information, see Supported Fonts.
• PB-75199: Fixed an issue in which signers experienced a lag when they tried to update a document's fields.
• PB-75136: Fixed an issue in which a OneSpan Sign BackOffice setting failed to work. That setting should have prevented a signing progress bar from appearing during the Signing Ceremony, but it didn't.
• PB-75565: Fixed an issue in which a signer couldn't access a transaction from an email link after the sender rejected one of the signer's attachments for that transaction.
• PB-75132: Fixed an issue in which the Signature Navigator failed to appear for documents whose only signatures were optional.
• PB-75573: Fixed the following issue. Two radio buttons from the same group were on different pages in a document. The signer selected the second button, so the focus should have been on it. Instead, the focus moved to the first button, which was on another page.
• PB-73691: Fixed an issue in which lengthy text in the Electronic Consent Document's ACCEPT bar at the top of the New User Experience caused document pages to overlap.
• PB-73317: Fixed the following issue. When using the Mobile Signature type, a signer was prompted to recapture their handwritten signature when they applied subsequent signatures.
• PB-75240: Fixed the following issue. OneSpan Sign 11.42 enabled senders to upload a default image that will appear as their signature when they sign a Signature Field of type Capture Signature (with the From File attribute). The problem was that this signature image was not applied if the sender had accessed the transaction from a link.
• PB-76388: Fixed an issue in which an error sometimes appeared after a recipient accepted a Disclosures Document from a mobile phone.
• PB-76671: Fixed an issue in which an error sometimes appeared when a signer accepted (confirmed) a signature.

Senders

• PB-69781: Fixed the following issue. When a sender clicked the Apply Layout window's outer scroll bar, that bar disappeared.
• PB-75231: Fixed an issue in which the Opt Out button was still available to senders using the New User Experience.
• PB-74527: Fixed an issue that arose after the following actions: (1) a signer only partly completed a transaction, then exited signing; (2) the sender subsequently accessed that transaction, which was In Progress. The sender should not have been able to edit that signer's email address, but they could.
• PB-74478: Fixed the following issue for an in-person transaction that had a recipient who was a sender on a different account. When that recipient-sender accessed the Signing Ceremony from within the sender interface, the Exit Signing Mode option was not available to them.
• PB-75264: Fixed an issue in which the wrong error message appeared after the following actions. A sender: (1) created a transaction with a recipient and a document; (2) navigated to the Designer page; (3) opened the Transaction Settings page; (4) changed the transaction type from eSigning to Virtual Room; (5) clicked the Configure button.
• PB-75976: Fixed an issue in which PDFs without embedded fonts did not render correctly in the sender part of the New User Experience. For more information, see Supported Fonts.
• PB-76253: Fixed an issue in which transactions could not be created from a Bulk Send template. When senders tried to do so, they could not upload the required CSV file.

Account Owners & Admins

• PB-75078: Fixed the following issue. After the language was changed to Japanese on the Dashboard, some labels on the Data Retention page still appeared in English.
• PB-74538: Fixed an accessibility issue in which an NVDA Screen Reader did not correctly read the Permanently Delete button when an Account Owner was deleting a template.
• PB-75236: Fixed an issue in which the Capture Signature dialog box failed to display the customer's specified primary color.

Developers

• PB-75446: Fixed an issue in which an EMAIL_BOUNCE callback event failed to be sent to the SalesforceOAuth2 callback service.
• PB-74043: Fixed an issue in which the system failed to send the Transaction Owner an email with the Evidence Summary (email.evidencesummary) when a delegate user's expiry date was null.
• PB-69233: Fixed an issue in which an email sent via the template email.transaction.complete failed to redirect certain senders to the completed transaction. The affected senders were those who used SSO Authentication.

Performance Improvements

• PB-72391: Increased the speed with which documents are uploaded to transactions.
• PB-75750: Increased the speed with which a list of templates appears after it's requested. This is a temporary fix that has the following limitations: (1) the Documents column of the Templates table no longer displays any content — the workaround is to view the Documents list on the Template Details page; (2) when it's the sender's turn to sign, they can no longer go directly to the Signing Ceremony from the Dashboard or Inbox — the workaround is for the sender to click the Sign button on the Transaction Details page. A more complete fix for this issue will be provided in a later release.

Changed Behavior

• PB-74722: Updated OneSpan Sign's Consent and Disclosure document to reference the recording of Virtual Room sessions. Enabling the audio and/or video recording of such sessions is scheduled for the next release.
• Starting with Release 11.43, users will no longer be able to access the sender part of the New User Experience from Internet Explorer. If they try to do so, an error message will inform them that this browser is not supported.

Known Issues

• PB-76834: In the Signing Ceremony, the Documents pane does not properly display the document status until the page is refreshed. This issue will be resolved in OneSpan Sign 11.44.

SaaS 2021-Jul: Release 11.42.1

Bug Fixes

Signing Ceremony

• PB-75233: Fixed an issue in which a signer was prompted to recapture their signature, although the Enforce Capture Signature feature was not enabled.

New User Experience

• PB-75202: Fixed an issue in which some content within documents failed to display properly. This issue affected both senders and signers.

SaaS 2021-Jun: Release 11.42

What's New

Classic Signing Ceremony

• Classic Signing Ceremony deprecated: The Classic Signing Ceremony — i.e., the part of the Classic User Experience for Signers — is now deprecated. The part of the Classic User Experience for Senders and Admins was deprecated in OneSpan Sign 11.35. Thus as of this release: (1) no part of the Classic User Experience will be supported; (2) all accounts will be moved to the New User Experience.

Signing Ceremony

• Prompt to start signing next transaction: When the New Signer Experience is accessed from the sender interface, senders will now be prompted to start signing their next transaction. This spares them from having to return to their Inbox to access the next transaction.
• Sign via TSP without cookies: Signing with a Trust Service Provider will no longer use cookies to store session information (except the TSP integrations for Uanataca and Accesso). This complements similar Signing Ceremony functionality introduced in OneSpan Sign 11.38. Nonetheless, scenarios that have integration points with third-party entities such as Equifax or an IdP server may require the use of cookies — such requirements are beyond our control.
• Customized iteration for the Navigator: The Signature Navigator can now iterate through all the fields in a document (both required and optional), or only the required fields. Formerly, the Navigator iterated only through the required fields. To configure this setting for your account, contact our Support Team.

Senders

• Drop-down menu for transaction type: When a transaction or template is created or edited in the New User Experience, the sender now selects the desired transaction type from a drop-down menu. That menu's options are: (1) Remote signing; (2) In-Person Ceremony; (3) Virtual Signing Room; (4) Notarization. This menu will make it easier for senders to select the right transaction type.

• Multi-language support in a single transaction: This feature's main use case is a sender who wants to send a transaction to multiple signers who prefer different languages. The sender wants to avoid having to send a separate transaction for each language. This feature: (1) enables the sender to send a single transaction; (2) enables the signers to sign and complete other single-line fields in their own language; (3) ensures that signers' inputs in all languages are properly displayed in the signed documents, regardless of the language selected for the transaction itself.

• Can upload a default signature Image: A sender can now upload a default image that will appear as their signature when they sign a Signature Field of type Capture Signature (with the From File attribute). Having this default spares senders from having to upload an image each time they sign such fields. The default image file is configured in the Image as signature section of the Signature page among the My Account set of pages.

Account Owners & Admins

• Can assign a different color to optional signatures: Admins can now customize the color of the Signature Block used by optional signatures. This visual differentiation will enable signers to readily distinguish optional signatures from required ones.

• Can format the Feedback bar: The text in the New Signer Experience's Feedback bar can now be formatted using Markdown. To arrange this, contact our Support Team.

• Can format the Accept Consent bar: The text in the Electronic Consent Document's ACCEPT bar at the top of the New Signer Experience can now be formatted using Markdown. To arrange this, contact our Support Team. Caution: Headers, lists, and text longer than two lines should be avoided, since they will cause document pages to overlap.

• Can add Handover URLs to hosts' Thank You pages: Handover URLs can now be added to the Thank You pages presented to the hosts of in-person and e-Notary transactions. To enable this feature, contact our Support Team.

Developers

• New Event Notification: Completed review and signing: Created a new JavaScript event that comes with two notification triggers. The first trigger occurs when the event starts (ESL:MESSAGE:STARTED:SIGNER_COMPLETE_REVIEWED ). The second trigger occurs when the event completes successfully (ESL:MESSAGE:SUCCESS:SIGNER_COMPLETE_REVIEWED) – i.e., when a signer successfully completes reviewing and signing all the documents in a transaction. Note: A signer is considered to have completed the review of a document if the document was displayed to the signer.

• New Event Notification: Document viewed: Created a JavaScript Event Notification that is triggered when a signer views a document. Note: (1) a signer is considered to have viewed a document as soon as the document is displayed to the signer. (2) the document Id is appended to the event: ESL:MESSAGE:SUCCESS:DOCUMENT_VIEW:<document Id>

• New Callback Notification: Document viewed: Created a Callback Notification (DOCUMENT_VIEWED) that is triggered when a document is viewed. Note: This feature cannot yet be configured via SDKs, but it will be in the next release.

• Can retrieve all sub-account API keys in one call: A user can now use a single API call to retrieve the API keys from all their sub-accounts. They no longer have to access each sub-account separately.

Virtual Room

• Can customize the session expiry time: The Virtual Room now has its own session expiry time. The default session length is 60 minutes. This interval can be changed when the transaction is created. Note: By default, a meeting host is presented with a prompt 15 minutes before their session is due to expire. If needed, the host can then extend the session.

• Added calendar info to invitation emails: The email template that invites recipients to review or sign a transaction during a Virtual Room meeting is email.activate.virtual.room. This feature integrates that template with iCalendar applications via an *.ics file that contains the following meeting information: (1) Title = transaction name; (2) Summary and description = "Transaction name" hosted by "Host name"; (3) Start time and end time (end time = start time + session time); (4) Location = a link to the transaction; (5) Alert trigger = 30 minutes before the meeting. This information can now be integrated into participants' iCalendar applications.

• Attachments are masked from other signers: When a signer uploads attachments during a Virtual Room meeting, the preview and thumbnails of the uploaded documents can now be viewed only by the signer and the host. The attachments are masked from the other participants.

• Can resize the Control Panel: Meeting participants can now resize their teleconferencing Control Panel by sliding it left and right.

• Can highlight documents during meetings: Signers can now highlight areas of a document for viewing by all participants in a Virtual Room meeting. The highlights are visible only during the meeting, and are not stored on the document. Signers enable this functionality by clicking a Highlighter icon on their teleconferencing Control Panel .

• Network Quality indicator: If users are videoconferencing, an indicator on their Control Panel displays their network quality.

• Host notified when participants disconnect: The meeting host will now be notified when a participant disconnects from the meeting.

In-App Reporting

• Reports track Virtual Room transactions: Transaction Reports will now indicate if a transaction is a Virtual Room transaction.

Bug Fixes

Signing Ceremony

• PB-73093: Fixed an issue in which the Guest Login page failed to load if an unsupported language code had been specified for the recipient.
• PB-72621: Fixed an issue in which selecting text across two lines caused an overlapping shadow to appear across the selected text.
• PB-73316: Fixed an issue in which the signing logo failed to display if the Signing Ceremony was accessed from an iOS device using Chrome.
• PB-73300: Fixed an issue in which zooming in on a document page prevented the signer from using the page's Capture Signature dialog box.
• PB-73259: Fixed an issue in which SMS authentication was unavailable for an in-person transaction if the Signing Ceremony was accessed using a Signer Authentication Token.
• PB-73100: Fixed an issue in which the Accept button on Electronic Disclosures and Signatures Consent document appeared and then disappeared.
• PB-72507: Fixed an issue in which the Mobile Capture dialog box appeared in English when first accessed by signers for whom another language had been specified.
• PB-65994: Fixed an issue in which the Documents panel failed to display an accepted disclosures document in the system-configured color for 'Success' .
• PB-71894: Fixed an accessibility issue in which Screen Readers failed on first-time access to read the title of the following pages: Thank You/Summary, Overview, and Auto-Redirect.
• PB-59096: Fixed an issue in which using a mobile device to zoom in on a document, and then rotating the device caused the pages to display as thumbnails.
• PB-72510: Fixed an issue in which signers could not download documents from an iOS device using the Chrome application. Note: Having made the fix, individually downloaded files must be opened in an application that can view PDFs, since all downloaded file types are converted to PDF.
• PB-73000: Fixed an issue in which trying to upload a file as an attachment by clicking the Browse button: (1) failed to open the Upload File dialogs box; (2) instead scrolled to the top of the page.
• PB-69751: Fixed an issue in which Capture Signature buttons did not appear in the signer's selected language.
• PB-65879: Fixed an issue in which the text of the Thank You page displayed after applying a Mobile Capture signature was not vertically centered on the mobile device's screen.
• PB-73987: Fixed an issue in which an Unsupported Browser error message regarding Internet Explorer failed to display in the recipient's language if the recipient had been assigned an Authentication Method.
• PB-74290: Fixed an issue in which Japanese characters failed to appear in a PDF document uploaded to a transaction.
• PB-73960: Fixed an issue in which a handwritten signature sometimes failed to appear on its signed document.

Senders

• PB-73309: Fixed an issue in which the language names in the drop-down menus for the Transaction Language and Recipient Language failed to appear in the language of the logged-in sender. Instead, each language name appeared as it does in its own language.

• PB-73445: Fixed an issue in which a transaction's signing order specified via the API was reset in the New User Experience once the transaction was sent.

• PB-73843: Fixed an issue in which entering a long Message to all recipients: (1) triggered an error message; (2) overrode the transaction name; (3) prevented the transaction from being sent.

• PB-41748: Fixed the following issue. (1) the Sub Accounts feature was enabled for Sender B, but not for Sender A; (2) Sender A created a transaction, and added Sender B as a signer; (3) Sender B logged into the US2 Sandbox environment to view the transaction, but the transaction failed to appear in their Inbox.
• PB-74331: Fixed an issue in which the keyboard's shortcut keys did not work when the sender was viewing the New User Experience in a Firefox browser.

Developers

• PB-13766: Fixed an issue in which API calls made during a maintenance window returned the wrong status code. Specifically, those calls returned the code HTTP 200 (for a successful HTTP request) instead of HTTP 503 (for "service unavailable").

• PB-73711: Fixed an issue in which the event ESL:MESSAGE:SUCCESS:DOCUMENT_NAVIGATION was triggered as soon as the Documents panel was displayed, instead of after the document was loaded.

• PB-73647: Fixed the following issue. Although an authentication method had been disabled at the account level (using OneSpan Sign BackOffice), it was nonetheless possible to assign that method to recipients using the API.

Account Owners & Admins

• PB-72311: Fixed an issue in which moving transactions to the Trash reset their Data Retention policies.

• PB-74536: Fixed an issue in which the list of Identity Providers on the SAML Admin page was sporadically empty.

Virtual Room

• PB-72998: Fixed a Virtual Room issue in which the host's Delete button was not disabled when they viewed a document that had been uploaded by a signer.

• PB-71121: Fixed an issue in which changes to a Virtual Room transaction made on the Designer page failed to be reflected on the Transaction Edit page.

Evidence Summary

• PB-72298: Fixed an issue in which Japanese characters were displayed incorrectly in the Evidence Summary.
• PB-71575: Fixed an issue in which the Evidence Summary in Japanese could not be downloaded from the API.

In-App Reporting

• PB-73019: Removed empty columns from particular Transaction Reports.

Changed Behavior

• PB-73848: The host of a Virtual Room meeting will now be prompted that they are passing control to a signer.
• PB-72833: It is no longer possible to create a new transaction or template when acting as a delegate for a suspended account.

Known Issues

• PB-74075: An issue has arisen when an external signer accesses an in-person transaction via a Signer Authentication Token. When the signer finishes signing, the Completion Summary page should appear. Instead, the system presents an interim Thank You page whose Done button is not functional. This issue will be addressed in the next release.

• PB-75957: Some text inside transaction documents is not readable by New User Experience users. This is due to an incompatibility between OneSpan Sign 11.42 and certain browsers for certain fonts in certain documents. This issue will be fixed in an upcoming release. Meanwhile, you can avoid this issue by ensuring that your documents are in the PDF/A format (a PDF/A document embeds the fonts that it uses in the PDF file itself). Here is one way to create a PDF/A document from a Word document: (1) open the Word document; (2) click Save As, and select PDF; (3) click Options; (4) select the PDF/A compliant checkbox; (5) click OK; (6) enter a name for your PDF, and click Save.

SaaS 2021-May: Release 11.41

Deprecation of Classic Signing in 11.42: The Classic Signer Experience — i.e., the part of the Classic User Experience for Signers — will be deprecated in OneSpan Sign 11.42. The part of the Classic User Experience for Senders and Admins was deprecated in OneSpan Sign 11.35. Thus once OneSpan Sign 11.42 is released: (1) no part of the Classic User Experience will be supported; (2) all accounts will be moved to the New User Experience.

What's New

In-App Reporting

• Introducing In-App Reporting: This release introduces a new feature called In-App Reporting. It enables users with sufficient permission to access two kinds of system-created reports directly from the New User Experience or the API: (1) Transaction Reports provide data about transactions on your account (e.g., information about senders, signers, and key events); (2) Account Reports provide information about actions on your account (e.g., when specific users joined the account). To obtain permission to use this feature, please contact our Support Team.

Virtual Room

• Hosts without signatures can start meetings: A host can now start their Virtual Room meeting even if they do not need to sign any document in the associated transaction.
• An overview page for hosts: We enabled the host of a Virtual Room meeting to view a Welcome page that provides an overview of the transaction (including a list of all documents, an indication of who must sign each document, etc.).
• Only hosts determine the signing order: During a Virtual Room meeting, the signing order must be completely determined by the host. We therefore removed the ability of anyone else to specify the signing order for a Virtual Room transaction.
• Hosts can enable/disable participants' sound/video: A Virtual Room host can now enable and disable the sound and video of their meeting's participants.
• Wait for all participants to switch views when switching control: When control of the screen is passed to a Virtual Room participant, they will not be able to perform any action until the screens of all participants are loaded. This permits everyone to see what the other participants are doing.
• Better indication of who's controlling the screen: We enhanced the Virtual Room's indication of who currently controls the screen by moving the controlling participant's video/audio feed to the top of the Control Panel.
• Can upload attachments: Attachments can now be uploaded to a transaction during a Virtual Room meeting. If the transaction creator requested that participants upload attachments, the Uploads section of the screen lists the attachments assigned to each participant. Thus the host can navigate to that section, choose an attachment, and pass control of the screen to the associated participant. After that participant uploads all their attachments, control is automatically returned to the host. Note: In this release, all participants can see a preview and thumbnail of each uploaded attachment. Future releases will create functionality that can hide these items from other participants.

Signing Ceremony

• WebViews support event notifications: WebViews now support event notifications.
• Redesigned Completion Summary page: We've redesigned the Completion Summary page that a transaction's recipient sees when the transaction is complete (e.g., the page has new Documents and Uploads sections). To access this new functionality, please call our Support Team.

Senders

• Senders can disable the IE warning: Senders who accessed the New User Experience from Internet Explorer during the previous release always saw a popup which warned them that IE is no longer supported. Senders can now select a checkbox on that popup to ensure that they won't see that warning again.

Developers

• Can auto-redirect signers after signing: Enabled the automatic redirection of signers to a specified URL when they finish signing. This feature can be configured at the transaction level. Developers can choose to display none, some or all of the following parameters in the Handover URL: package ID, signer ID, status.

Account Owners & Admins

• Can configure Data Retention for Sent transactions: It is now possible to configure a Data Retention policy for Sent transactions. In addition, it is possible to tell the system to regard Sent transactions as Incomplete transactions, so they will be purged according to the retention policy for Incomplete transactions. To implement this functionality, we revised the logic of transaction expiry — it is no longer possible to specify an expiry value greater than the retention policy for Sent transactions.

Evidence Summary

• Better tracking of SMS phone numbers: The Evidence Summary now records the signer's phone number when an SMS authentication attempt succeeds or fails. Previously, the Evidence Summary recorded an SMS phone number only for SMS Sent events.

Bug Fixes

Signing Ceremony

• PB-69992: Fixed a misalignment between the top bar and the navigation bar that occurred after a recipient was reassigned (Change Signer).
• PB-72180: Fixed an issue in which the Signing Ceremony failed to recognize the software code names for some languages if they had been specified via the API.
• PB-71336: Fixed an issue in which the Evidence Summary failed to record a Login event if a signer accessed the Signing Ceremony without being authenticated (authentication method = None).
• PB-71326: Fixed an issue in which the Audit Trail recorded a failed SMS authentication event twice.
• PB-71394: Fixed two issues that arose in connection with SMS authentication for an in-person transaction. Issue 1: A signer tried to log in with an expired passcode, but the Audit Trail failed to describe the failed authentication event as "SMS PIN is expired". Issue 2: A signer entered the wrong passcode, but the Audit Trail failed to describe the failed SMS authentication event as "Incorrect Passcode".
• PB-70966: Fixed an issue in which a signer's hand-drawn signature was not stored correctly.
• PB-38515: Fixed an issue in which a shadow always appeared behind a document's selected text.
• PB-71619: Fixed an issue in which the input format was being validated for empty fields.
• PB-72570: Fixed an issue in which required fields that had been filled in created an error if the document ID contained a period.
• PB-72317: Fixed an issue in which the Signature Navigator sometimes didn't work properly in an iFrame.
• PB-64581: Fixed an issue in which the Signature Navigator sometimes disappeared after the signer clicked Click to Sign.
• PB-71101: Fixed an issue in which fields were not updated correctly after their state was changed by an imposed condition.
• PB-71733: Fixed an issue in which handwritten signatures on an unconfirmed document failed to clear after the signer was reassigned (Change Signer).
• PB-38459: Fixed an issue in which a handwritten signature failed to clear after it was undone.

Classic Signing Ceremony

• PB-70162: Fixed an issue in which an error occurred when signers were switched during a notarized in-person transaction that was accessed within an iFrame.
• PB-71325: Fixed an issue in which the Audit Trail mistakenly recorded an SMS authentication attempt as successful. In fact, it was an SMS authentication attempt that failed due to an expired passcode.

Senders

• PB-70943: Fixed the following accessibility issue for New User Experience senders. Page titles were not unique, so they could not be used to distinguish different pages.
• PB-70297: Fixed an issue in which a New User Experience sender could not delete a transaction they had created from a template.
• PB-71305: Fixed the following issue. When a New User Experience sender populated an input field for a transaction with a value from their browser history, it caused the transaction to be renamed.
• PB-72316: Fixed an issue in which a New User Experience sender: (1) selected a language other than English in the Dashboard; (2) created a new transaction; (3) selected an expiration date for the transaction. After this, the New User Experience calendar displayed dates incorrectly.
• PB-70049: Fixed an issue in which a New User Experience sender could not select a Signing Method on a sub-account.
• PB-72331: Fixed an issue for an integrated customer in which an error occurred when a sender used the Designer page to prepare a transaction that had been created via the API.
• PB-69359: Fixed an issue in which the New User Experience failed to add a document to a transaction.

Developers

• PB-60751: Fixed the following issue that involved the .NET SDK. When a transaction was created from a template that specified a signing order, and the transaction's placeholder recipients were replaced with actual signers, the system changed the signing order.
• PB-69993: Fixed an issue in which the API returned the wrong signing status for signers.

Account Owners & Admins

• PB-71723: Fixed an issue in which the Data Retention settings could not be changed on sub-accounts.
• PB-64129: Addressed an issue in which Account Owners could not download the Evidence Summary for their senders from the Account Summary Report page. As of this release: (1) this inability will be regarded as proper if the Roles and Permissions feature is ON for the account; (2) such downloads will be possible if the Roles and Permissions feature is OFF for the account.
• PB-73222: Fixed a New User Experience issue in which an error occurred after an Admin selected the Spanish language, and then tried to view Role details.

Error Messages

• PB-71579: Fixed an issue in which the system failed to display an error message after required fields were left empty during KBA Authentication.
• PB-72483: Added a verification that displays an informative error message if a document name is too long.

Changed Behavior

• ** VERY IMPORTANT ** PB-72348: This release changed the name of a particular value of the status parameter in the Handover URL used by the New Signer Experience. Specifically, the name COMPLETED has changed to SIGNER_COMPLETE. All New Signer Experience customers who have integrations with the COMPLETED status will need to update their integrations in time for this release. To avoid problems, existing code that references the COMPLETED status can be replaced with an OR statement that references both statuses. For example:

  Existing Code: status.equals(“completed”)

  New Code: status.equals(“completed”) OR status.equals(“signer_complete”)

• PB-71327: The Evidence Summary now adds the word Successful to its record of each successful authentication event. Previously, only the authentication method was identified. Example: A successful SMS authentication event will no longer be recorded as SMS authentication, but rather as Successful SMS authentication.
• PB-71429: The invitation email to attend a Virtual Room meeting is now sent to the host who is also the sender of the transaction.

Performance Improvements

• PB-63985, PB-65601: By retrieving only the necessary data, we: (1) decreased the response time when New User Experience senders search for transactions; (2) increased the speed with which pages that list templates are displayed to New User Experience senders.

Known Issues

• PB-72180: As noted in the Bug Fixes section above, this issue's erroneous behavior has been fixed in the Signing Ceremony. However, this issue still exists on the Signer Authentication page.
• PB-63682: The best experience of our Virtual Room feature cannot be had on a mobile device. During a Virtual Room meeting, documents appear small on mobile devices, especially on mobile phones.

SaaS 2021-Apr: Release 11.40

Deprecation of Classic Signing in 11.42: The Classic Signer Experience — i.e., the part of the Classic User Experience for Signers — will be deprecated in OneSpan Sign 11.42. The part of the Classic User Experience for Senders and Admins was deprecated in OneSpan Sign 11.35. Thus once OneSpan Sign 11.42 is released: (1) no part of the Classic User Experience will be supported; (2) all accounts will be moved to the New User Experience.

What's New

Signing Ceremony

• Added support for WebViews: WebViews are now supported as part of the New Signer Experience.
• Can make Transaction Owners log in to sign: Transaction Owners can now be forced to log in to the Sender interface before they're permitted to access the Signing Ceremony. This enables Account Admins to ensure that the Transaction Owners' identity is authenticated. To enable this feature, please contact our Support Team.
• Can access rejected attachments directly from email: When a sender rejects a signer's uploaded attachment, the email notification sent to the signer contains a link that now connects directly to the rejected attachment. Formerly, that link connected to the Signing Ceremony in general.

Virtual Room

• Introducing the Virtual Room: This release introduces a new feature called the Virtual Room. This feature enables a host and signers to join a shared online session in which electronic agreements are signed remotely. The Virtual Room does so by leveraging the power of teleconferencing for co-browsing and video/audio. Because this is the feature's initial release, please bear in mind that it is still a work-in-progress. Not all planned functionality is available in this first release. We will keep working to add more functionality in future releases. We will soon share more information about how you can access this feature. Note: The Virtual Room is not currently available in the U.S. FedRAMP environment.

Developers

• Can pass metadata to eOriginal: OneSpan Sign can now pass metadata to eOriginal.

• Document types are validated for eOriginal: Before we start the Signing Ceremony for a mortgage transaction or a loan transaction, we now validate the transaction’s document types to ensure that they will be accepted by eOriginal.

• Can specify eOriginal environment for mortgage docs: When our Digital Mortgage Solution stores documents from a mortgage transaction in an eOriginal vault, a field called endpoint can now specify the eOriginal environment in which the documents will be deposited.

• Can specify eOriginal environment for loan docs: When our Digital Lending Solution stores loans or other related documents in an eOriginal vault, a field called endpoint can now specify the eOriginal environment in which the documents will be deposited.

Bug Fixes

Signing Ceremony

General

• PB-70055: Fixed an issue in which the Whats new! link on OneSpan Sign’s login page failed to redirect to the Release Notes.
• PB-70484: Fixed an issue in which configuring Conditional Fields threw an error.
• PB-69251: Fixed an issue in which the Field Navigator skipped required Form Fields for the second signer in an in-person transaction.
• PB-66366: Fixed an issue in which a Field Validation error message did not correctly display the field's name.
• PB-69994: Fixed an issue in which document confirmation failed when External Signer Verification was used.
• PB-70460: Fixed an issue in which the Role field on the Designer's Add Recipient dialog box needlessly: (1) appeared in red; (2) had an accompanying warning message.
• PB-69690: Fixed an issue in which signers on mobile devices were returned to the top of a document after their handwritten signature was captured. The signers should have been left where they were.
• PB-63820: Fixed an issue in which a suitable message was not provided to the signer when a document could not be confirmed because of a rare communication problem.

Authentication

• PB-70009: Fixed an issue in which the configured logo was visible on the Authentication page when that page was displayed in an iFrame. The logo should not have been visible on that page.
• PB-65196: Fixed an issue in which an incorrect warning message was displayed after a user entered invalid KBA information.

Document Visibility

• PB-69260: Fixed a issue in which a document's first and second pages overlapped if a very long message appeared in the feedback bar.
• PB-65508: Fixed an issue in which a document's left side was hidden when a user zoomed into the document (at more than 100%).
• PB-69395: Fixed an issue in which a document's left side was hidden when a user minimized the size of the browser, and performed a maximum zoom (200%) into the document.
• PB-70296: Fixed an issue in which clicking the Download All button on the Documents panel reduced the size of the displayed document.

Language

• PB-66257: Fixed an issue in which the title of the Documents panel failed to change when the signer selected another language.
• PB-70580: Fixed an issue in which a warning banner did not respond to a change of the Designer's language when that change was made by adding a parameter to the associated URL.
• PB-66271: Fixed an issue in which an error was created by specifying the signer's language code as en-US. Now when the Signing Ceremony encounters the code of an unsupported language, it substitutes the English language code en.

Evidence Summary

• PB-66373: Fixed an issue in which the Evidence Summary failed to record the display, acceptance and decline of affidavits within an in-person transaction (yet the hand-off between signers was recorded).
• PB-70140: Fixed an issue in which the Evidence Summary recorded the viewing of documents by the host of an in-person transaction. Only an "Access in person signing" event should have been recorded.

Senders

• PB-64269: Fixed an issue in which Bulk Send transactions were created under the wrong sub-account — i.e., they were created under a different sub-account from the one that initiated the Bulk Send operation.

• PB-66152: Fixed an issue in which clearing the Expiry date during transaction creation did not work as expected.

• PB-64889: Fixed the following issue. A user: (1) employed the Search box in the Add Delegates dialog box, producing a list of delegates that matched the user’s search criteria; (2) added delegates who met those search criteria; (3) performed a second search from the same Search box. The results of that second search should have listed those added delegates, but it didn’t.
• PB-69861: Fixed an issue in which "pending senders" were sent an email to reset their password. Pending senders do not have a current password — they have been invited to register for a OneSpan Sign account, but they have not done so.

Developers

• PB-69839: Fixed a bug in the /api/packages call, which is used to retrieve a list of transactions. Before the fix, this REST API call could not handle date/time parameters that included the <Z> Time Zone designator.
• PB-70937: Fixed an issue in which the Sender interface of the New User Experience displayed the wrong order of signers when the transaction had been created via the REST API, and the Transaction Owner had been hidden (sendervisible=false).
• PB-70522: Corrected some Japanese translations for email templates.
• PB-71092: Fixed an issue in which senders and signers in the US FedRAMP Sandbox environment failed to receive email notifications from the templates email.complete and email.transaction.complete when that environment received a PACKAGE_COMPLETED event.

Admins

• PB-65466: Fixed an issue in which an Archival Module process to purge transactions failed. This happened because the maximum value of an integer in the code was exceeded.
• PB-70010: Fixed a OneSpan Sign BackOffice issue in which searching for a transaction by Sender and/or Signer didn't work.
• PB-70629: Fixed a OneSpan Sign BackOffice issue in which the Search Features option failed to yield the right results.
• PB-70522: Corrected some Japanese translations for OneSpan Sign BackOffice resources.
• PB-65093: Fixed the following issue. If an Account Owner was changed (using OneSpan Sign BackOffice), any Manager on the account was able to lock out the new Account Owner.

Security

• PB-71104: We learned that our Java SDK had a dependency on software that represented a potential security threat. We quickly removed this vulnerability by upgrading that software to a version that has no security issues.

Technology Update

• PB-70692: Made KnowledgeBasedAuthenticationStatus public in our .NET SDK.

Customer Notice

• Release 11.41 will change the name of a particular value of the status parameter in the Handover URL used by the New Signer Experience. Specifically, the name COMPLETED will change to SIGNER_COMPLETE. All New Signer Experience customers who have integrations with this status will need to update their integrations in time for Release 11.41. To avoid problems, existing code that references the COMPLETED status can be replaced with an OR statement that references both statuses. For example:

  Existing Code: status.equals(“completed”)

  New Code: status.equals(“completed”) OR status.equals(“signer_complete”)

Known Issues

• If a Sender creates a Virtual Room transaction but does not enable the video recording of the associated Virtual Room meeting, the transaction will not work. This issue will be resolved in the next release.

• A Sender who creates a Virtual Room transaction can request that a recipient add attachments to the transaction. However, attachments cannot yet be uploaded in a Virtual Room meeting. If the Sender requests a required attachment for a recipient, it will block the transaction from being completed. This issue will be resolved in an upcoming release.

SaaS 2021-Feb: Release 11.39

Deprecation of Classic Signing in 11.42: The Classic Signer Experience — i.e., the part of the Classic User Experience for Signers — will be deprecated in OneSpan Sign 11.42. The part of the Classic User Experience for Senders and Admins was deprecated in OneSpan Sign 11.35. Thus once OneSpan Sign 11.42 is released: (1) no part of the Classic User Experience will be supported; (2) all accounts will be moved to the New User Experience.

What's New

Signing Ceremony

General

• Internet Explorer deprecated: The Signing Ceremony no longer supports Internet Explorer. Signers who access the Signing Ceremony from IE will be redirected to an error page.
• More features enabled by default: For new accounts, the following features are now enabled by default: (1) Conditional Fields; (2) Optional Signature; (3) Send To Mobile; (4) Mobile Capture; (5) Delegation.
• SMS authentication for in-person transactions: We now support SMS authentication for signers within in-person transactions. Note: This feature must be enabled for your account by our Support Team.
• Signing Ceremony displayed as a full page: When the Signing Ceremony is accessed from the part of the New User Experience for senders, it now opens as a full page (it formerly opened inside an iFrame). Senders can return to the sender interface (specifically, to the Transaction Edit page) by selecting the Exit signing-mode option in the More Actions menu.
• Can use an image as a signature: Signers can now apply their signature by uploading an image (e.g., the seal of a U.S. state). To enable an image to be uploaded as a signature, the Capture Signature type must be selected, and the From file toggle switch must be turned on. When a signer wants to upload an image as a signature, they must bring up the Capture Signature dialog box on the Signer page, and click Upload image on the bottom. A popup window then prompts the signer to select an image file. The image's size will be adjusted to fit the Signature box, but its aspect ratio will be preserved. For now, the only allowed files are JPEG files under 1 MB in size. Other file types are planned for feature releases. Note: This feature must be enabled for your account by our Support Team.
• Can sign via PCC: OneSpan Sign’s Personal Certificate Client (PCC) enables users to sign with a digital certificate that resides on a Smart Card or hardware token. This feature is now available in the New Signer Experience. The only limitation is that if users try to use PCC on an in-person transaction, they will be redirected to the Classic Signing Ceremony.
• Signers can return to the Overview page: Signers can now return to the Overview page at any point during signing, and view their progress there. To return to the Overview page, they simply click a Home button.
• Signers can continue where they left off: When signers return to the Signing Ceremony, they are now taken to the next document they need to sign or review. Previously, they were always taken to the transaction's first document.

Senders

• Internet Explorer deprecated: The sender part of the New User Experience no longer supports Internet Explorer. Senders who access that part from IE will see a popup that: (1) warns them that IE is not supported; (2) recommends using another browser.
• Redesigned the Fast Track page: We redesigned the Fast Track page to make it match the look and feel of the New Signer Experience.
• Can enforce Capture Signature at the signature level: Signers can now be required to capture their handwritten signature on a per-signature basis.

Developers

• SDKs can configure the Overview page's visibility: We enabled the visibility of the Overview page to be configured via SDKs.
• SDKs & API can configure signer.ui.options: We enabled SDKs and the API to configure layout settings for the Signing Ceremony.

Admins

• Variables allowed in guest authentication instructions: Admins can now add <senderName> and <transactionName> variables to the text that appears on the login pages for SMS and Q&A authentication.

• Moved the In Person Signing permission: On the list of possible permissions that Admins use to manage a Role in their account, the In Person Signing permission has been moved from the Sender Admin section to the Transaction section. This will ensure that: (1) if the Transaction permission is not selected, the In Person Signing permission will be disabled; (2) if the Transaction permission is selected, the In Person Signing permission will be enabled.

Mobile

• Improved pinch and zoom on mobile devices: We improved the pinch and zoom features on mobile devices.

Accessibility

• Keyboard shortcuts on the Designer Page: We added keyboard shortcuts to enable people with disabilities to go directly to the beginning of different panes on the Designer page.

Signing Ceremony & Classic Signing Ceremony

• Improved the Electronic Consent document: We updated the wording of the default Electronic Consent document to make it compatible with the User Interfaces of both the New Signer Experience and the Classic Signing Ceremony.

A New Signing Method

• Can sign via itsme: A new partnership between OneSpan Sign and itsme enables OneSpan Sign users to sign with Qualified Electronic Signatures (QES). QES is the highest guarantee of assurance, according to the EU‘s eIDAS standards.

Bug Fixes

Signing Ceremony

• PB-65324: Fixed an issue in which the system displayed the Overview page to an in-person signer. This occurred when the transaction was accessed using the /access integration URL.
• PB-64912: Fixed an issue in which subsequent signers in an in-person transaction could not enable accessibility mode.
• PB-64506: Fixed the following issue. In accessibility mode, the text area on the Opt Out page failed to have a label.
• PB-65224: Fixed an issue in which optional signatures were not taken into account when the document status was updated on the Overview page.
• PB-64142: Fixed an issue in which the displayed signing logo was too small.
• PB-65237: Fixed an issue in which signing logos larger than the maximum allowed size were not being scaled down.
• PB-63567: Fixed an issue in which the signing logo appeared too much to the right when the Signing Ceremony was accessed on an iPad.

• PB-64239, PB-36276: Fixed an issue in which customized Field Validation messages created in the SDKs or the API failed to appear in the User Interface.

• PB-63433: Fixed an issue in which a Signature Box had been signed, and then reverted to undo the signature. When the user subsequently clicked the box to sign it again, the signature should have been applied after a single click. Instead, the user needed to click the box twice to reapply the signature.
• PB-70138: Fixed an issue in which reviewers — recipients who do not sign — could check a box to accept the Electronic Disclosures and Signatures Consent document.
• PB-64972: Fixed an issue in which the system failed to translate the content of the Declined transaction error message.
• PB-66041: Fixed issues that arose with translations into Japanese.

Senders

• PB-65975: Fixed an issue that occurred when a new sender selected their language as Chinese or Korean, and then entered a password with special characters as part of the procedure to register their account.

• PB-65415: Fixed an issue in which signers were assigned a parallel signing order, but their order was updated when the transaction was sent for signing.

• PB-63776: Fixed an issue in which the system incorrectly adjusted the signing order for signers after certain signers were removed or added.

• PB-66334: Fixed an issue in which recipients with an email address in the .charity domain could not be added to a transaction.

• PB-70313: Fixed an invalid Japanese translation of the Admin menu item in the Sender interface.

Developers

• PB-65913: Fixed an issue that prevented the .NET SDK from being used to see when a transaction's attachments had been attached. This issue arose because the insertDate property was not being returned when information about attachments was requested.

• PB-69203: Fixed an Unhandled Exception error that was caused by a missing User Agent header in the .NET SDK.

• PB-63611: Fixed an issue with Japanese email templates that made some characters appear incorrectly.

• PB-65996: Fixed an issue caused by the fact that the email.expire template used the variable $PACKAGE_OWNER_NAME for the name of the email’s recipient. This is not a valid variable in that template, so no recipient name appeared in the resultant email. This was fixed by replacing $PACKAGE_OWNER_NAME in the template with the valid variable $RECIPIENT_NAME.

Account Owners & Admins

• PB-65149: Fixed an issue in which some customers with the Enterprise Plan could not change the following Data Retention settings: (1) Total Transaction Lifetime; (2) Incomplete Transactions.

SMS Authentication

• PB-65751: Fixed an issue that arose when a user tried to authenticate themselves via SMS after their SMS passcode had expired. The error message that should have appeared is: The SMS passcode you have entered has expired. Instead, the following message appeared: Something went wrong. Please try again or contact support.

• PB-65625: Fixed an SMS authentication issue in which the system sometimes failed to lock out a user after they had entered an incorrect passcode more than the maximum number of times.

Delegation

• PB-65735: Fixed an issue in which delegates whose delegation period had expired were still able to access the account of the user who had delegated them. This occurred if the delegation was made before OneSpan Sign 11.38 was released.

• PB-65682: Fixed an issue in which delegates failed to receive notifications about uploaded attachments, despite the toggle switch Send copy of all emails to delegates having been enabled.

Evidence Summary

• PB-42849: Fixed an issue with Japanese characters in the Evidence Summary document.
• PB-66119: Fixed an issue in which the Evidence Summary sometimes failed to register a signer's phone number.
• PB-70881: Fixed an issue in which the sender's viewing documents in the Designer wrongly caused events to be added to the Evidence Summary.

Security

• PB-63900: We learned that our Java SDK had a dependency on software that represented a potential security threat. We quickly removed this vulnerability by upgrading that software to a version that has no security issues.

Changed Behavior

• PB-62867: Zooming in and zooming out are no longer available within the Signing Ceremony on the Upload Document page.

SaaS 2020-Dec: Release 11.38

What's New

Signing Ceremony

• Can sign without cookies: Starting with this release, in most signing scenarios the New Signer Experience will no longer use cookies to store session information. Nonetheless: (1) signing with a Trust Service Provider still requires the use of cookies; (2) scenarios that have integration points with third-party entities such as Equifax or an IdP server may require the use of cookies — such requirements are beyond our control.
• Maintain document pane's expand/collapse status: Release 11.36 enabled the New Signer Experience to automatically display to each signer the list of documents they need to review. This feature has been improved to maintain the document list's expanded or collapsed status when a user navigates across documents.
• Overview page for signers: Introduced a new Overview page that appears when a signer accesses a transaction. This page: (1) provides a summary of the signer's required tasks in the transaction; (2) indicates the signer's progress in performing those tasks. By contacting our Support Team: (1) this page can be turned on or off (default = off); (2) the page's content can be customized (showing or hiding various fields and default text).
• Form Field validation part of document confirmation: Added Form Field validation to the document-confirmation process. This will ensure that all Form Fields have been completed correctly before a document is signed.
• Enhanced workflow for attachments: We enhanced the workflow for transactions that ask the signer to upload one or more attachments. After confirming all signed documents, the signer is asked to go to the Uploads page (done by clicking a Go to uploads button). On that page, the user can upload documents to the transaction. If the upload of a document is Required, the transaction cannot be finished without uploading the document. By contrast, the user can skip any document whose upload is Optional. If all remaining uploads are optional, the user can skip them all, and go directly to the Thank You page.
• Documents and Downloads panes merged: To simplify the user's experience, the Documents and Downloads panes have been combined into a single pane.

New User Experience

• Enhanced Access Delegation: We enhanced the Access Delegation page, partly by changing the dialog box used to add or edit delegates. When a new delegate is being added, it is now possible to specify both the Start and End of the delegation period. If no end is specified, the delegate will be able to manage transactions indefinitely.

Senders

• Bulk Send accepts users with same email: The Bulk Send feature now supports sending transactions to multiple signers who share the same email address, but have different names.

Account Owners & Admins

• New defaults for Data Retention: We introduced default values for the following Data Retention settings: (1) for Completed Transactions, newly created accounts have a default of 120 days (no change for existing customers); (2) for Incomplete Transactions, the default is 120 days for all customers. Note: In this context, "incomplete transactions" do not include transactions whose status is Sent (their storage life is determined by configuring a Sent Transactions Expiry Time on a separate page).
• Can preview customizations: While an Admin is customizing the New Signer Experience, they can now preview how their changes will look. After they click Preview on the customization page , the New Signer Experience page will appear with all their changes applied (colors, logo etc.).

• Redesigned Account Summary Report: We redesigned the Account Summary Report page to improve its usability (e.g., users can now expand or collapse transaction details; the page responds more quickly to user actions).

Bug Fixes

Signing Ceremony

• PB-63374: Fixed an issue in which a signature captured in one document failed to be applied to the transaction's subsequent documents.

• PB-63716: Fixed the following issue. Two recipients of a transaction had different names but the same email address. When one recipient declined to sign, the system wrongly recorded that the other signer had declined.

• PB-64021, PB-64022: Fixed an issue in which improperly formatted documents caused severe slowdowns. Note: The implemented fix means that text from certain pages cannot be copied. That text would have been illegible anyway because of the original document's bad formatting.

• PB-63961: Fixed an issue in which an error message failed to appear after a signer using Internet Explorer entered an incorrect SMS code.

• PB-63917: Fixed an issue in which the customized text in an SMS authentication message failed to display properly.

• PB-62586: Fixed an issue in which radio buttons configured with conditional logic failed to work as expected.
• PB-60062: Fixed a performance issue that occurred when 200 or more fields were added to a document page.

Classic Signing Ceremony

• PB-64146: Fixed an issue in which the system failed to load a particular accessible PDF into the Mobile Signing Ceremony.

Signing Ceremony

• PB-62989: Fixed the following issue. When a signer who was also the transaction owner and a group member tried to confirm their signature, the message "Something went wrong" appeared.

• PB-62344: Fixed an issue in which signers could not access a transaction if they shared the same email address, but had been assigned different authentication methods.

Senders

• PB-64059: Fixed an issue in which Senders could not see the Back arrow after they sent a transaction, or after they navigated to a transaction whose status was In Progress. In thus became harder for them to return to the previous page.

• PB-62267: Fixed the following issue. When a recipient marks a transaction email as spam, the system should send a Spam Complaint notification to the transaction's Sender. This notification was not received.

Account Owners

• PB-63902: Fixed an issue in which an Account Owner had not specified an expiry date for a transaction/template, yet the system automatically put one in the Expiry date field.

Performance Improvements

• PB-61059: We improved the performance of the New Signer Experience when it processes a document that has over 200 fields. We significantly reduced the times required to load such a document, to update its Form Fields, and to navigate between its Form Fields.
• PB-62431: We improved the performance of our conditional logic feature in the following ways: (1) we increased the speed with which conditions that affect multiple fields are reflected in the User Interface; (2) if multiple fields are affected by a condition, we now group them together in the Evidence Summary so only one call is made.

Known Issues

• When two signers participate in an in-person accessible transaction via the New User Experience, the first signer can enable screen-reader accessibility, but the second signer cannot. This issue will be resolved in an upcoming release. Until the issue is resolved, an effective workaround is to reload the Signing Ceremony.

• If a Sender other than the Transaction Owner is designated as a transaction's notary, when they access the Signing Ceremony they will be presented with the Electronic Consent Document. The system should not present this document to them. If they click Accept, they will get an error (yet they can safely move to the next document without clicking Accept). This issue will be resolved in an upcoming release.

• Some customers with the Enterprise Plan may not be able to change the following Data Retention settings: (1) Total Transaction Lifetime; (2) Incomplete Transactions. This issue will be resolved in the next release.

• In the Designating a Delegate procedure, the Start Date and End Date fields may not work properly. For example, the delegate may be able to access transactions before the delegation period starts. This issue will be resolved in the next release.

Dropping IE browser support starting 11.39: Starting with OneSpan Sign 11.39, the New User Experience — including the Signing Ceremony — will no longer support version 11 of Internet Explorer. This has the following consequences. (1) if Signers access the New Signer Experience from IE, they will not be able to view any documents — they will be presented with an error message to use supported browsers instead. (2) Senders and Admins will nonetheless be able to access their part of the New User Experience from IE, but a prompt will: (a) inform them that IE is no longer supported; (b) recommend using supported browsers for the best experience. (3) the New User Experience — including the Signing Ceremony — will no longer support Microsoft Edge in IE mode. Note: The Classic Signing Ceremony — i.e., the part of the Classic User Experience for Signers — will continue to support Internet Explorer until it is deprecated in June 2021.

SaaS 2020-Nov: Release 11.37

What's New

Signing Ceremony

• Zoom level is displayed: The zoom level of a viewed document is now displayed to signers.
• Removed secondary color: The secondary color was dropped from the palette of branding options, since it didn't add much value. We replaced the secondary color with a shade of the primary color.
• Improved performance: Formerly, when New User Experience was accessed from Internet Explorer, an input field's tooltip was dynamically positioned above or below the field. Now the tooltip is always displayed below the field. This change to a static position improved the performance on Internet Explorer.
• Redesigned authentication pages: We redesigned the authentication pages in the New Signer Experience. These pages support: (1) the Q&A, SMS and KBA authentication methods; (2) multi-method authentication for an individual user. All strings in the New Signer Experience can be customized by contacting our Support Team. If you were already using customized strings on the authentication pages in the New Signer Experience, please contact our Support Team to ensure that those customizations are reflected on the redesigned authentication pages. Note: We did not change the authentication pages for Senders.
• Change Signer accepts same email for a different recipient: Using the Change Signer feature, an external recipient can now change to a recipient who shares their email address, but has a different name.
• Fast Track accepts users with same email: The Fast Track feature now supports adding to a transaction external recipients who share the same email address, but have different names.

Senders

• Improved expiry dates: When the transaction-expiry feature is configured in a template for a number of days, the system no longer calculates an expiry date. Instead, the expiry date for a transaction created from such a template is calculated from: (1) the transaction's creation date; (2) the number of days before expiry that are specified in the template. To reflect this change, we removed the expiry date from the List page for such templates.
• Configure in-person Welcome page: Enabled Senders to show or hide elements of the Welcome page for an in-person transaction.
• Configure in-person Thank You page: Enabled Senders to show or hide elements of the Thank You page for an in-person transaction.
• Configure e-Notary Welcome page: Enabled Senders to show or hide elements of the Welcome page for an e-Notary transaction.
• Configure e-Notary Thank You page: Enabled Senders to show or hide elements of the Thank You page for an e-Notary transaction.
• Removed product name from the application version: Formerly, the New User Experience displayed the application version as "OneSpan Sign <version #>". We changed this to "Version <version #>" in order to white-label the application, and thus avoid confusing Senders.

Developers

• Multi-doc support for Digital Mortgages: If a mortgage transaction has one SMART Document and one or more PDFs: (1) an eOriginal vault can now store all those documents for the transaction; (2) eOriginal's Audit Trail now lists all events related to the transaction and its multiple documents.
• Multi-doc support for Digital Lending: If a transaction has multiple loan documents: (1) an eOriginal vault can now store all those documents for the transaction; (2) eOriginal's Audit Trail now lists all events related to the transaction and its multiple documents.
• Create reports about your account: The following new API calls create various reports about your account: (1) reports/sender-transaction-summary returns a list of Senders, with a summary count of their transactions by status (can be filtered by date range); (2) reports/transaction-summary returns a list of transactions, with summary information per status (can be filtered by date range and senderId); (3) reports/transaction-detail returns the details of a specific transaction (must pass the transactionId as a parameter).
• Specify the Designer page's language: When the Designer is integrated into an iFrame, the Designer page's language can now be specified by adding a parameter at the end of the associated URL.

Account Owners & Admins

• Enhanced Self-service Data Management: We improved the page that manages data retention. The four main settings on this page are now as follows. (1) Total Transaction Lifetime: This setting is new in this release. It specifies how long after its creation any transaction will be stored (e.g., if this lifetime is 30 days, a transaction created on January 1 will be deleted on January 31). (2) Archived: Specifies how long archived transactions will be stored. No other retention setting affects archived transactions. (3) Incomplete Transactions: Specifies how long incomplete transactions will be stored (their state is Draft, Declined or Expired). Note that the storage life of transactions in the state Sent is managed on a separate page called Sent Transactions Expiry Time. (4) Completed Transactions: Specifies how long completed transactions will be stored. The Data Retention page also has a section of Advanced Settings for Incomplete Transactions. This permits the specification of smaller retention values for incomplete transactions in particular states (Draft, Declined or Expired). If inconsistent deletion dates are specified, the date that occurs first takes effect. For example, suppose the Total Transaction Llifetime is 100 days, while Draft is 20 days. If a transaction is in the Draft state for 20 days, it will be deleted even though the Total Transaction Lifetime is 100 days. IMPORTANT: Customers with the Enterprise Plan can change all data-retention settings. Customers with the Professional Plan can change all the settings except Total Transaction Lifetime and Incomplete Transactions.

• New permission: Transaction visibility for delegates: We added a new permission that enables a delegate to see all the transactions on the account they have been delegated to manage. Without this permission, a delegate can see only the transactions that are in draft, are in progress, or were completed during the period of their delegation.
• Determine if notifications are sent to a delegate: When a delegate is added to an account, Admins can now determine if they will be sent copies of all future email notifications that concern that account.

Security

• Private Encryption KMS supports sub-accounts: The Private Encryption Key Management Service (KMS) introduced in OneSpan Sign 11.36 now supports accounts with sub-accounts.

Bug Fixes

Signing Ceremony

General

• PB-61124: Fixed an issue in which the Decline button failed to be disabled when the decline reason exceeded the maximum length (4000 characters).
• PB-61168: Fixed the following issue. If a signer tries to sign without selecting a required radio button, the border around that button is highlighted in red. Once the signer selects that button, the red border is supposed to disappear. The problem here was that the red border failed to disappear after the signer selected the required button.
• PB-60305: Fixed an issue in which input-field text on the Reassign Recipient panel was not vertically centered when the user's browser was Internet Explorer.
• PB-61513: Fixed an issue in which a signer who accessed the Signing Ceremony when it was not their turn to sign incorrectly saw documents as "accepted" (instead of seeing the message: It is not your turn to sign).
• PB-61515: Fixed an issue in which Signers A and B had correctly been assigned the same priority in the signing order. The problem was that Signer B could not even review their documents until Signer A had finished signing their documents.
• PB-61527: Fixed an issue in which signers couldn't download documents that had either the same signing priority, or a non-sequential signing order.
• PB-50742: Fixed an issue in which some countries or areas failed to be translated in the Country - Area list on the Reassign Recipient authentication panel.
• PB-50743: Fixed an issue in which for some languages, some countries or areas in the Country - Area list on the Reassign Recipient authentication panel were not sorted in the correct order.
• PB-62495: Fixed some issues with the Japanese translation of text in the New Signer Experience.
• PB-61359: Fixed the following issue with the Capture Signature feature on mobile devices. Formerly, when a signature was captured on a mobile device, the signer was wrongly returned to the transaction's first document. Now the signer's position in the current document is maintained.

Accessibility

• PB-61072: Fixed an issue in which NVDA screen readers failed to vocalize a warning message about blank e-Notary Journal entries.
• PB-60445: Fixed the following issue. When a user focused on a required field that had been assigned a value, screen readers failed to vocalize that the field is required.
• PB-60451: Fixed an issue in which screen readers on Safari failed to vocalize the errors that appeared below input fields on the Reassign Recipient panel.
• PB-35476: Fixed an accessibility issue in which the Placeholder attribute in the Decline transaction panel sometimes led to confusion. We replaced it with a label over the Other Reason text area.

Senders

• PB-62496: Fixed some issues with the Japanese translation of text for Senders in the New User Experience.
• PB-61724: Fixed an issue with the Client Apps feature that requests a short-lived API Token to authenticate a Sender. The system failed to find the Sender if their submitted email address contained any upper-case letters.
• PB-43722: Fixed an issue in which a template's specification of a notary failed to be inherited by transactions that were created from that template.
• PB-61911: Fixed an issue in which the specified order for signers failed to work properly if the signers shared the same email address.
• PB-61542: Fixed an issue in which the new British Columbia area code 672 was not recognized as valid when a recipient entered it as part of their phone number for SMS authentication.
• PB-61681: Fixed an issue in which the controls Review before completion and Enable screen reader accessiblity were wrongly aligned on the Transaction details page.

Developers

• PB-41878: Fixed a memory leak that caused the New User Experience to crash when it processed HTTP GET requests with the URL /uiux/dashboard.
• PB-59066: Fixed the following issue. After a hand-drawn signature had been captured on a document, the JSON response on a GET call reported an invalid string for the value of the captured signature.

Account Owners & Admins

• PB-61811: Fixed an issue in which a OneSpan Sign BackOffice Admin could not reactivate a canceled account.
• PB-62443: Fixed an issue in which an Admin could not delete a Sender from an account, even after all the Sender's transactions, templates, and layouts had been permanently deleted.
• PB-60817: Fixed an issue with the Japanese translation of text in the default email.complete template.
• PB-41930: Fixed an issue in which roles could not be deleted.
• PB-43425: Fixed an issue in which predefined roles could not be enabled or disabled.

Performance Improvement

• Faster conditional logic: To improve the performance of our conditional logic feature, we refactored its code. It now takes 50% - 70% less time to configure conditional logic among a document's fields, depending on the number of affected fields and conditions.

Known Issues

• When a signer tries to accept a signature, the system validates the fields associated with that signature (e.g., additional fields that the signer must sign). If any issues are found, an alert displays a list of errors. Previously, when the signer fixed an issue, the alert was updated to remove the associated error. In the 11.37 release, the system is not updating the error alert. This issue will be resolved in an upcoming release.

• When two signers participate in an in-person accessible transaction via the New User Experience, the first signer can enable screen-reader accessibility, but the second signer cannot. This issue will be resolved in an upcoming release. Until the issue is resolved, an effective workaround is to reload the Signing Ceremony.

SaaS 2020-Sep: Release 11.36

What's New

Signing Ceremony

• Improved authentication panel for Reassign Recipient: To prevent unnecessary information from appearing when a signer is being changed, if only one authentication method is available, the radio buttons will now be hidden on the authentication panel for Reassign Recipient (also known as Change Signer).
• More Actions menu hidden when no options available: To prevent unnecessary information from being presented to signers, the More Actions menu will now be hidden if no options are available within the menu.
• Enabled a Help option: Enabled the display of a Help option. Customers can customize the content and formatting of the text that appears when a signer clicks Help (e.g., the text could provide your contact information, so signers can reach out to you if they require assistance). To enable this option and customize its associated text, contact our Support Team.
• Display document list to signers: Senders can now configure an option that automatically displays to each signer the list of documents they need to review. When this option is enabled, the signers' left menu is expanded by default. To configure this option, contact our Support Team.

• External Signer Verification: Added support for External Signer Verification. Formerly, this feature was available only in the Classic Signing Ceremony.

• Session expiry warning : The following warning can now be configured to appear to signers when their session is about to expire: Your session will expire in x minutes, press 'extend' to extend the session. To configure this option, contact our Support Team.

Senders

• Multiple signers can have same email address: The same email address can now be used by different recipients — i.e., recipients whose first names and/or last names differ. When a single email address is shared by multiple recipients, the system: (1) sends a separate email for each recipient; (2) gives the recipients separate signatures. This feature can be configured via the REST API or the Sender part of the New User Experience. Note: (1) this feature is available only for external recipients — i.e., recipients who do not have a OneSpan Sign account; (2) this feature is not yet supported for Fast Track, Change Signer, or SSO login — that support will be added in future releases.

When using this feature, we strongly recommend that Senders enforce an Authentication Method other than Email Address to uniquely identify each signer. Using such a method will ensure the probative value of the contract.

• Specify max # of files per attachment: The maximum number of files per attachment can now be specified for a given transaction or template. This can be done via the REST API or the Sender part of the New User Experience.
• Senders redirected to Signing Ceremony on login: After clicking a signing link in an email, and then logging in to OneSpan Sign, Senders are now auto-redirected to the Signing Ceremony for the relevant transaction. This saves them from having to search for the transaction they want to sign.
• Update recipient Role names from the UI: Senders can now view or update the Role names of recipients within the New User Experience, and they can use these names to perform ad hocText Tag Extractions and Document Extractions.

Developers

• Email templates support local languages: Added support for "local" languages to all signer-facing email templates, which are: email.remind.signer, email.expire.warning, email.reassign.newSigner, email.notify.mobile, email.attachment.rejected, email.unlock.signer, email.complete.
• Removed "user-agent" from callbacks: As anticipated in the Customer Notice of 11.35's Release Notes, the "user-agent" header has been removed from callbacks.

Account Owners & Admins

• Customize the signature stamp for delegates: Enabled the stamp of signatures applied by delegates to reflect their role as delegates. For example, the customized stamp could say: E-SIGNED by <delegate> on behalf of <delegator> on <date>. To customize the signature stamp for delegates on your account, contact our Support Team.
• Enable/disable recipient history: Account Admins can now configure either of the following: (1) enable Senders on their account to see the account's recipient history; (2) disable Senders on their account from seeing the account's recipient history. To configure this setting, contact our Support Team.

Security

• More secure encryption of data "at rest": We have leveraged Amazon's Key Management Service (KMS) to encrypt all OneSpan Sign customer data that is stored on our servers. That service resides outside the application, and ensures a seamless one-year rotation of all cryptographic keys.
• Attachments scanned for malware: Attachments added by signers are now immediately scanned for malware. If malware is detected, the system will not upload the infected document or attachment.

Bug Fixes

Signing Ceremony

• PB-59174: Fixed an issue in which the user's inputs to a field were not saved if the user had : (1) failed to tab out of a previous field; (2) then scrolled through document pages.
• PB-43412: Fixed an issue in which the position of the Recipient history drop-down menu shifted whenever a character was entered in the Recipient Email field.
• PB-56602: Fixed an issue in which the Customize page crashed if a BackOffice Admin had specified an invalid language key in the signing.logo resource.
• PB-59173: Fixed an issue in which the Signing page could not be accessed from the Admin menu.

• PB-60292: Fixed an issue in which the Signature Sticky option failed to be hidden on the Signing Customization page.

• PB-41710: Fixed an issue in which the Decline option was available for a recipient who was merely a Reviewer.

• PB-60122: Fixed an issue in which the Date Picker field failed to appear with the exact dimensions it had been given in the Designer by the Sender.

• PB-59845: Fixed an issue in which the List field failed to appear with the exact dimensions it had been given in the Designer by the Sender.

Senders

• PB-59184: Fixed the following issue. Formerly, when a transaction was created from a template, the transaction inherited the template's expiry date. If that date was in the past, the transaction could not be created. Now the transaction's expiry date is its creation date plus the number of days specified in its source template. This more sensible expiry date never blocks the creation of a transaction from a template.
• PB-50611: Fixed an issue in which an SMS authentication message was sent in the wrong language after a Reassign Recipient operation.
• PB-42068: Fixed the following issue. When a Sender tried to download a file that a Signer attached and subsequently deleted, the application crashed. Now in that situation: (1) the error message "File was deleted by Signer" appears; (2) the file is no longer available for download.
• PB-59973: Fixed an issue in which an incorrect error message appeared after the Sender tried to add an unsupported document type to a transaction.

Developers

• PB-60185: Fixed an issue in which the Done button failed to be hidden when a template was loaded into an iFrame.
• PB-59849: Fixed an issue in which the Java SDK threw an error when it tried to process users' email addresses that contained an apostrophe.
• PB-43382: Fixed an issue in which a new transaction could not be created when Single Sign-On Authentication was added for a recipient via the REST API or SDKs.

Account Owners & Admins

• PB-59715: Fixed an issue in which the User Interface failed to refresh after a Role was deleted.
• PB-43425: Fixed an issue in which the system failed to enable/disable predefined Roles.
• PB-38944: Fixed an issue in which selected Role checkboxes failed to refresh properly after the system successfully enabled or disabled those Roles.

Accessibility

• PB-58815: Fixed the following issue that occurred with the JAWS screen reader on Chrome. The Country drop-down menu failed to expand within the Reassign Recipient authentication panel.
• PB-37069: Fixed an issue in which the screen reader failed to read a field's tool tip when accessibility mode had been enabled in the New Signer Experience.
• PB-59767: Fixed the following issue with the toggle button on the Reassign Recipient authentication panel. The focus on that button failed to comply with accessibility guidelines.

Enhancement

• Starting with this release, all new PAdES B-B signatures applied in our European environment will be LTV-enabled.

Known Issues

• The signing process does not work properly if multiple recipients share the same email address, and they have the same priority in the signing order (i.e., they share the same index in the signing order). This issue will be fixed in the next release.

SaaS 2020-Jul: Release 11.35

What's New

Classic User Experience

• Deprecated the Sender interface: The part of the Classic User Experience for Senders and Administrators has been deprecated. If a Sender or Admin tries to use it, they will be redirected to the corresponding part of the New User Experience. Note: The Classic Signing Ceremony — i.e., the part of the Classic User Experience for Signers — is still supported.

Signing Ceremony

• Added notarized signing: Added support for the e-Notary feature. This feature must be enabled for both the Sender and their account.

• Added delegate signing: Added support for delegate signing. This feature is not yet accessible.
• Can change signer: Added support for the feature called Reassign Recipient, also known as Change Signer.

• Enhanced optional signatures: Enabled reassignment to a new signer when only the optional signatures of an original signer remain to be signed.

• Added reminder about attachments: After a user confirms the last document in a transaction, but has not uploaded any attachments, a dialog box now asks if they want to upload any attachments. If they click Yes, they are redirected to the Uploads pane. If they click No, the document will be confirmed, and they will exit signing.

• Added a calendar button: Added a helpful calendar button within the Date input field. This button is not yet accessible.

• Localized Consent document name: Enabled the name of the default Electronic Consent Document to appear in the recipient's language.

• More unified branding colors: Made the New Signer Experience's default branding colors match OneSpan's branding colors more closely.

• Improved document zooming: Enhanced the clarity of the text that appears when users zoom into a document.

New User Experience

• Convenient downloading: Enabled users to employ the More Actions menu to download signed documents. To download attachments and the Evidence Summary, see the Transaction Details page.

• Can download specific attachments: Enabled Senders to download specific attachments that signers have uploaded. If Senders wish, they can still download all of a transaction's attachments at once.

Senders

• Can manually resend invitation email: Enabled Admins, Senders, and Integrators to resend an invitation email to a user in the state Pending. That user can accept the invitation, and create a OneSpan Sign account. When that account is registered, the user is moved out of the state Pending.

• Notification email to delegates: When a Sender adds a delegate to their account, the delegate is now notified about this change by email. This feature required a new email template called email.delegation.activate.

• Enforce Authentication for SSO: The Enforce Authentication feature will now be applied to recipients if Single Sign-On Authentication is configured for the Sender's account.

• Improved Send Reminder feature: Enhanced the command "Send reminder to recipients" so reminders are sent only to recipients who can access the Signing Ceremony (e.g., where a Signer Order has been imposed, perhaps a Reviewer and Signer 1 can currently access the ceremony, but Signer 2 cannot).

• Enhanced Transaction Complete emails: Enabled a Personal Message to be included in Transaction Complete emails (both email.complete and email.transaction.complete).

Developers

• Digital Mortgage Solution: We have created a Digital Mortgage Solution that can store an e-Note from a mortgage transaction in a digital vault. For a given transaction, OneSpan Sign vaults a single e-Note in SMART Document format. Certain REST API settings associated with a OneSpan Sign transaction can specify which document should be vaulted, and in which organization and vault it should be stored. After being vaulted, the original SMART document is deleted from OneSpan Sign's database.
• Digital Lending Solution: We have created a Digital Lending Solution that can store a loan or other related document (e.g., a contract, chattel paper) in a digital vault. Certain REST API settings associated with a OneSpan Sign transaction can specify which document should be vaulted, and in which organization and vault it should be stored. After a document's authoritative copy is vaulted, it is replaced in OneSpan Sign's database by either a watermarked Non-Authoritative Copy (default) or a blank document.
• Improved Bulk Signing: Improved the Bulk Sign feature by enabling it to skip already-signed signatures.
• Configure Decline reasons: Enabled localized Decline reasons to be configured for the New Signer Experience via SDKs.
• Configure Handover URL: Enabled a localized Handover URL to be configured for the New Signer Experience via SDKs.
• Enhanced Out Of The Office emails: Added Server Response code to the email.ooto template. The template can be edited at the account level to remove or add that code.

Account Owners & Admins

Enterprise Administration

• Roles & Permissions for integrators: Added the APIs for Roles and Permissions to the Java SDK and .NET SDK, and made these APIs publicly available via our interactive Open API Specification.
• Sub-accounts for integrators: Added the APIs for sub-accounts to the Java SDK and .NET SDK, and made these APIs publicly available via our interactive Open API Specification. Note: Sub-accounts are not supported for OneSpan Sign connectors.
• SSO support for sub-accounts: If a user has multiple sub-accounts, when they first log in via Single Sign-On Authentication (SSO), they are brought to one of those sub-accounts. They can then switch to any of their other sub-accounts via a provided menu. When that user next logs in via SSO, they will be brought to the last sub-account viewed in their previous SSO login.

Other

• Disable delivering documents via email: Enabled Admins to disable the option of delivering signed documents to signers as attachments in an email.
• Limit # of files per attachment: The maximum number of files that can be uploaded per attachment can now be specified. This currently requires contacting our Support Team, but the next release will enable it via the New User Experience and REST API.

• Specify a default signature type: Enabled the specification of a default signature type. This can be specified for a given account by contacting our Support Team.

Accessibility

• Warning about IE: The following warning now appears to users who access the New User Experience using Internet Explorer: OneSpan does not support using Internet Explorer with screen readers. On desktops and laptops, we strongly recommend using Chrome with JAWS or NVDA or Firefox with NVDA.

• Reading order preserved after signing: After an accessible PDF with interactive fields has been signed, the fields remain accessible, and can be navigated through in the original order.

Connectors

• Enhanced the Box connector: Enhanced OneSpan Sign for Box by enabling it to work with: (1) the Sender part of the New User Experience; (2) the platforms US FedRAMP Sandbox and US FedRAMP Production.

Security

• Added SHA256 for SSO: Enabled Single Sign-On Authentication via SAML to be encrypted using a SHA256 certificate.

Bug Fixes

Signing Ceremony

• PB-38594: Fixed a layout issue that occurred when users accessed an in-person accessible transaction on an iPad.
• PB-37988: Fixed an issue in which a second "\n" in markdown formatting failed to create a new line.
• PB-38346: Fixed an issue in which the loading icon failed to appear when users loaded a transaction or switched between documents.
• PB-42380: Fixed an issue in which the Enable Accessibility option was missing from the More Actions menu after a signer completed signing.
• PB-39552: Fixed an issue in which the New Signer Experience failed to display properly at very high resolutions.
• PB-42539: Fixed an issue in which a blank page appeared when conditional logic either set a List field as Required, or removed that setting.
• PB-41088: Fixed an issue in which a transaction owner was presented with signatures for Groups to which the owner did not belong.
• PB-40756: Provided missing translations for the Signing Customization page.
• PB-38314: Fixed an issue in which the owner of an in-person transaction appeared in its Recipient list, though the owner had not been added as a recipient.

Classic Signing Ceremony

• PB-39587: Fixed an issue in which errors appeared in the Console when users accessed the Classic Signing Ceremony.

Signers

• PB-40717: Fixed an issue in which the system failed to throw an error when a user tried to POST or PUT declineReasons with an empty body.

• PB-40949: Fixed an issue in which, after being clicked on, Signature Boxes failed to disable further clicks until the system finished processing the associated action (e.g., Click to Sign).

• PB-42045: Fixed a Mobile Signing Ceremony issue in which an inappropriate error message appeared after a user entered an incorrect passcode for SMS authentication.
• PB-39215: Fixed an issue with the layout of the in-person Welcome screen when users resized their Internet Explorer window.
• PB-41911: Prevented a very long name in the drop-down Document Name menu from overlapping with the menu's expand/collapse arrow.
• PB-37934: Fixed an issue in which an inappropriate error message appeared when two attachments with the same name were added to a transaction for a Group recipient.
• PB-40545: Fixed an issue with Mobile Capture signatures in which an inappropriate dot appeared on the Capture Signature screen after a user: (1) clicked Cancel on the Capture Signature screen; (2) then clicked No in the resulting dialog box.
• PB-40758: Provided missing translations of the error message that appears when users try to upload invalid documents.

Senders

• PB-41692: Fixed an issue in which recipients with an email address in the .inc domain could not be added to a transaction.
• PB-41162: Fixed an issue in which customized signing logos on the New User Experience's Sender interface were not sorted in the correct order.
• PB-41465: Fixed the following issue. On Chrome browsers, the dialog box for uploading files opened twice, when the Bulk Send button on the Template Edit page had been activated only once.
• PB-41207: Fixed the following issue. When a recipient opened the Transaction Details page of a notarized transaction, an empty Action bar erroneously appeared in the upper-right corner of the page.
• PB-40676: Fixed an issue in which Firefox and Chrome browsers failed to recognize CSV files that had been created for Bulk Send operations.
• PB-37152: Fixed an issue in which toggle buttons that had been manually enabled for a Group were subsequently disabled by the system.

• PB-40606: Fixed an issue in which a Personal Message added to an email reminder via a POST call failed to be included in the sent reminder.

• PB-40986: Fixed a Data Retention issue in which transactions were visible to Senders after the transactions' purging date had passed.
• PB-42028: Corrected the spelling of British Columbia in a drop-down menu on the Personal Information page.

Developers

• PB-41273: Provided missing Greek translations for the $RECIPIENT_ROLE$ parameter in email templates.

• PB-40956: Fixed an issue in which date-input validation failed to function properly when an invalid date was specified via the API.

• PB-40750: Removed a cookies warning that needlessly appeared when the Designer page was integrated in an iFrame on Chrome 80.

Account Owners & Admins

• PB-41171: Fixed an issue in which an Admin whose My Account page should have displayed only the Reports option, also displayed the Admin option.

Accessibility

• PB-37736: Fixed an issue in which an error wrongly appeared when a layout was being saved on a non-accessible transaction or template, while in the packageSettings resource the default setting for accessible transactions was true.

• PB-40542: Fixed an issue in which screen readers read incorrect text for the language of a customized signing logo.
• PB-41762: Fixed an accessibility issue with the More Actions menu after the user closed a side panel.
• PB-40480: Fixed an issue in which error messages were not automatically vocalized by screen readers within the New Signer Experience.
• PB-40759: Provided missing translations for strings read by screen readers on the Welcome screen within in-person transactions.

Known Issues

• On the Signing Customization page (Admin > Signing), the option to customize a Signature Sticky appears. This should not be displayed.

Changed Behavior

• PB-43311: Removed Opt Out from the Data Retention dialog box. Updating data-retention settings for the Declined option will now update the settings for: (1) transactions in the Declined state; (2) transactions in the Opt Out state.

Expected Behavior

• If a sender right-clicks a folder within their Box account to send multiple documents for signing via OneSpan Sign for Box, all documents to be sent must be at the top level within that folder. They cannot be in sub-directories of that folder.

Customer Notices

• Starting with Release 11.36, the user-agent header will be removed from callbacks. Currently, the user-agent header is present with an empty value. Any existing integration that uses the empty user-agent header must be modified accordingly.

SaaS 2020-Jun: Release 11.34

What's New

Signing Ceremony

Signers

• Previews appear of files being uploaded: When a signer is uploading a PDF file or image file (JPG, GIF. etc.) as an attachment, a preview of the file appears. This feature is available on all devices, including mobile ones.

• Uploaded Files list shows thumbnails: After a PDF file or image file (JPG, GIF. etc.) is uploaded as an attachment, a thumbnail of it appears on the list of uploaded files. This feature is available on all devices, including mobile ones.

• Can do In-person signing: Added support for in-person signing.

• Can do group signing: Added support for group signing.

• Can use stylus pens: Enabled signers to use stylus pens on touchscreen devices to complete all actions in the Signing Ceremony (including Capture Signature).

• Improved the Navigator: The Signature Navigator in the New Signer Experience now iterates through all required signatures and fields in a top-bottom manner.

• Required fields are highlighted: A visual indicator now highlights to signers a document's required fields.

• Erroneous fields are highlighted: When signature validation fails, the system now visually highlights to signers the fields that have errors.

• Account-level whitelist for attachments: Enabled account owners to define a whitelist of file types that may be uploaded as transaction attachments by signers on the account. This list cannot include file types on the global blacklist (see the next bullet).

• Global blacklist for attachments: To prevent signers from uploading malicious code, the following file types cannot be uploaded as attachments to a transaction: EXE, DLL, MSI, DMG, SO. This blacklist supersedes all account-level whitelists.

Account Owners & Admins

• Can customize the logo: Enabled Account Admins to customize from the New User Experience's sender interface the logo that appears in the New Signer Experience. Admins need no longer contact our Support Team to customize that logo.

• Can upload the logo as an SVG file: Enabled account owners to upload their customized logo for the New User Experience as an SVG file. Such files provide crisper images than some other formats.

• Can format text on the Decline panel: Enabled Account Admins to use Markdown to format text on the Decline panel that will be viewed by the account's signers.

• Can specify a language for Decline reasons: Enabled the Decline reasons that appear to signers to be displayed in a specified language for a given account (this feature is not available at the transaction level). To configure this feature, Admins should contact our Support Team.

• Can specify a Handover URL per language: Enabled Admins to specify different Handover URLs for different languages (this feature is available at the account level, not at the transaction level). To configure this feature, Admins should contact our Support Team.

Developers

• Can specify a language for Decline reasons: Enabled our REST API to specify the language of the Decline reasons that appear to signers for a given account (this feature is not available at the transaction level).

• Can specify a Handover URL per language: Enabled our REST API to specify different Handover URLs for different languages (this feature is available at the account level, not at the transaction level).

Signers & Senders

• Updated footer links: Updated several links in the application's footer to make them point to pages on our new Community Portal website.

Senders

• New default SMS service: Twilio Verify V2.0 is now the default SMS service in all environments. Note: SMS messages cannot be customized with Twilio Verify 2.0, but customers can arrange for their brand name to be included in SMS messages by contacting our Support Team.

For SMS codes, note the following:

• SMS codes can only be used once.
• By default, SMS codes expire 5 minutes after being sent. However, SMS codes can be configured to expire after different times, ranging from 1 to 10 minutes. The maximum expiry time is 10 minutes. To change the expiry time for your SMS codes, please contact our Support Team.

• The default number of times that a user may attempt to enter an SMS code is three. However, this can be configured to allow up to five attempts. If a user does not successfully enter the SMS code within the defined maximum number of attempts they will be blocked from any further attempts until the current SMS code expires.

• A valid SMS code will have between four and ten numbers.

• The SMS message received by signers will be set to “Your SMS verification code is: <passcode>”. The SMS portion of the message can be customized per account by contacting our Support Team. The replacement string must be between 1 and 30 characters.

• Better feedback for Bulk Send: When a sender successfully configures a Bulk Send operation, a message now appears in the middle of the screen, informing them that their transactions have been queued, and will be sent to recipients at a certain time. Formerly, the feedback lacked most of this information, and was only a small message in the bottom-left corner that disappeared after a few seconds.

• Guest Login page is customizable: The text that appears on the Guest Login page can now be customized at the account level. This applies to both the Classic Signing Ceremony and the New Signer Experience.

• More supported email addresses: Expanded the application's list of valid email-address domains to include the "llc" domain. For a link to all supported email domains see List of Domains.

Account Admins & Owners

• Self-service data management: Enabled certain users to specify how long transactions in any of the following states will be retained on OneSpan Sign's servers: Draft, Opted out, Declined, Expired, Completed, Archived. By default, the retention period for all existing customers is unlimited. When transactions are about to be purged, the New User Experience will indicate that fact at least 7 days before the purge. All data-retention settings for an account can be changed by its Owner (if the Roles and Permissions feature is off), or by its Admin and Manager (if the Roles and Permissions feature is on). In addition, a particular Data Management permission can be assigned to an account user. Data-retention rules can be specified either via the New User Experience's Admin pages or via the REST API. Transactions in the state Sent cannot be assigned a retention period, but they can optionally be assigned a default expiry period and a maximum expiry period.

A transaction's deletion might be delayed, and happen after the date specified using self-service data management. This will be resolved in the next release, 11.35.

• New permission: Sub-Account Management: Added a new permission that enables any associated Role to use the REST API to: (1) create a new sub-account; (2) update an existing sub-account.
• New permission: In-Person Signing: Added a new permission that enables any associated Role to access the In-Person Signing feature via the New User Experience and the REST API.

Developers

• Second authentication method for API calls: Customers can communicate with OneSpan Sign from within their own system via REST API calls. Formerly, the system authenticated those calls in only one way — each call had to provide a secure API Key . The system can now use an alternative authentication method for such calls — an API call can provide a secure but short-lived API Token. To enable this feature, you must contact our Support Team. Once this feature is enabled: (1) the account owner will see a Client Apps section on the API Access page for Admins; (2) third-party integrators will be able to use the Client Apps feature to connect to OneSpan Sign's API via API Tokens.

• Can embed Transaction Edit page: The Transaction Edit page can now be embedded in an iFrame. However, this feature is available only on non-mobile devices.
• Unsupported scenario prevented: Created validation steps that prevent Form Fields from being added to Accept-only documents (e.g., Disclosure Documents) when the latter are uploaded to transactions via the API.

Accessibility

• Cookie Policy more accessible: Improved the accessibility of the Read More link within the Cookie Policy notice. This improvement was made in the Classic Signing Ceremony and in the Sender part of the New Signer Experience. The next release will make this improvement in the New User Experience.

• Better feedback when adding tagged PDFs: If a user adds to a transaction a tagged PDF that has no form fields, the user is now informed that the PDF contains no fields that require assignment.

• Better handling of pie chart: Because the pie chart on the home page of the New User Experience is not accessible, it is now hidden from screen readers. Instead, next to the chart is an accessible legend for it.

Mortgages

• Better workflow for mortgages: We now support ARC sections within the SmartDoc templates that OneSpan Sign uses for transactions involving mortgages. This feature is required by the USA's Federal Home Loan Mortgage Corporation (also known as Freddie Mac), and is becoming an industry standard.

Bug Fixes

Signing Ceremony

• PB-38629: Fixed an issue that caused the uploading of an attachment via Chrome to fail sometimes if the file was larger than ~ 10 MB.

• PB-38636, PB-38868: Fixed an issue that triggered an error message when a user tabbed to the input Search field for roles, and typed the first letter of a role.
• PB-38093: Fixed an issue in which the Zoom and Exit Signing buttons erroneously appeared in the More Actions menu when accessed from an iPad running iOS 13.
• PB-39676: Fixed an issue in which the Zoom buttons and the More Actions menu erroneously appeared on the Transaction Declined page.
• PB-39111: Fixed an issue in which a user couldn't capture their signature using a Safari browser on macOS.
• PB-38537: Fixed an issue in which a user couldn't scroll on the Cancel Capture Signature screen.

Signers

• PB-39084: Fixed an issue that prevented customized text for the Electronic Disclosures and Signatures Consent document from appearing in the Classic User Experience. Instead, the default text appeared.

• PB-31618: Fixed an issue that prevented Evidence Summaries from correctly displaying the Greek language (accented characters appeared as question marks).

Senders

• PB-37769: Fixed an issue that caused Bulk Send operations to fail when they processed a CSV file with more than ~ 28,000 rows (~ 4 MB).

Developers

• PB-38563: Fixed an issue that caused an "unhandled error" when a signed Signature Block on a confirmed document was undone using the REST API.

• PB-35931: Clarified the description of the API call named /packages/{packageId}/roles.

Accessibility

• PB-35936: Fixed accessibility errors with certain buttons and tabs on the Transactions page.

• PB-38671: Fixed an issue that prevented mapped Form Fields (in documents added to accessible transactions) from displaying as recipients' OneSpan Sign fields.
• PB-37166: Fixed an issue in which items in the More Actions menu were not being read properly by screen readers on Android devices.
• PB-37853: Fixed an issue in which screen readers processing the Classic Signing Ceremony failed to announce that a handwritten signature already exists in a Signature Box if that signature had been applied automatically in the New User Experience.

Sandbox

• PB-38485: Fixed an issue in which the email received by a user after signing up for a Sandbox account failed to include a link to the Sandbox Login page.

Known Issues

• There is an issue with NVDA screen readers and iFrames, where on occasion: (1) the content of the iFrame is not read; (2) the Enter button for selecting items does not work; (3) using the arrow keys to navigate reads the content of the previous page. To address this issue, a ticket has been logged with NVDA.

• In an in-person transaction, the affidavit screens are cut off when Landscape Mode is switched to Portrait Mode. This will be resolved in an upcoming release.
• There is an issue with iOS 13 in which dialog-box titles are not being read by VoiceOver software.
• There are issues with the layout of an in-person transaction in accessibility mode on iPads. This will be resolved in an upcoming release.

• There is an issue with the layout of the new Welcome screen within an in-person transaction on Internet Explorer when the browser size is decreased. This will be resolved in an upcoming release.

• There is an issue with deleting transactions using self-service data management. While transactions will eventually be deleted they may not be deleted at the time specified on the Data Retention page. These transactions may be deleted at any time after the defined deletion period. Transactions WILL NOT be deleted before the period of time defined on the Data Retention page. This will be resolved in the 11.35 release.

• There is an issue with transaction visibility using self-service data management. Even after the date specified for a transaction's deletion has passed, the transaction might still be visible. This will be resolved in an upcoming release.

• An error is thrown when a recipient with SSO authentication is added as part of a transaction-creation call via the REST API or an SDK. The temporary workaround is to: (1) first create the transaction; (2) then add the recipient with SSO authentication.

Changed Behavior

• PB-36622: When a sender creates a transaction, they can click an Enable accessibility button. To improve the accuracy of the button's label, it has been changed to "Enable screen-reader accessibility".

SaaS 2020-Apr: Release 11.33

What's New

Signing Ceremony

New Features

• Can remove signatures: If a Signer wants to remove a signature that has not been confirmed, they can do so by clicking the Undo Signature button on top of the signature.
• Can upload attachments: Signers can now: (1) upload one or more supporting documents to a transaction before the transaction is completed; (2) upload multiple documents in a single attachment.
• Enabled Mobile Capture: Added support for the Mobile Capture signature type. This type requires the Send to Mobile feature, which can be enabled by our Support Team.

Feature Enhancements

• Enhanced "conditional fields": Now: (1) when a field is disabled by a condition, that field reverts to the original value assigned to it by the Sender; (2) when a field or signature marked as Required is disabled, it must be enabled and acted on before the associated document can be confirmed; (3) when a Sender removes a condition or field that disabled another field, the latter's Disabled flag is removed.
• "Conditional logic" actions are recorded: All actions involving conditional logic are now recorded in the Evidence Summary.
• Enhanced the Signature Navigator: Among other things, now: (1) the Navigator displays all actions Required by conditional logic; (2) when the Navigator is off, the Progress Bar indicates progress, but it cannot be clicked to move to another page; (3) after a document is confirmed, all Navigator buttons are removed.

Signers & Senders

• Cookie Policy notice: Improved the Cookie Policy notice by including a link to OneSpan's detailed Cookie Policy.

Senders

• Improved "bounced email" replies: Improved the replies which announce that an email has "bounced" (see email.bounced). Those replies now say why the email bounced by providing standard bounce errors for email servers.
• Can hide logo with PCC: Added the ability to hide the logo that appears in the background of a Signature Block if the block is signed using the Personal Certificate Client.

Admins

• Clearer presentation of options: Formerly, the New User Experience's Integration page enabled administrators to: (1) view their API Key; (2) configure Event Notifications. For clarity, these quite different options have been placed on separate pages — the API Key and API Token page, and the Event Notification page.

Developers

• Can customize logo: Enabled our API and SDKs to customize the logo that is displayed in the New Signer Experience.

Accessibility

• Improved navigation: In the New User Experience: (1) after accessing a page, screen readers now begin their focus in the navigation bar on the top left of the page; (2) the top of every page now has a Skip to Main Content option.
• Navigator more accessible: In the New User Experience, we improved how screen readers present the following elements of the Signature Navigator: (1) Progress Bar; (2) Done and Required Actions buttons.
• Designer more accessible: In the Designer: (1) keyboards can now access all buttons; (2) the visibility of certain buttons was improved by increasing their color contrast.
• Menu more accessible: Screen readers now announce when the Admin drop-down menu is expanded or collapsed.
• Links remain clickable: In accessibility mode, links as body text remain clickable even after users sign the PDF and request Text View Only. In that context, such links are no longer displayed as simple text.

Bug Fixes

Signing Ceremony

Accessibility

• PB-35735: Fixed an issue in which users could not tab in or out of a Text Field or Text Area in accessibility mode if the transaction was created via the SDKs.
• PB-35475: Fixed an accessibility issue in which screen readers failed to announce the opening or closing of the Decline panel.
• PB-35477: Fixed an accessibility issue in which the Decline panel was missing a header tag.
• PB-35544: Fixed an accessibility issue in which the system failed to respond appropriately when a user clicked the Next Error button.
• PB-36526: Fixed an issue in which switching between documents failed to retain a zoom level selected by the user. Among other things, this fix means that visually impaired users will not have to manually change the zoom level on every new document they view in a transaction.
• PB-38000: Fixed the following accessibility issue. A user tabbed to Skip to document, and then pressed Enter. The screen reader should then have read the title of the page that appeared, but it did not.

Other

• PB-35823: Fixed a performance issue in which a multi-page document with hundreds of fields would hang when a user tried to focus on an input field.
• PB-34544: Fixed an issue in which date fields added via the SDK were not functional.
• PB-35612: Fixed an issue that prevented icons from displaying properly when users on a Safari browser zoomed in.
• PB-35850: Fixed an issue in which PDFs containing annotations were displayed with a large gap at the bottom of the page.

Signing Ceremony

• PB-32149: Fixed a Signing Ceremony issue that caused content for radio buttons and checkboxes to be improperly aligned in final signed documents. This fix applies to both the Classic Signing Ceremony and the New Signer Experience.
• PB-35181: Fixed an issue in which the Access Denied page failed to appear when users first accessed the Signing Ceremony for a transaction that is unavailable (because it has expired or been deleted, for example). This fix applies to both the Classic Signing Ceremony and the New Signer Experience.
• PB-36363: Fixed the following problem. The following items were successively placed on top of a signature: (1) a label that displayed a random Field ID associated with the signature; (2) a new logo, placed there by OneSpan Sign. Legality required that the ID always be visible, but the logo hid the ID. This problem was solved by making the logo transparent. This fix applies to both the Classic Signing Ceremony and the New Signer Experience.

• PB-36748, PB-35851: Corrected the Japanese translation of some text that appears in the Classic Signing Ceremony.

Designer

• PB-36635: Fixed a Designer issue that arose in scenarios like the following. A user creates a layout from Document 1, and applies that layout to Document 2. The user then interacts with the system to change a recipient in Document 2, but the system changes the recipient in Document 1 (the wrong document).
• PB-36634: Fixed a Designer issue in which clicking a page thumbnail in one column cleared all page thumbnails in another column.

Admins

• PB-36197: Fixed an issue in which personal information about transaction owners failed to update correctly when Fast Track was used.

Developers

• PB-35941, PB-35942: Fixed an issue that was assigning the same time stamp to successive signatures of the same signer inside a document. The fix ensured that the auto-fields in Text Tags are bound to specific signature fields. Fixing a related issue required binding the Input Fields in Text Tags to specific signature fields.

• PB-39625: Fixed an issue in which the local language specified by an SDK failed to appear in the email sent to signers.

Accessibility

• PB-37618: Fixed an issue in which the accessibility Document Import wizard failed to work for documents whose only fields were Signature Fields (e.g., no Form Fields).

Security

• PB-38259: Fixed some issues with KBA Authentication that arose when a custom Equifax account was used.

Known Issue

• The ability to upload attachments is not fully functional in this release. Full support for mobile devices will be added in an upcoming release.

Customer Notice

• New Signer Experience only: Starting with Release 11.34, the configuration of the Handover URL and Decline reasons will: (1) support localization; (2) be moved from the transaction level to the account level.

SaaS 2020-Mar: Release 11.32.2

Bug Fixes

Senders

• PB-38166: Fixed an issue in which an error message appeared when a user tried to send a transaction after deleting a conditional field in a document with Text Tags.

• PB-38497: Fixed an issue in which the Assign Delegates list was not displaying properly.

Signing Ceremony

• PB-38165: Fixed an issue in which the signer's email address was exposed in the document Feedback Bar if the user clicked "Click here to complete signing" in the Thank You dialog box.
• PB-38101: Fixed an issue in which the New Signer Experience failed to appear within an iFrame on mobile devices running iOS 12 or iOS 13.

SaaS 2020-Feb: Release 11.32

What's New

Signing Ceremony

• Enabled "conditional fields": Enabled senders to configure IF-THEN conditional logic among two or more fields in a document. For example, a sender can specify that IF a specific Text Field is not empty, THEN a particular Signature Field will be enabled — i.e., the signer must add text to the Text Field before they can sign the Signature Field. To enable this feature for your account, please contact our Support Team.

• Conditions cannot be applied to Custom Fields, Notary Fields, Auto-populated Fields (e.g., Name, Title, Date), Labels, or attachments.
• Conditional logic cannot be applied across documents or across signers.
• A mandatory field conditioned to be enabled or disabled should always be accompanied with a second condition that also makes it optional if the first condition is set to disabled. Failure to do this could prevent a recipient from being able to sign. Your conditional logic then, should include two conditions. For example:
  1. If Field A is selected, make Field B disabled.
  2. If Field A is selected, make Field B optional.
• This feature is also available via the REST API and SDKs.

• Added a Signature Navigator: Implemented a Signature Navigator that within a given document: (1) facilitates navigation between a user's multiple signatures; (2) displays the number of the user's unsigned signatures. By default, the Navigator: (1) appears when the document contains non-accepted signatures; (2) does not appear otherwise.
• Improved messaging for optional signatures: Improved the feedback to signers when they're viewing a document that contains only optional signatures.

Senders

• SSO is configurable for sender recipients: Formerly, upon accessing the Signing Ceremony, sender recipients were forced to authenticate themselves using Single Sign-On Authentication (SSO) if SSO was enabled for their account. This type of authentication is now configurable for individual sender recipients, as it has been for individual signer recipients.

• Failed email is resent: If an error occurs when the system first trys to send an email to a recipient, the system will now try to resend the failed email up to 5 additional times. This increases the chance that recipients will receive their email.

• Can select default values: We have made it easier for senders to use the Designer to specify a default value for a list. Formerly, senders had to type the default value in a separate input field. Now, from a drop-down list of all values, they select one to be the default.

Admins

• Can create Global Roles: Enterprise Administration supports both Predefined and Custom roles (the Predefined roles are Admin, Manager, & Sender). The Admin of a Master Account can now create Custom roles at that top account level, and have them automatically propagated to all that account’s sub-accounts. Such “global roles” have been developed to spare Admins from having to create the same role repeatedly at multiple levels.

• Can assign/de-assign Custom roles Enterprise Administration supports both Predefined and Custom roles. Formerly, OneSpan Sign BackOffice Admins could assign or de-assign any Predefined role to/from a user. This is still possible, but now those Admins can also assign or de-assign any previously created Custom role.

• Cannot edit own permissions: Formerly Admins who have the Roles & Permissions feature could edit their own permissions via the New User Experience. That is no longer possible. This will ensure that related abuses cannot occur.

• Added Completion Date to templates: Added the transaction's Completion Date parameter to the following email templates: (1) email.complete; (2) email.evidence.summary; (3) email.transaction.complete. Thus emails about completed transactions will state when the transaction was completed.

• Added Expiry Date to templates: Added the transaction's Expiry Date parameter to the following email templates: (1) email.activate; (2) email.notify; (3) email.reassign.newSigner; (4) email.reassign.sender; (5) email.remind.signer; (6) email.notify.mobile. This will increase signers' awareness of how long they have to sign.

Accessibility

• Made snackbars accessible: Ensured that the system's snackbar messages can be read by screen readers.

• Made headings more accessible: Improved navigation for disabled senders by making the My Account heading H1, while making the following headings H2: Personal Information, Signature, Access Delegation, Custom Fields, e-Notary.

• Account Registration more accessible : When a new user is invited to join your account, the Account Registration page with which they interact is now fully accessible.

Security

• Improved signer privacy: To protect signer privacy, the signer's email address has been removed from the Handover URL in the Classic Signing Ceremony and the Mobile Signing Ceremony. WARNING: The integration of integrated customers will be at risk if their integration uses the signer's email address in the Handover URL.
• Account Registration more secure : When a new user is invited to join your account, the Account Registration page with which they interact now requires the user to enter a strong password.

Bug Fixes

Signing Ceremony

• PB-34337: Fixed an issue in which users could not decline a transaction when text with more than 4000 characters was entered for the Other reason on the Decline screen.

• PB-34121: Fixed an issue in which a Network Lost notification failed to appear after the application lost its connection to the network.
• PB-32685: Fixed an issue in which documents viewed on an iOS device would not resize properly when the device was rotated to Landscape Mode.
• PB-34498: Fixed an issue in which the Download button failed to appear automatically after signing was complete for a transaction.
• PB-28771: Fixed an issue in which users were unable to view or download completely signed documents.

Senders

• PB-22192: Fixed an issue in which the Cookie Policy banner appeared under instead of above another banner when the zoom was set to 200%.
• PB-35140: Fixed an issue in which the value of the Is Optional checkbox failed to be saved during the Field Import process.
• PB-35304: Fixed an issue in which the Designer failed to visually represent the user's prior selection of multiple fields.
• PB-34150: Fixed an issue in which the Next button on the Transaction Edit page displayed an incorrect tooltip.
• PB-36172: Fixed an issue in which senders could not access the document options (e.g., Rename, Remove) for long documents expanded in the Designer.
• PB-34904: Fixed an issue that allowed senders to assign the same ID to multiple fields in a document.

Admins

• PB-33570: Fixed an issue in which the system failed to send the PACKAGE_READY_FOR_COMPLETE event notification. This occurred when attachments were associated with a signer who subsequently reassigned their signing responsibility to another user.
• PB-34991: Ensured that a transaction's record (e.g., the record of when the transaction was last updated) is not altered when expiry notifications, reminders, and other related email actions are performed.

Accessibility

• PB-34306: Fixed accessibility issues on the confirmation prompt that appears when documents are being confirmed, but optional signatures have not been signed.

• PB-34220: Fixed an issue in which screen readers failed to read the New Signer Experience notification about cookies.
• PB-35024: Fixed a New Signer Experience issue in which tapping the Enable accessibility button on an Android device failed to enable accessibility.
• PB-35469: Fixed New Signer Experience issues with the accessibility of the Main Menu button.
• PB-34756: Fixed a New Signer Experience issue in which screen readers failed to automatically read an error page's title after that page appeared.
• PB-35427: Fixed a New Signer Experience issue in which the contrast between the left panel's white background and its very light purple areas was not enough for visually impaired users.
• PB-33897: Fixed an accessibility issue with the Decline screen in the New Signer Experience.
• B-35206: Fixed a New Signer Experience issue in which error alerts were not being automatically read by the JAWS screen reader.
• PB-35471: Fixed a New Signer Experience issue in which the screen reader failed to announce that the Main Menu has a sub-menu.

Known Issues

Signing Ceremony

• On Safari version 12.1.2, documents do not stay centered when the application's zoom feature is applied. This issue is traceable to the browser, and is resolved in Safari version 13.
• Cannot tab in or out of a Text Field or Text Area in accessibility mode if the transaction has been created via the SDKs.
• Cannot sign when the Date Picker field exists, and the transaction has been created via via the SDKs.
• Custom messages defined via the SDKs fail to appear in the New Signer Experience.

Classic Signing Ceremony

• There is a known issue with the Improved signer privacy feature in the What's New section above. If in the Classic Signing Ceremony the Handover URL is clicked from within the feedback bar of a completed document, the signer's email address is still passed as a parameter to the Handover URL. This issue will be fixed in Release 11.32.1.

Release 11.31

All transactions created before November 11, 2018 on the environment US 1 (e-signlive.com) will now be accessible only in Read Only mode. If there is an active transaction created before then that still needs completion, a new transaction must be created.

What's New

Signing Ceremony

• Enabled accessibility: Enabled people with disabilities to use the New Signer Experience.
• Color customization via SDKs: Enabled the Java and .NET SDKs to customize the colors of UI elements in the New Signer Experience.
• Better text wrapping: Made text wrapping within Text Area fields of both the New Signer Experience and Classic Signing Ceremony more consistent and reliable across all browsers and devices.
• Better localization logic: Improved the logic of localizing the button caption and tooltip for the Handover URL in the New Signer Experience. In the new logic: (1) The system initially looks for a suitable customized string within the resource nsc.ui.messages. That search is first conducted for a string in the desired language. If that fails, the search is conducted for a string in English. (2) If no such string is found within nsc.ui.messages, the system falls back to the string defined within the account's resource packageSettings. (3) If no such string is found, the system falls back to the OneSpan Sign default (Continue).
• Support for optional signatures: Enabled optional Click-to Sign, Click-to-Initial and Capture Signature signature types within the New Signer Experience.
• Support for handwritten signatures: The New Signer Experience now supports the Capture Signature signature type.

Senders

• Merged document views: The list and thumbnail views of documents on the Designer page have been merged in a single view pane. This view will be expanded or collapsed by default, based on the configuration in the resource settings.designer. To configure this default, please contact our Support Team.
• Made more pages accessible: Updated the following pages to make them accessible: Login, Reset Password, Document Visibility, Account, Account Sign Up, My Account (Delegation, Custom Fields, Password), Admin (Custom Fields, Senders), Transaction List, Template List.

Admins

• Enterprise Administration: The Enterprise Administration feature enables the Account Administrators in an organization to manage users, groups and accounts for their lines of business. Account administrators can manage users and multiple accounts from a centralized location. This includes organizing multiple accounts into sub-accounts, control sharing abilities between users and accounts, and configure self-service branding capabilities across all accounts. This feature leverages the following items:
  • Roles and Permissions — When a user is added to an account, the Account Administrator assigns them a role with an associated set of permissions that determine the actions available to the user. Roles make it easy to manage the access rights of a large number of users without having to change permission options on an account-by-account basis. The following default roles are available within every account (each with its associated set of permissions): Administrator, Manager and Sender. These default roles are not customizable, and they cannot be deleted. Account Administrators can nonetheless: (1) create customized roles, assigning a customized set of permissions to each one; (2) make a customized role available within specified accounts or sub-accounts.
  • Sub-accounts — The sub-accounts feature enables an organization to create child accounts within the organization's master account. For example, an organization might want to create child accounts on the basis of its departments, geographical locations, or lines of business. Accounts can be created on three levels (parent > child > grandchild), enabling an organization to manage many account types under its master account.
  • Branding: Account Administrators can re-brand parts of the Signer Experience for signers such as logos and color schemes.

  Please contact our Support Team to configure Enterprise Administration for your accounts. The configuration options include: (1) activating roles and permissions for specific accounts; (2) activating the sub-accounts feature; (3) converting an existing account into a sub-account under an existing master account.

• Customizable password-expiry notifications: An account owner can customize the email notifications that the account's senders will receive when their password is about to expire. Such notifications can be: (1) toggled on/off; (2) sent a total of 0-5 times; (3) timed to first appear 7 or 14 days before the password expires. To customize the notification message, please contact our Support Team.
• Support for "local" languages: Enabled an account owner to specify a "local" language (e.g., Polish) for: (1) the Thank You dialog box that appears in the Classic Signing Ceremony; (2) the Thank You Summary that appears in the New Signer Experience; (3) the email templates email.activate, email.expire.warning, and email.complete. To enable these account-specific features, please contact our Support Team.

Developers

• Event Notifications: Added support for authenticating Event Notifications using OAuth 2.0 for Salesforce.

Performance Improvement

• Faster Bulk Sending: Decreased Bulk Sending's response time by 35%.

Bug Fixes

Accessibility

• PB-32353: Fixed an issue in which the default calculated Expiry Date was not being read by the screen reader.

• PB-32359: Fixed an issue in which the Close button for the Settings pane of a field was not being read by the screen reader.

• PB-32883: Fixed an accessibility issue in which the border was missing around the Is Optional toggle switch when a user focused on this Designer element.

• PB-32586: Fixed an accessibility issue in which the More Actions drop-down menu failed to close after a field was duplicated within the Designer.

Signing Ceremony

• PB-32963: Fixed a New Signer Experience issue in which the background color for checkboxes and radio buttons was missing.

• PB-32962: Fixed a New Signer Experience issue in which list fields were shifted down slightly from their intended positions within documents.

• PB-32964: Fixed a New Signer Experience issue in which the text within read-only fields (e.g., Custom Fields, Auto-fields, Labels) failed to be center-aligned in the vertical direction.

• PB-32755: Fixed a New Signer Experience issue in which markdown formatting on alerts was not being applied after the browser was resized or refreshed.

• PB-34405: Fixed an issue in which the Signing URL generated via SDKs took recipients to the Classic Signing Ceremony instead of the New Signer Experience.

• PB-33119: Fixed a New Signer Experience issue in which a Lost Network Connection alert was not being displayed in certain scenarios.

Mobile Signers

• PB-27206: Fixed a Mobile Signing Ceremony issue in which German translations of the labels Tap to Sign and Tap to Initial failed to appear.

• PB-33067: Fixed a Mobile Signing Ceremony issue in which markdown formatting was not being applied.

• PB-29339: Fixed an issue in which a recipient failed to receive an SMS passcode on their mobile device.

Signers — General

• PB-32826: Fixed an issue in which In-Person and e-Notary signing on a tablet failed to render within an iFrame.

• PB-32575: Fixed a typo that appeared in the German hover text for the Next Document button.

• PB-33549: Fixed a problem that custom Equifax accounts were having with the Equifax service.

Senders

• PB-28223: Fixed the following problem. When a radio button was duplicated in the Designer, the new button overlapped with existing radio buttons.

• PB-32782: Fixed a problem in which the header for the Designer's Settings section failed to appear for checkboxes and radio buttons.

• PB-30722: Fixed an issue in which a transaction's Timezone and Transaction Expiry settings based on a template were not reset when that template was deleted.

• PB-31295: Fixed the folliowing issue. For a transaction created from a template, Text Tag Extraction failed to extract the last Text Tag.
• PB-38039: Fixed an issue in which the Document Visibility settings failed to appear in the language selected by the Sender.

Admins

• PB-33135: Fixed an issue on the Users page of the Enterprise Admin in which the Username was plain text instead of a link or a button.

Developers

• PB-30596: Fixed an issue in which trying to create a transaction from the REST API failed if the transaction ID contained the string SRC (case-insensitive).

Known Issues: Signing Ceremony

• The Date Picker field does not work if it has been created via the SDKs. This will be addressed in an upcoming release.

• If the Capture Signature panel is accessed in accessibility mode on a touch tablet, the screen reader does not read the message that tells recipients to: (1) turn the screen reader off ; (2) rotate the tablet.

Changed Behavior: Signing Ceremony

• In the previous release, when Form Field validation errors occurred: (1) a Go to field button appeared in the relevant alert; (2) clicking that button took recipients to the erroneous field. In this release: (1) that button has been removed; (2) the error message is a hyperlink that takes recipients to the erroneous field.

• The top bar in the New Signer Experience no longer depends on the property .withoutSessionBar if the Signer Experience is created via the SDKs.

Release 11.30

What's New

Accessibility

• Made column headers clickable — The column headers on the Transaction Edit and Transaction Template Edit pages are now clickable buttons that facilitate navigation for screen readers.
• Facilitated actions on list items — Enabled screen readers to act more quickly on a list item within the page that lists transactions. Instead of having to navigate to the top or bottom of a list to perform an action, screen readers can immediately access the actions available for each list item.
• Enabled Bulk Sending — Enabled users with disabilities to do Bulk Sending.
• Improved Tool Tips — Made Designer tool tips and help tips accessible via the keyboard.
• Senders informed when signature needed — Improved the accessibility of the dialog box Requires your Signature. A person with disabilities who sends a transaction that needs their signature will now be informed that a transaction is waiting for their signature.

Other

• New Signer Experience — We've released a new intuitive signer interface that acccelerates the e-signing process, uses a Responsive Web Design, and enables clients to customize their signing interface with their own corporate brand. For more information, see Using the Signer Experience.
• Drag-and-drop to upload documents — Enabled users to add documents to a transaction or template by dragging and dropping files.
• Evidence Summary records KBA lock/unlock events — The Evidence Summary now records: (1) when a recipient using KBA Authentication is locked out of signing; (2) when they are unlocked; (3) if the unlock was manual or automatic.
• Rebranded all email templates — Rebranded all default email templates from eSignLive to OneSpan. This rebranding changed the logo, the colors, and the "from" email sender address. Note: This feature will not impact customers' existing email templates.
• Enhanced the time-based expiry feature — If when creating or updating a transaction a sender specifies that the transaction should expire after a certain number of days, the date the transaction expires will now be displayed to users.
• New mechanism to notify transaction owners about completed transactions — We added a new email template (email.transaction.complete) to notify a transaction's owner once their transaction has been completed. Note: By default, the new template is turned off. To enable it, contact our Support Team.
• Improved usability of field settings — When New from the Designer, all field settings and actions now appear in a single right pane. Formerly they appeared in a drop-down menu.
• More clarity on available actions — Provided more clarity about the actions users can take on the pages that list transactions and list templates (e.g., transactions currently "In progress" cannot be archived).
• Unified the pattern for more actions — Gave the list view on the Designer page the same pattern for more actions that the pages which list transactions and list templates have.
• Improved Bulk Send & Fast Track for templates — Removed the Bulk Send and Fast Track options from the top and bottom of the page that lists templates. These options now appear in the row for each template, making it easier for senders to send the template they want.
• Transaction/template settings accessible in the Designer — Added transaction and template settings to the Designer page. Note: This feature is present by default, but can be turned on/off by contacting our Support Team.
• Password policy for accounts — Enabled administrators to specify a password policy for an account. That policy specifies: (1) the password complexity; (2) the minimum age before a password can be changed; (3) the password expiration age; (4) a history of previous passwords; (5) an upper limit on the number of invalid login attempts.
• Configurable date range for Reports — To create an Account Summary Report, users must now select a date range, and then click a Run Report button. Formerly, a report was automatically created for a date range of one month when a user clicked the Reports button.

Bug Fixes

• PB-31811: Fixed an issue in which Single Sign-On Authentication (SSO) for senders who accessed the Signing Ceremony as signers worked only if the Force SSO Login feature was enabled on their account.
• PB-31048: Fixed an issue in which trying to delete a transaction twice using our Open API Specification resulted in an error message.
• PB-27782: Removed German words from a default out-of-the-office Spanish template.
• PB-30380: Fixed an issue in which not all SMS events in the Evidence Summary were properly translated.
• PB-30006: Fixed an issue in which users couldn't scroll down the Senders drop-down list on the Assign Delegates A OneSpan Sign feature that enables users to delegate access to their transactions to one or more other users on their account. Specifically, delegates can sign documents on behalf of the delegator, and they can access the delegator's inbox, drafts, layouts, and templates. screen.
• PB-31598: Fixed an issue that prevented the text in certain email-template buttons from displaying properly. The button size was fixed, so languages that used longer words did not have enough space. Button size is now auto-set in response to the size of the text.
• PB-29721: Fixed an issue in which the size of the Electronic Consent Document was returned incorrectly when a transaction's properties were retreived using our Open API Specification. Note: This issue still exists when a transaction is created from a template. That behavior will be fixed in a future release.
• PB-31179: Fixed an issue in which, on creating a transaction from a template, the language of a recipient who is an account sender was not set to that user's current language. Instead, the displayed language was the one used to create the template.
• PB-29505: Fixed an issue in which a pop-up banner announcing the use of website cookies obscured the Accept and Opt-out buttons on the Consent page. This issue arose when the browser was the latest version of Chrome or Internet Explorer.
• PB-30556: Fixed an alignment issue with the Expiry Date field on the Create New Transaction and Create New Template pages.

Known Issues

The following known issues may affect signers using the New Signer Experience. They will be resolved in a future release.

• Field values may not be saved when scrolling a long document: If a signer enters a value into an input field, and then scrolls past the eighth page of a document without first tabbing out of that input field, the value that they entered into the field is not saved.
• Date input field may be cleared on iOS devices: On iOS devices, entering a dash symbol ( - ) into a date field will clear the field.

• Entering an invalid value for the day or month within a date input field will change the date field: For example, if you enter a value of 13 for the month, the system will add that extra month to the date and will increase the year. So entering 2019-13-31 will reset the date to 2020-01-31.

Release 11.29

What's New

Accessibility

• Enabled senders with disabilities to specify or change the signing order of a transaction's recipients.
• Enabled senders with disabilities to specify or change the order in which a transaction's documents must be signed.
• Enabled the addition of a notary to a transaction using the keyboard and/or a screen reader.
• Added more labels to the pages that edit transactions and edit templates, and improved keyboard navigation on them.
• Added more labels to the pages that list transactions and list templates, and improved keyboard navigation on them.

Other

• SSO login improvement for signers with a sender account — If Single Sign-On Authentication (SSO) is enabled at the account level, when a sender accesses the Signing Ceremony as a signer via an email link: (1) they will now be authenticated with SSO; (2) once authenticated, they will be taken directly to the Signing Ceremony. Any other Authentication Method specified for the sender at the transaction level will be overruled by SSO. To enable this feature, please contact our Support Team.

There is a known issue regarding the preceding feature — it won't work unless the Force SSO Login flag is enabled for the account. This issue will be addressed in Release 11.30.

• Default account-level language — Enabled an account owner to specify a default language for their account. This language will be used: (1) for all email sent to users who are not yet senders on the account — e.g. an email sent by an account owner to a user, inviting the latter to join the account as a sender; (2) as the default language of new account senders. To enable this feature, please contact our Support Team.
• Customize KBA Authentication failure message for signers — Enabled customization at the account level of the messages that appear when KBA Authentication fails. To enable this feature, please contact our Support Team.
• Improved message for locked-out KBA users — Enhanced the message that is sent to a signer when they are locked out of signing due to multiple failed KBA Authentication attempts. That message now specifies when the signer can try to log in again. However, this additional information will appear only if the "auto-unlock" feature is enabled for failed KBA authentications.

The “auto-unlock” feature was introduced in OneSpan Sign 11.28. It is an account configuration that is disabled by default. If enabled, it will automatically unlock a signer after a configurable period (default = 72 hours, as per KBA standards). To enable the “auto-unlock” feature, customers must contact our Support Team.

• Specify time-based expiry for transactions and templates — It was already possible to schedule when a transaction or template will expire by specifying a future date (e.g., it will expire on 01/18/2020). We added the ability to schedule this expiry by specifying a time interval (e.g., the transaction or template will expire 20 days after it was created).

To specify a time interval for a transaction via the New User Experience, see the Expiry Date parameter in this procedure. To specify a time interval for a template via the New User Experience, see the Expiry Date parameter in this procedure. To specify a time interval via the SDK, see the parameters withDefaultTimeBasedExpiry and withRemainingDays in this section.

By default, all new and existing accounts use "date-based" expiration. To change that setting for your account to "time-based" expiration, please contact our Support Team.

Bug Fixes

• PB-28858: Fixed an issue with the vertical scroll bar that occurred when the question-and-answer screen for KBA Authentication was displayed in an iFrame.
• PB-25996: Fixed an issue in which Custom Fields did not populate correctly.
• PB-29313: Fixed an issue with the account-level configuration of email reminders. Specifically, the Repeat Reminder toggle switch in the New User Experience was ON when it had been configured in OneSpan Sign BackOffice to be OFF.
• PB-29874: Fixed an issue in which copying and pasting a value (e.g., a field name) on the Field Settings screen didn't paste just that value, but duplicated the entire field from which the value was copied.
• PB-28366: Fixed an issue in which transactions were not sorted correctly if a user tried to sort by the last updated date.
• PB-29954: Fixed an issue in which an error was thrown when a field was deleted using the keyboard from the Designer page.
• PB-29846: Fixed a Mobile Signing Ceremony issue in which special characters were not displaying correctly within the Thank You dialog box.
• PB-29638: Fixed an issue in which a signer's language failed to be used on the signer's Resend SMS screen when the signer accessed that screen from a mobile device.
• PB-25712: Fixed an issue that occurred when users tried to extract from a document a Text Anchor that the document did not contain. Instead of displaying a suitable error message, the system created an invalid approval.

Known Issue

• PB-30571: Text extraction on accessible PDFs will fail if the text contains typographic ligatures. An effective workaround is to remove the ligatures from the PDF.

Release 11.28

What's New

Accessibility

• When a user is selecting a language for a transaction, template or recipient, screen readers will now vocalize the entire list of language names in the language the user has selected for the interface.

• Visually impaired users will now be told: (1) the maximum number of characters allowed for an input field on the Recipient Settings screen; (2) when they've reached that maximum number.

• Screen-reader support was added for the document-action buttons in a transaction's list of documents.

• Screen readers used by senders can now vocalize the content of their OneSpan Sign application in all supported languages.

Other

• When a user is selecting a language for a transaction, template or recipient, the entire list of language names will be presented in the user's currently selected language. For example: (1) if the user's interface currently uses English, the presented language names will be French, Spanish, etc.; (2) if the user changes the preferred language of their interface from English to French, the presented language names will become anglais, espanol, etc.
• Continued to expand our interactive Open API Specification. From there you can download the YAML file for our REST API, search for specific endpoints in that API, and even try a few calls yourself. Additional information about the calls can be found on the Developer Community website. That site’s Feature Guides may be especially helpful when you’re building your solution.
• Extended SDKs' GET transaction queries to enable retrieving only the GUIDs of associated transactions.
• Enabled the automatic or manual unlocking of a signer once they have been locked out of signing due to multiple failed KBA authentication attempts.
• Enabled the specification of advanced options (e.g., Personal Message, Change Signer, Email Delivery) for placeholder recipients.
• Enabled the specification of default settings for email reminders at the account level.
• Single Sign-On Authentication will no longer impose a session timeout. The session timeout will follow the value specified within the customer's IdP server.
• Improved the error message that is returned when an incorrect roleId is specified via integration.
• Updated how the Show shared layouts setting is saved for a sender. Previously, this setting was saved as soon as the sender accessed and closed the Apply Layout dialog box. Now the setting is saved only if the sender updates the setting AND applies a layout.
• Added the ability to align multiple document fields (top, bottom, left, or right) when a document is being prepared.
• Added Recipient Locked and Recipient Unlocked events to the Evidence Summary. The Recipient Locked event is triggered when a recipient gets locked out due to multiple failed authentication attempts. The Recipient Unlocked event is triggered when a sender unlocks a recipient after they have been locked out due to multiple failed authentication attempts.

The following are not tracked in the Evidence Summary: (1) the Recipient Locked event is not tracked for KBA Authentication; (2) the Recipient Unlocked event is not tracked when a user is automatically unlocked after a KBA Authentication failure.

• Enabled the specification of a font size for fields, transactions and templates (i.e., the font size that will be used for the text in a field when its parent document is printed). Known Issue: This feature does not work for accessible transactions.
• Enabled the export of selected OneSpan Sign BackOffice settings from one account to another account.

Bug Fixes

• PB-28782: Addressed an issue in which the SMS phone number of a sender in one account was being auto-populated when the sender was added as a signer in a different account.
• PB-22562: Fixed an issue in which the signing order of recipients was enabled when a recipient was added from the Designer.
• PB-21659: Fixed an issue in which the Share template setting was disabled after it was clicked twice.
• PB-21291: Fixed an issue in which changing a placeholder recipient to a regular recipient was generating an error.
• PB-20039: Fixed a Mobile Signing Ceremony issue in which clicking the Accept button multiple times caused an error.
• PB-28580: Fixed an issue in which the Signature Field was re-positioned on a document after it was set as optional.
• PB-28172: Fixed an issue in which Drop-down and Remove buttons were overlapping on the Field Settings screen.
• PB-26935: Fixed an issue in which an error was generated when a Fast Track transaction was created with the transaction owner's email.
• PB-26734: Fixed an issue in which the "show more" button within a list of transactions or templates was not translated into Spanish.
• PB-22624: Fixed an issue in which, during the creation of a transaction: (1) a template was selected and then removed; (2) the template's recipients were mistakenly added to the transaction.
• PB-27522: Fixed a Classic User Experience issue in which the name of a group of signers appeared incorrectly after another group of signers was created.
• PB-26814: Now when a radio button is duplicated, the parent radio-button group will not be duplicated. Adding a radio button to a group can now be done via the Add to group option.
• PB-28027: Fixed an issue in which the field name was being auto-populated when Document Extraction was performed. The field name will now remain blank.
• PB-26575: Fixed an issue in which the Evidence Summary was not recording the failure of an SMS Authentication due to an expired PIN.
• PB-25910: Fixed an issue in which the Evidence Summary was adding an extraneous comma at the end of the Data column for a Signer SSO event.

Release 11.27.1

Bug Fixes

• PB-29371, PB-29376: Fixed two problems with signing-order assignments related to the Set signing order toggle switch and OneSpan Sign BackOffice.

Release 11.27

What's New

Accessibility

• Enabled visually impaired senders to request or require signers to add attachments to a transaction.
• Enabled visually impaired senders to delete recipients from a transaction.
• Enabled visually impaired senders to specify a recipient's recipient type.
• Enabled visually impaired senders to edit information about a transaction's recipients, leveraging Autocomplete functionality.

Other

• Introduced our new Open API Specification.
• Enabled senders to use the New User Experience to: (1) view the currently displayed language for each of their signers; (2) update that language.
• When a sender receives an email to inform them that a signer has been locked out, that email now displays the email address of the signer (see email.lock.signer).
• Formerly, after an attachment to a transaction was rejected, recipients received a separate email notification for each attachment thus far rejected, even if they had already received a similar notification about the attachment. Now, after an attachment is rejected, recipients receive a notification only about that attachment. Thus for each rejected attachment, recipients now receive only one notification.

• Removed the Send us your feedback link from the application. Hopefully, this will encourage our customers to direct all their requests and inquiries to our Support Team.

• Made the drop-down menu for the Designer's Signature Field list only those Signature Types to which the sender can switch. Previously, that menu listed all Signature Types, including the one that's currently selected.

• Enabled senders to duplicate fields in the Designer. When we created this functionality, we also changed how senders access the settings for fields. Now, when you add or select a field in the Designer, a drop-down menu appears to offer the following options: Settings, Duplicate, Delete, Is optional (for Signature Fields), and <Signature Types>.
• Added an account-level flag for administrators that determines if by default shared layouts will be displayed to the account's senders.
• When SMS Authentication is assigned to a recipient who is also an account sender, the SMS phone number will now be auto-populated from that sender's Personal Information within the My Account set of pages. Note: The phone number in that location must include the sender's country code and area code.
• Prevented a recipient's information (First Name, Last Name, etc.) from being changed once the recipient has started to sign.
• In the REST API, added the optional parameter fields to GET transaction queries. When its value is id, the system retrieves only the GUIDs of associated transactions. Note: The SDKs will soon offer equivalent functionality.
• Our Sender interface has never officially supported assigning the same place in the signing order to multiple recipients. However, this could have worked in certain cases when transactions were created using the REST API. This behavior will stop working in all use cases with this release. This change will enable us to: (1) enhance other features; (2) fully support enhanced signing-order functionality in a future release.
• Enhanced Bulk Send's performance by changing its code so that: (1) successive cron jobs are run every 15 minutes (instead of every 30 minutes); (2) each job processes a maximum of 200 CVS-file rows (instead of 100 rows). Bulk Send thus runs four times faster than it did before.

Bug Fixes

Accessibility

• PB-26179: Fixed an issue in which screen readers were reading certain dialog boxes twice.
• PB-26479: Fixed an issue in which screen readers failed to vocalize the text in a selector.
• PB-26487: Fixed a screen-reader issue in which an aria-label attribute was missing.
• PB-26078: Fixed an issue concerning the text read by iOS VoiceOver during the Signing Ceremony.
• PB-26578: With Enable accessibility on, mapping Form Fields to recipients did not work properly. Specifically: (1) a sender could map multiple recipients at once; (2) if the sender subsequently removed one recipient, the system removed all recipients.

Other

• PB-20971: Fixed an issue that prevented recipients from changing their displayed language if they accessed the Signing Ceremony from an iFrame.
• PB-20583: Fixed an issue that prevented the New Transaction button from displaying properly after a user narrowed their browser window.
• PB-18877: Fixed an issue that prevented senders from customizing the logo that would appear on the Thank You dialog box after a user signs on a mobile device.
• PB-26920: Fixed an issue in which the Required attribute of a Custom Field was not being saved.
• PB-27045: Fixed a Dashboard issue that prevented the proper formatting of text in certain languages.
• PB-26585: Fixed an issue that permitted a signer to decline a transaction when it was not their turn to sign.
• PB-26319: Fixed an issue in which the "signup email" to a new sender was not being sent in the sender's designated language (see email.signup).
• PB-25066: Fixed a Designer issue that left it visually unclear if the Accept Only option had been selected for a document.
• PB-25249: Fixed an issue in which the width of the Transaction Name column changed when sorting was applied to the Transaction List.
• PB-26483: Fixed an issue in which pressing the ESCAPE key on a list selected an item from the list instead of escaping the list.
• PB-27198, PB-26738, PB-27201: Fixed several issues concerning the numbering associated with the signing order for recipients.
• PB-26208: Fixed an issue in which fields were reset after a user clicked outside a selector.
• PB-26838: Fixed an issue that prevented user-entered text from being fully visible in the associated display.
• PB-26957: Fixed a problem that affected the configuration of email reminders for in-progress transactions.
• PB-26892: Fixed an issue in which a tool tip failed to appear after new account users clicked Next during their First Time Use Walkthough.
• PB-27165: Fixed an issue in which senders could not select a recipient from the Recipient History on a mobile device.
• PB-27296: Fixed a Mobile Signing Ceremony issue in which the Signature Field label was not in the language that had been specified for the transaction.
• PB-25849: Fixed an unhandled exception that occurred when an attempt was made to update a document's description via the REST API without providing the correct document ID.
• PB-27298: Fixed an issue in which the field name was being auto-populated with the field ID when Text Tag Extraction was performed. The field name will now remain blank.

Release 11.26

What's New

Accessibility

• Enabled visually impaired senders to add recipients to a transaction, and to edit recipients' information.
• When a sender creates a transaction or template, the value that initially appears in the New User Experience for the Enable accessibility toggle switch is now automatically set to the default value specified for the sender's account. That default value can be changed only by contacting our Support Team.

Other

• The Enforce Authentication option will now be ignored for account senders if Single Sign-On Authentication has been specified as the Authentication Method for their account. Thus no one will have to specify information for Authentication Methods that will not be used.
• Knowledge-Based Authentication questions and answers will be displayed in the recipient's language. Specifically: (1) the language for Equifax USA can be English or Spanish ( if the recipient has a different language, the fallback language is English); (2) the language for Equifax Canada can be English or French ( if the recipient has a different language, the fallback language is English).
• You can now search for transactions or templates using a recipient's first name, last name or email address; for the New User Experience, see the section Find Transactions).
• Increased the storage space available for email templates.
• When a sender creates a transaction or template, the value that initially appears in the New User Experience for the Enable in person signing toggle switch is now automatically set to the default value specified for the sender's account. That default value can be changed only by contacting our Support Team.
• To comply with the General Data Protection Regulation (GDPR), in every environment we removed all personal information from all reports created by OneSpan Sign BackOffice. Specifically, in the Transaction Report and Multi-Tenant Transaction Report, we: (1) removed all signers' information, package names, and package attributes; (2) added the Sender UID.

Bug Fixes

Accessibility

• PB-25479: Fixed an issue that prevented signatures signed by other recipients in a uploaded document from being presented to users in accessibility mode.
• PB-25353: Fixed the following issue. When the Add Recipients button was selected using the keyboard in accessibility mode, instead of hearing ADD RECIPIENTS button selected, users heard ADD RECIPIENTS button unavailable.
• PB-25719: Fixed a wrong presentation of the document Preview button in accessibility mode.
• PB-25986: Fixed an accessibility issue in which: (1) users were not notified that you cannot create a new transaction from an existing accessible transaction; (2) settings were not being inherited when a new template was created from an existing template via our Open API Specification.
• PB-26079: Fixed the following issue. When a recipient using Android TalkBack tried to complete a signature by double tapping the Confirm button, TalkBack read the OK button twice instead of once, and therefore highlighted that button twice instead of once.

Other

• PB-21959: Fixed an issue that prevented transaction counts from updating properly next to the Inbox and Drafts headings after a user deleted or archived a transaction from these lists.
• PB-20485: Fixed the following issue. Passing an invalid document ID while retrieving field values via the REST API returned an exception instead of an informative error message.
• PB-25880: Different environments (e.g., Sandbox, Production) were found to be using different default formats for the timestamps applied to signatures. Removing this inconsistency provided all environments with the default format yyyy-MM-dd HH:mm:ss z, where z is the timezone. If you want a different default format for your account, please contact our Support Team.
• PB-16839: Fixed an issue that permitted a recipient to decline a transaction even after confirming their signature.
• PB-26261: Fixed an issue in which switching to the Classic User Interface caused the page footer to overlap with the list of transactions. The fix keeps the footer at the bottom of the page.
• PB-25662: Fixed the following issue. Using Windows 7 and Internet Explorer 11, the top left of the Designer page failed to show the complete name of the current transaction when that name had fewer than 4 characters.
• PB-25837: Fixed the following issue. When a user of OneSpan Sign for iOS confirmed a document or switched between documents, the system's loading the new document sometimes hung.
• PB-26213: Fixed an issue that prevented users from using the keyboard's backspace key to update the maximum length of a text field or text area.
• PB-26221: Fixed an issue in which the did not support a proxy Java and .NET SDKs configuration of the method eslClient.signDocuments.

Release 11.25

What's New

• Updated our cipher suite for outgoing Callback Notifications and SMTP messages from the OneSpan Sign service to customers. For more information, see Enhanced Security Standards.
• When a user accesses the Signing Ceremony from an email link, if their original SMS passcode has expired, the system now automatically sends them a new SMS passcode.
• If a document fails to upload when a transaction is being created via the SDK call EslClient.createPackage, the system now automatically deletes the transaction from the Drafts folder.
• When using the REST API to retrieve a list of all groups in an account, the list can now be filtered by searching for a specific or partial group name. For more information, see our Open API Specification.
• When using a Java or .Net SDK to retrieve a list of all groups in an account, the list can now be filtered by searching for a specific or partial group name. For more information, see Managing Groups.
• In a completely signed document, all Form Fields and signatures not associated with a recipient are now flattened — i.e., are read-only.

PDFs added to a transaction must not have syntax errors. If they do, the flattening described in the previous bullet may prevent recipients from confirming their signatures. To avoid that, we strongly recommend that you use Adobe's Preflight tool to scan and analyze a PDF for syntax errors before you add it to a transaction. For more information on the Preflight tool, refer to your Adobe documentation.

• The Enable accessibility mode button is now available when the Signing Ceremony is accessed through the Sender interface.
• In the Signing Ceremony's accessibility mode, visually impaired recipients are now notified when their cursor moves in or out of the Capture Signature box.

Bug Fixes

• PB-25102: Ensured that the Layouts drop-down list will not appear behind the Apply Layout dialog box (see Applying a Layout). This superposition made it hard to scroll within the list to select a layout.

• PB-21327: Fixed an issue that prevented a document's Accepted and Confirmed dates from displaying a timestamp.

• PB-25300: Fixed an issue in which continuous component updates caused the Document Preview and Designer pages to flicker.

• PB-21046: Ensured that in the Mobile Signing Ceremony the Exit button is always visible after signing is complete.
• PB-21409: Fixed an issue in which an accepted but unconfirmed optional signature and its associated fields were rendered in the final signed document when the transaction was completed by the sender.
• PB-15182: Provided missing translations for the email templates email.bulk.send.completed and email.bulk.send.error.

• PB-24599: Fixed an issue that, in accessibility mode, prevented the successful addition of multiple field mappings via the Import & Link Fields page (see Mapping Form Fields to Recipients).

• PB-18552: Fixed an issue that, in accessibility mode, prevented ToolTips for Form Fields from presenting customized content that had been specified using OneSpan Sign's BackOffice administration tool.

• PB-20058: Fixed an issue that, in accessibility mode, prevented a signature's ToolTip from being updated once the signature was accepted.

• PB-20150: Ensured that in accessibility mode the Signing Ceremony's Decline dialog box's list of reasons for declining can be navigated via the keyboard's arrow keys.
• PB-23674: Fixed an accessibility issue in which the description of a recipient's authentication was not being read by a screen reader when the Enforce Authentication condition was enabled for the recipient's account.
• PB-23677: Fixed an accessibility issue in which multiple H1 headings appeared on the Dashboard page. This did not comply with JAWS 2018.
• PB-24496: Fixed an accessibility issue in which the JAWS screen reader read all the labels above the currently selected label on the Create New Transaction page.
• PB-24488: Fixed an issue in which the visual contrast of the First Time Use message on the Dashboard page did not comply with accessibility guidelines.
• PB-24490: Fixed an issue in which the visual contrast of the text on the Personal Information page of My Account did not comply with accessibility guidelines.
• PB-24487: Fixed an issue in which the visual contrast of a selected menu item from the top menu of the New User Experience did not comply with accessibility guidelines.
• PB-24485: Fixed an issue in which the visual contrast of a selected field's orange border did not comply with accessibility guidelines.
• PB-25957: Fixed an issue that was preventing page controls from working properly with TalkBack screen readers on Android devices in accessibility mode.

Release 11.24

An unexpected error occurred with a fix to PB-21959. Due to the instability this could create, a patch release — 11.24.1 — was quickly issued. Soon after, another patch release — 11.24.2 — was issued to ensure that document pages display properly in the Designer section of the New User Experience.

What's New

• When New User Experience senders create accessible transactions or templates, they can now map the Form Fields in added documents to recipients' OneSpan Sign fields. For details, click here.
• The Signature page of the My Account set of pages enables users to create a handwritten signature that can be used to sign documents. That page's Signature now opens in full-screen mode to give visually impaired users more space to capture their signature.
• Enabled Bulk Sending to configure Personal Certificate signing for its recipients. An example of that configuration appears in the section Sample CVS File.
• Placed an appropriate transaction count next to two headings on the New User Experience page that lists transactions. Specifically: (1) the number of transactions that currently have the status In progress appears next to the Inbox heading; (2) the total number of transactions that currently have the status Draft, Expired, Declined or Opted out appears next to the Drafts heading.
• In the New User Experience, the action icons above the Transactions list will now: (1) always be visible; (2) become enabled when a transaction is selected.
• The Recipient Settings screen inside the New User Experience has an Attachments tab. The Delete icon on that tab will now: (1) always be visible; (2) become enabled when an attachment is selected.
• Enabled Single Sign-On Authentication to: (1) provision senders when multiple OneSpan Sign accounts have the same Identity Provider; (2) provision a sender as either a Manager or a Member.
• Added support for additional timezones to accommodate places that do not observe Daylight Saving Time (DST).
• Error and warning messages that appear in the application will no longer automatically disappear. They must be dismissed by the user.
• In the accessible view of a document during signing, the Form Fields not associated with a recipient now appear as read-only text.
• Our Sender interface has never officially supported adding documents to transactions via drag-and-drop, but this technique could have worked in certain cases. This technique will stop working in all use cases with this release. This change will enable us to: (1) enhance other features; (2) fully support drag-and-drop functionality in a future release.

Bug Fixes

• PB-21466: Fixed an issue that was permitting senders to enter invalid values on the Email Reminders screen.

• PB-20893: Fixed a Mobile Signing Ceremony issue in which the accessibility mode became disabled if the SMS Login page was refreshed.

• PB-18844: Fixed an issue that prevented a document from being tamper-sealed upon transaction completion if the last recipient did not sign an optional signature.
• PB-22064: Fixed an issue that was causing the email reminders for all transactions to be sent just once per day. Email reminders are now sent once every hour. Thus a reminder designed to be sent after one day is now sent between 24 and 25 hours after the original invitation (no longer between 24 and 48 hours after the original invitation).

Known Issue

• PB-21959: Deleting or archiving a transaction may lead to incorrect count numbers next to the headings of the Inbox and Drafts folders .

Release 11.23

What's New

• The Evidence Summary now records when a transaction owner manually completes a transaction.
• As part of an ongoing effort to make the New Application User Experience accessible to visually impaired senders:
  • The color scheme was improved for visually impaired senders.
  • The Dashboard's Account Summary chart was made a non-clickable image. Instead, the items within the legend indicate the number of transactions, and they link to the Reports page.
  • The following changes were made to the Date Picker control:
    • Dates can now be input manually.
    • Senders must now click OK to confirm their date selection.
    • To clear a date, you must now do one of the following: (a) select the date and press DEL on the keyboard; (b) open the calendar, and click Clear.

Bug Fixes

• PB-20463: Fixed an issue that prevented a transaction's completion date from being properly assigned when the transaction was manually completed by the transaction owner.
• PB-20825: Fixed an issue that caused transaction owners to receive Opt Out and Decline emails in the recipient's language instead of their own language.
• PB-20846: Fixed an issue that made the captions on buttons in the Capture Instructions screen bleed beyond the buttons' borders.
• PB-11204: Fixed an error in the Spanish text that appears on the translated Affadavit page during In-Person Signing.
• PB-18225: Fixed an error in the Spanish text that appears on the translated Guest Login page during SMS Authentication.
• PB-20179: Fixed an issue in which disabling the Session Bar during the Signing Ceremony made the Enable accessibility link unavailable.
• PB-20206: Fixed an issue in which the JAWS screen reader was reading an incorrect label for the Click to Sign Signature Box.
• PB-21131: Fixed an issue regarding query parameters injected into the Handover URL.
• PB-21096: Fixed an issue in which low screen resolutions prevented users from configuring a signature as Optional.
• PB-19992: Fixed problems with the SMS Authentication screen in which entering an incorrect SMS pass code caused: (1) the display of an inaccurate default message for the French language; (2) failure to display a customized string defined by the customer.
• PB-21698: Fixed an issue that in certain scenarios prevented senders from previewing their documents.
• PB-8330: Removed an undesirable User-Agent value from the header of the Apache HTTP client created by OneSpan Sign's Application Backend.

Release 11.22

What's New

• As recommended by the US National Institute of Standards and Technology (NIST), One-Time Password (OTP) codes for SMS Authentication will now expire (default lifetime = 5 minutes).
• A user can now change the signer's Company and Title when they delegate signing to another user.
• Links that appear in PDF documents can now be de-activated for an account.
• Now when a user signs with a mobile device, optional signatures are available in the Mobile Signing Ceremony.
• Document deletions are now recorded in the Evidence Summary.
• Transaction deletions are now recorded by our back-end system. To obtain this Audit Trail, please contact our Support Team.
• Optimized the Package Overview API, thereby improving overall performance.
• Enhanced performance by enabling the Documents call to be executed more rapidly.
• Upgraded Ruby (which is used by the Classic User Experience) to version 2.5.3.
• Dropped support for Internet Explorer 9 and 10 in the New User Experience (see Minimum Software Requirements).

Bug Fixes

• PB-19529: Fixed an issue that was preventing Sender SSO Authentication with Active Directory sessions that were older than 2 hours.
• PB-19797: Prevented the Cookie Policy notification from blocking the Accept button in the Signing Ceremony.
PB-10610: Removed the Cancel button from the failure screen for KBA Authentication.
• PB-12024: Fixed a Mobile Signing Ceremony issue in which fields were being rendered larger than intended, and were overlapping with text.
• PB-16420: Fixed an issue in which the "completion check mark" failed to appear for recipients using SMS Authentication.
• PB-17091: Fixed an incorrect Spanish translation of the Click to Sign Signature Box.
• PB-17923: Fixed an incorrect Spanish translation of the string This field is required on the Opt Out and Decline screens.
• PB-18484: Fixed an incorrect Spanish translation of the Accept button in the Mobile Signing Ceremony.
• PB-21185: Fixed a performance issue by removing precision scanning for Text Tags.

Release 11.21

What's New

• Added customizable time zones for transaction owners at the Account, Sender, and Transaction levels. Thus the time zone used to display all dates on a transaction's signed documents can now be customized. A zone specified at the Transaction level supersedes zones specified at the other levels, and a zone specified at the Sender level supersedes a zone specified at the Account level. Specifying a zone at the Transaction level is described here, and specifying a zone at the Sender level is described here. To specify a zone at the Account level, please contact our Support Team.
• When a callback fails, an email is sent out. That email has been improved to include the reason for the failure.
• Added Android TalkBack support for the Mobile Signing Ceremony on tablets (that support is documented here).
• Added support for the integration of optional signatures via Document Extraction and Text Tag Extraction.

Browser Support

• As of Release 11.22, the New User Experience will no longer support Internet Explorer 9 or 10 (see Minimum Software Requirements).

Bug Fixes

• MAIN-3183: Fixed an issue that occasionally prevented the uploading of documents during the Signing Ceremony, when using Internet Explorer.
• PB-19532: Fixed an issue that caused an incorrect email notification to be sent to a signer when the attachment from a different signer in the same transaction has been rejected.
• PB-17816: Fixed an issue that caused the top rebranding banner in Safari to sometimes disappear.
• PB-17595: Fixed an issue in which an unwanted border appeared around a banner added to the Designer page.
• PB-17184: Fixed an issue in which trying to "Bulk Sign" signatures when it was not the designated signer’s turn did not return a user-friendly message.
• PB-16990: Fixed an issue in which trying to add a recently deleted document from the Document History caused an Error 500 instead of a user-friendly message.
• PB-16817: Fixed an issue in which an invalid configuration for the Sender in the IdP server caused an ambiguous error.
• PB-16647: Fixed an issue in which the Archival Module couldn't purge data from long-term storage.
• PB-15570: Fixed an issue in which the SMS passcode was not being sent in the signer’s preferred language.
• PB-13579: Changed the flow so that email notifications to complete a transaction are sent only after all required attachments have been uploaded.
• PB-12894: Fixed an issue in which clicking the Save Layout button too quickly after applying a layout caused an error.
• PB-12842: Fixed an issue in which switching between the Drafts and Inbox folders before a page was fully loaded caused invalid data to appear.
• PB-12356: Fixed an issue in which attachments without an associated description caused a misalignment in the New Application User Experience.
• PB-7727: Enabled the API to add attachments to a transaction even when attachments are disabled on the associated account.
• PB-16911: In certain Optional Signature scenarios, we prevented: (1) an extra email from being sent; (2) an extra Optional Signature from being displayed.
• PB-17034: Made the Continue button appear in those Optional Signature scenarios where it was missing.

Known Issue

• When a user views an eSignLive invitation email in Gmail using an Android tablet in its Landscape orientation, the email's Go to document button is not fully displayed. The workaround is simply to rotate the tablet to its Portrait orientation.

Release 11.20

What's New

• Enabled blind and visually impaired users to review and click-to-sign PDF documents on mobile devices. This involved making the Mobile Signing Ceremony support Web Content Accessibility Guidelines (WCAG) 2.0 Level AA.
• Added iOS VoiceOver support for the Mobile Signing Ceremony on iPhones and iPads (that support is documented here).
• Enabled Bulk Signing — "Sign All" — for: (1) the Signature Capture signature type; (2) documents with mixed signature types.
• Made SMS messages more customizable than they had been.
• Made the Thank You dialog box support special characters.
• Enabled Single Sign-On (SSO) Authentication to be configured with the same Identity Provider's entity ID for both senders and signers.
• Added pagination to the displayed list of senders when delegates are being added in the New User Experience.
• Enabled static hyperlinks in PDF documents that are in a completed transaction.

Performance Enhancements

• System throughput (number of transactions per hour supported by the system) has been improved by 25%.
• The Get Package API response time has been reduced by 13%.
• The load time for the API underlying the Dashboard's Account Summary pie chart was improved by 36%.

Bug Fixes

• PB-15119: Enabled Text tag extraction to work when documents are uploaded from Salesforce.
• PB-16396: Fixed a licensing error that occurred when documents were being uploaded.
• PB-15928: Improved the alignment of the title of the Capture Signature Signature Box on mobile devices.
• PB-1563: Made the Evidence Summary filename display the correct text when the file is downloaded from the application.
• PB-16733: Ensured that for a document with Text Tags, artifacts of those tags do not appear in the document after it is added to a transaction.
• PB-16390: Fixed an issue involving Optional Signatures and the Personal Certificate Client.
• PB-10973: In ADA mode (designed for visually impaired users), we enabled the Accept button to be read by a screen reader that uses an Internet Explorer browser.
• PB-12457: In ADA mode, we enabled the progress bar to be read by a JAWS screen reader that uses an Internet Explorer browser.
• PB-11393: In ADA mode, we translated Alt text for the progress bar into French.
• PB- 12430: In ADA mode, we enabled the following text within the Consent document to be translated into any supported language: Must be accepted and agreed to before starting the signing process.

Release 11.19

What's New

• Enhanced Single Sign-On (SSO) Authentication to support external recipients. This enables the exchange of authentication information between OneSpan Sign and corporate servers. Thus signers can now use their organization's credentials to access the Signing Ceremony.
• Added support for optional signatures. This permits a signer to complete a transaction without signing all of their signatures inside the transaction's documents. Any signature type can be flagged as "optional" via the New User Experience, the REST API, or the SDKs. For a description of associated limitations, see the first note in this section.
• Ensured that the Owner of a transaction receives a notification every time a signer uploads an attachment. This is especially important if a rejected attachment is re-uploaded.

Bug Fixes

• PB-16402: Ensured that the document description appears when a user clicks the Document Title bar in a Mobile Signing Ceremony.
• PB-16596: Fixed an issue that was preventing the Personal Certificate Client from connecting when a user had multiple active network connectio