Overview

...

...

...

...

...

...

Image Removed

No special hardware is required. All you need is a smartphone or a computer with a browser that supports HTML5. 

...

Which Signature Should I Use?

Use this chart to help select which type of signature to use based on factors that are commonly used to determine legally binding signatures:

...

The signature control only captures a handwritten signature image. It does not create a digital signature.  A signed section that is set to wet signature both captures a handwritten signature image and creates a digital signature over the contents of the section. See below.

Digital Signatures

 uses public key cryptography. When a  server is first started, it generates a public and a private key. This is automatically generated using the RSA algorithm. There is no official certificate authority (CA); however, if you want one you can supply your own public and private keys that are certified by some authority (like Verisign). An official CA is not required, since the data is signed by and verified by using keys generated by . You must keep the private key "private" by setting up good security practices to the server's disk. The public key may be shared with anyone and, in fact, if you manage the server as the admin user, and click on Security you can see the public key displayed there.

When a section is signed, the data in the section, together with a time stamp, the signing user, and a few other things are used to generate a message digest. The message digest is digitally signed using the private key. The signatures (there can be more than one) are included with the submission – in the repository and sent in the HTTP POST so you can it yourself if you want.

When the form is re-initialized from the submission documents, you must also supply the signatures. The initialization process will verify that the data has not changed (i.e., has not been tampered with) and the signature is still valid. If the signature is not valid, it is removed and the entire Section is displayed with a visible error (large red background). If it is valid, there is a green background and the Section cannot be edited.

Image Removed

Signed Sections

provides true digital signature functionality via a Section control in your form. The user signs a specific Section, so that different parts of the form can be signed by different people rather than a signature being applied only to the entire form. Signed sections provide authenticated digital signatures.

• When used in a standalone form or the first step of a public workflow, the user must be logged into  in order to sign the section.
• When used in a Workflow Step, this type of signature will authenticate the signer based on the Workflow Step assignment. If the Workflow Step is assigned to a  User, that person must login to perform the step and sign the section. If the Workflow Step is assigned to an Email address, when the anonymous user clicks to sign they will be prompted to enter the correct email address along with their first and last name to authenticate.

Signed sections can use either a Wet Signature or Text/Signature Image type of signature. Once the user signs, all of the controls in the section become disabled and cannot be edited unless the user clicks Edit this Section. Signed sections require that all fields within the section are valid before signing. For example, this section has a required control that is not yet filled in.

Image Removed

If a user clicks the Sign this section button and there are invalid controls in the section, they will see this error "An error has occurred. Your signature could not be saved because the Section you are signing contains invalid controls. Please enter valid information in all such controls and click the Sign button again."

Image Removed

Signed Section Signature Options

You can choose the signature format for a signed section in your form. Select any section control on your form and click the Security tab in the properties panel. The bottom portion of the tab is relevant to signatures. Refer to Security Properties for information on the Role dropdown. The drop down select has three options, and the default value is None Required.

• None Required - no signature required, section not digitally signed.
• Text/Signature Image - An uploaded signature image for the user will be used, if one is available. The user's name will be printed otherwise. The date of the signature, based on the user's browser settings, will also display.
• Wet Signature -  will present the signature entry dialog to capture the user's signature. The date of the signature, based on the user's browser settings, will also display.

Image Removed

The Lock sign means that the next person in the workflow can not remove the signature and edit the signed data. A good use case is an employee performance review where the manager starts the form, and signs the review, and sends it to the employee. You would check Lock sign so the employee cannot unsign and edit the data entered by the manager.

The Must sign property makes the signature required. With Must sign, a form cannot be submitted or a workflow is not sent to the next person until the signature is added.Checking Must sign will disable the None Required option from the Signature dropdown and automatically selects Text/Signature Image. You can change the Signature dropdown to Wet Signature.  

Sections that are hidden/not hidden via a rule or the Visible property in the designer, behave as stated below with respect to Must Sign:

• If the must sign section is visible, then you must sign to make the form valid, regardless of the section's required status.
• If the must sign section is hidden and required and contains required controls, then the form cannot become valid.
• If the must sign section is hidden and not required, then the section becomes valid and the form becomes valid.

Image Removed

...

Digital Signatures

 uses public key cryptography. When a  server is first started, it generates a public and a private key. This is automatically generated using the RSA algorithm. There is no official certificate authority (CA); however, if you want one you can supply your own public and private keys that are certified by some authority (like Verisign). An official CA is not required, since the data is signed by and verified by using keys generated by . You must keep the private key "private" by setting up good security practices to the server's disk. The public key may be shared with anyone and, in fact, if you manage the server as the admin user, and click on Security you can see the public key displayed there.

When a section is signed, the data in the section, together with a time stamp, the signing user, and a few other things are used to generate a message digest. The message digest is digitally signed using the private key. The signatures (there can be more than one) are included with the submission – in the repository and sent in the HTTP POST so you can it yourself if you want.

When the form is re-initialized from the submission documents, you must also supply the signatures. The initialization process will verify that the data has not changed (i.e., has not been tampered with) and the signature is still valid. If the signature is not valid, it is removed and the entire Section is displayed with a visible error (large red background). If it is valid, there is a green background and the Section cannot be edited.

Image Added

Signed Sections

provides true digital signature functionality via a Section control in your form. The user signs a specific Section, so that different parts of the form can be signed by different people rather than a signature being applied only to the entire form. Signed sections provide authenticated digital signatures with either a Wet Signature or Text/Signature Image type of signature. 

Adding a Signed Section to Your Form/Workflow

You can configure any section(s) in your form as Signed Sections.

Select a Section control on your form and click the Security tab in the properties panel. The bottom portion of the tab is relevant to signatures. Refer to Security Properties for information on the Role dropdown. The drop down select has three options, and the default value is None Required.

• None Required - no signature required, section not digitally signed.
• Text/Signature Image - An uploaded signature image for the user will be used, if one is available. The user's name will be printed otherwise. The date of the signature, based on the user's browser settings, will also display.
• Wet Signature -  will present the signature entry dialog to capture the user's signature. The date of the signature, based on the user's browser settings, will also display.

Image Added

The Lock sign means that the next person in the workflow can not remove the signature and edit the signed data. A good use case is an employee performance review where the manager starts the form, and signs the review, and sends it to the employee. You would check Lock sign so the employee cannot unsign and edit the data entered by the manager.

The Must sign property makes the signature required. With Must sign, a form cannot be submitted or a workflow is not sent to the next person until the signature is added.Checking Must sign will disable the None Required option from the Signature dropdown and automatically selects Text/Signature Image. You can change the Signature dropdown to Wet Signature.  

Sections that are hidden/not hidden via a rule or the Visible property in the designer, behave as stated below with respect to Must Sign:

• If the must sign section is visible, then you must sign to make the form valid, regardless of the section's required status.
• If the must sign section is hidden and required and contains required controls, then the form cannot become valid.
• If the must sign section is hidden and not required, then the section becomes valid and the form becomes valid.

Image Added

Using Signed Sections

Let's look at the user experience when filling out a form with a Signed Section.

Consent to Sign

A consent to digitally sign statement is provided above the Sign this section button. It reads "By clicking the button below, you consent to the use of digital signatures." This element cannot be changed.

Image Added

Signing

Click anywhere in the signature panel or click the Sign this section button to sign. 

• Signed Section configured with the Wet Signature type will display a popup to capture the signature drawing via mouse, touchscreen or signature pad.
  Image Added
• Signed Section configured with the Text/Signature Image type will display the signature image, or if none is available, will display the message digest (first name, last name, and date).
  Image Added
• Signed Sections on workflow steps assigned to an email will display additional fields in the popup to verify the signature and capture first and last name. Those set to the Wet Signature type will also capture the signature drawing.
  Image Added
  
  If the email entered does not match the email assignment, the error message "Does not match the email address in the notification" will be shown and the signature will not be accepted until the correct email address is provided.
  
  Image Added

Authentication

Here's how the authentication works:

• When used in a standalone form or the first step of a public workflow, the user must be logged into  in order to sign the section.

• When used in a Workflow Step, this type of signature will authenticate the signer based on the Workflow Step assignment.

  • If the Workflow Step is assigned to a  User, that person must login to perform the step and sign the section.
    
    

  • If the Workflow Step is assigned to an Email address, when the anonymous user clicks to sign they will be prompted to enter the correct email address along with their first and last name to authenticate.

    Note
    Email Authentication does not work in workflows embedded in Confluence. This is because the user must login to Confluence to complete the task.

When the user signs and clicks Continue/Submit, a unique signature ID is created. You can see this ID under the signature on future steps and on the completed submission.

Image Added

Signed sections that are authenticated based on the logged in user will display "Digitally Signed (identity verified)" above the signature. Signed sections that are authenticated based on email address will display "Digitally Signed (email verified) above the signature.

Image AddedImage Added

After Signing

Once the user signs, all of the controls in the section become disabled and cannot be edited unless the user clicks Edit this Section. Clicking anywhere in the signature panel or on the Edit this section clears the signature and the date. The user can sign again, if desired.

Image Added

If a user clicks the Sign this section button and there are invalid or empty required controls in the section, they will see this error "An error has occurred. Your signature could not be saved because the Section you are signing contains invalid controls. Please enter valid information in all such controls and click the Sign button again."

Image Added

Signature Control

You can use the signature control to place a signature anywhere in your form. The Signature control allows the user to enter their signature using either a track pad/mouse, stylus or a touch screen during form completion. Authentication to the server is not required. If the Printable property is checked, the Signature image will be displayed on the PDF Snapshot of the form. Your browser must support HTML5 canvas technology for proper signature entry functionality.

...

All of the standard properties and settings apply to the signature control. For example, the required setting can be used to force the entry of a Signature in order for the form to be valid (in use mode). 

Image Removed

Signed Sections and Wet Signatures in Use Mode

Here is an example of a standard signed section on a Leave Approval form when the signature property is set to Text/Signature Image. Click anywhere in the signature panel or click the Sign this section button to sign.

Image Removed

...

Here is an example of a standard signed section on a form when the signature property is set to Wet Signature. If the section is signed, the user can modify it by selecting the Edit this section button. The button will toggle to Sign this section and the wet signature and date in the lightbox will clear.

Image Removed

Clicking on the Sign this section button, displays the signature entry lightbox shown in the image below provided an external signature device is not configured. See Signature control for details on its operation. Note that the signature image is scaled appropriately.The user will have to re-sign in order to re-lock the section.

Image Removed 

...

the required setting can be used to force the entry of a Signature in order for the form to be valid (in use mode). 

Image Added

Using Signature Controls

The user can sign using the Signature Control just by clicking anywhere on the control. They will get a popup signature box and can sign using mouse, touchscreen or signature pad. When they click "Done" the signature drawing will appear on the form. The user can clear or change the signature by clicking the control again.

Image Added

Image Added

Image Added

Topaz Electronic Signature Pad

If you have a Wet signature control in your forms/workflows, you may prefer to  use a device to capture a hand-written signature instead of the mouse or a touch screen. The Topaz Electronic Signature Pad is one such device that is now supported in . 

Image Added

Topaz devices are only supported for desktop workstations/laptops running the Windows Operating system. It is not supported for on mobile devices.

Forms and workflows can be made accessible to help individuals with visual and motor impairment. The Topaz Signature Pad works well when used in a form/workflow designed for  accessibility.

There are many models of electronic signature pads. You can find more information on the Topaz website. frevvo supports/certifies the following models:

• Model T-LBK462-HSB-R
• Model T-S460-B-R

A unit with -HSB or -BSB suffix on the model number is recommended for machines that only have USB ports.

The Topaz Electronic Signature pad works with a standalone Wet Signature control and when the Wet Signature control is configured in a signed section.

You can still use the mouse or touch screen to sign if a Topaz Signature pad is installed on your system.

In order to use a Topaz signature pad with a particular laptop or workstation, driver and web api software modules must be installed before connecting the device to your computer. Refer to the instructions below.

...

Installing the Topaz Electronic Signature Pad

...