Authenticate recurrent signers to avoid to identify them at each signature session
Ones the signer is identified, if you want to allow the signer to sign several times,
you can define authentication methods that will allow him to sign without identify him again.
Authentication of the signers is used to validate that the signer is the one previously identified during an identification session. During this identification, a registration of authentication factor is processed to associate the identity of the signer to its credentials.
Based on requirements defined into the Signature Profile, different configuration are available
| Legally Binding Level | First Factor | Second Factor |
|---|---|---|
| Electronic/Simple | BySide: Email-Token Embedded: Signer-Secret | N/A |
| Digital/Advanced | BySide: Email-Token Embedded: Signer-Secret | - SMS-Nonce - TOPT - PassKey - eID |
| Digital/Qualified | BySide: Email-Token Embedded: Signer-Secret | - SMS-Nonce - TOPT - PassKey - eID |
When you use an Electronic/Simple signature, only one factor is required. When you use a Digital/Advanced or Digital/Qualified signature, two factors are mandatory.
below, a description of the different authentication methods available:
-
Email-Token
The signer receive an email with a link to access to a Signature Session.
The link contains a token that is used to authenticate the signer. -
Email-Nonce
The signer receive an email with a secret (6 numbers).
The Signer have to input them during the Signature Session.
This authentication method is used in the Electronic/Simple signature level in the case of an embedded signature because it's mandatory that Ignisign keep at least one authentication factor on its sole control. -
Signer-Secret
When the signer is created, a secret is generated and sent to the application by Webhook
The application have to provide the secret when the Signature Session. is initialized.
More information about this method is available in the Delegation of Authentication section -
SMS-Nonce
The signer receive a SMS with a secret (6 numbers).
The Signer have to input them during the Signature Session. -
TOPT
The signer initialize the TOTP during a authentication registration session (almost always linked to an Identification Session)
This intialization is done by scanning a QRCode with a mobile authentication application (Google Authenticator, Authy, ...)
The Signer have to input the secret generated by the application during the Signature Session. -
PassKey
The signer initialize a PassKey during a authentication registration session (almost always linked to an Identification Session).
The signer is invited to use its PassKey during the Signature Session.
PassKey is a technology linked to the W3C's WebAuthn standard.
This technology have been selected by Google, Apple And Microsoft to replace passwords (article)
This technology is mostly available on all modern browsers except Firefox for Now more info -
eID
The signer use its eID to authenticate itself.