Appendix: authentication capabilities
- Authentication methods in the Signature service are used by customers to help verify the identity of a signer by including measures to show that signers are who they say they are.
- Appropriate authentication of a signer prior to signing decreases the risk of fraudulent signing due to identity theft and improves data privacy.
- DocuSign offers multiple authentication options. Use of stronger authentication or multiple layers of authentication lowers the risk of contract repudiation.
DocuSign authentication capabilities
Using digital signature technology (also known as Public Key Infrastructure or PKI) can further reduce risk for regulated and high-value transactions and improve compliance with international, local, and industry-specific eSignature requirements.
With the Signature service specifically, customers can:
- Authenticate signers while they are interacting with a document due to the way information is captured
- Choose the level of signer authentication that best fits the situation and sensitivity of the document they are sending through the Signature service
- Determine how thoroughly signers must identify themselves before signing a document, with a choice of multiple optional levels of authentication, including access codes, SMS, phone, and knowledge-based identity check
Moreover, the Signature service audit trail tracks the authentication process automatically.
Signature service authentication options
The Signature service offers a number of authentication options, as shown below.
- Email Address: Signers must have access to the email address through which they received the envelope.
- DocuSign Account: Senders may choose to require signers to log in with their DocuSign account.
- Federated/Single Sign-On: The Signature service accepts and records authentication by other systems integrated with DocuSign via industry-standard protocols. As an option, single sign-on detects email domains at login and redirects to your domain’s identity provider for authentication
- Access Code: Signers receive a one-time code from the sender that they must enter into the Signature service in order to access the document (can be combined with other options below).
- SMS Authentication: A code is sent to the mobile phone number on record for the signer, who must then enter the code into the Signature service in order to access the document.
- Phone: Signers select from the phone numbers on record, or enter a new phone number, and the system dials the selected number. When they answer, the system prompts them to enter an authentication code using the phone keypad and then says their name, which is recorded.
- Knowledge-Based (KBA): This method requires the signer to answer questions about their past - the answers to which are publicly avialble, such as past address.
- eNotary: A notary authenticates the signer in person during the notarization ceremony as follows:
- Sender selects a specific electronic notary, and the notary and signer meet in person to complete the transaction
- The notary authenticates the signer just as they would for a paper signature
- The signer e-signs the document(s)
- The notary applies an electronic notary seal using DocuSign