Comala Document Control E-Signatures Now Utilize One-Time Passwords
Posted January 9, 2020 in Comala Document Control
CATEGORIESCanvas Jira Canvas OnDemand Case Studies Comala Agile Ranking Comala Canvas Comala Document Approval Comala Document Control Comala Document Management Comala Metadata Comala Publishing Comala Workflows Comalatech Comalatech Events
Today’s release of Comala Document Control for Confluence Cloud includes an important change to how electronic signatures are captured and processed. Teams will now utilize one-time passwords to digitally sign their documents. This replaces the previous implementation that utilized Confluence user names and passwords. The new process is secure, easy to use, and still meets the FDA’s standard for e-signatures in FDA 21 CFR 11.
How Does it Work?
Electronic signatures no longer require approvers to enter their user name and password to sign a document in Confluence. Instead, you will enter a one-time password (OTP) along with your user name. If you have ever had to enter in a code to activate an account, like Amazon or Twitter, you’ve already used a kind of one-time password system. The e-signature implementation used in Comala Document Control is essentially the same idea, but instead of receiving a code via SMS, users refer to apps on their phones.
The OTP, sometimes called a “token”, is generated by a third party app installed on your smart phone. The OTP token is temporary and will expire quickly, so you will be required to use a new token if too much time passes between approving pages. Once you enter the OTP into the dialog box, Comala Document Control will authenticate and validate it. As long as the code is entered correctly along with your user name, the approval will execute and will be logged as electronically signed.
Setting up OTP for the first time does take a few special steps.
- The first time you attempt to electronically sign a Confluence page, you will see a “Initialize Signing Token” button
- Press the button and a new page will open instructing you how to configure an OTP app on your phone
- Install the OTP app of your choice (or the one mandated by your IT team) and create an account.
- Once your account is set-up, it will ask you scan the QR code displayed by Comala Document Control
- Scan the QR code and it will register Confluence with your app
- The app will start generating OTP tokens that you can use for electronic signatures
Full instructions for the e-signature feature are available in our product documentation.
You may have some questions about one-time passwords and tokens, or e-signatures in general, but hopefully we can answer some of them:
- Q: Why did you make this change?
- A: Atlassian makes frequent update to its Cloud platform, and a planned change would have jeopardized the e-signature functionality. The planned change required us to explore the OTP approach.
- Q: Does this change impact Server/Data Center users?
- A: No, this new implementation has only taken effect in Cloud
- Q: Can you recommend specific password authenticator apps?
- A: There are links provided to several apps in the OTP set-up
Need More Help?
We want to make the transition to an OTP system as smooth as possible for our users. Teams utilizing e-signatures in Comala Document Control should already have a received an email with instructions on how to prepare for OTP. If you require more information, or if you’re confused about how to utilize e-signatures in your own Confluence Cloud deployment, please refer to the electronic signatures section of our product documentation. Need more help? We would encourage you to reach out to our support team with any further questions you may have.