Ascertia ADSS connector for SharePoint now supports active directory authentication for digital signatures

Posted by Wahaj Khan on Nov 26, 2014 2:33:00 PM

The ADSS Connector for SharePoint has always provided tight integration with the Microsoft SharePoint portal and ADSS Server Go>Sign Service. This allows enterprise users to "click and sign" on a document in SharePoint. The internal process first uploads the target document to ADSS Server, (converting the document to PDF/A if required) and then shows it to the user using the ADSS Go>Sign Viewer. The user can create digital signature fields and use the SharePoint 2013 workflow engine to send the target document(s) to other signers. The signers receive an email notification from SharePoint containing a link to the document.

When these signers open the document it is displayed using Go>Sign Viewer and the user can sign using a locally held key and certificate (in software, USB token or smartcard), OR their centrally held signing key and (securely held by ADSS Server in software or an HSM). What is new is that ADSS Connector for SharePoint now integrates with Active Directory and uses this information to automatically register (or remove) users based on the AD entry. When users are registered on Active Directory, their centrally held signing key and certificate are automatically generated and of course when they are removed their credentials are revoked and deleted.

This integration serves two purposes:

  • It automatically generates key and certificate for all Active Directory users - for details follow this link ADSS Server now integrates with MS Active Directory
  • It enables signers to use the Active Directory password for authentication and when authorizing digital signature creation

The following example illustrates this process:

The user clicks on a document (the three dots) in their library and selects the 'Sign with Go>Sign' option:

Sign with GoSign.png

This opens the document inside the ADSS Go>Sign Viewer. The initiating user can draw one or more blank signature fields and optionally define the field name. By default this will be set to Signature1, then Signature 2, etc and the order of the signers details will define which field is allocated to which signer. 

ADSS GoSign Viewer.png

User can then re-size the signature field and place it accordingly.

As a special option the target signers AD name can also be typed into this field to force it to be assigned to them.

Signature Field Name.png

Now if some one other than john.doe tries to sign the signature field, an error message is shown:

error message.png

In this case when the sixth signer wishes to sign they are asked to sign the field marked 'Signature6':


Clicking this signature field displays this signing dialog:

signing dialog.png

The 'User' field shows the user's Active Directory UserID. The ADSS Signing Service authenticates this Active Directory user and then if okay creates their digital signature using their centrally held key and certificate. If an incorrect password is specified and error message is displayed.

This shows the resulting digital signature:

resulting digital signature.png

The updated and digitally signed document is written back to the SharePoint library (and this triggers any configured workflow).

This Active Directory integration feature makes it easy for SharePoint users to access high trust digital credentials and digitally sign their documents without the overhead of having additional usernames and passwords.

Ascertia – delivering trust to e-business systems, documents and workflows!