Ascertia is delighted to announce the ADSS Connector for Microsoft SharePoint now supports Active Directory authentication for digital signatures. In this blog, we explain how this new feature benefits businesses.
ADSS Connector for Sharepoint
The ADSS Connector for SharePoint has always provided tight integration with the Microsoft SharePoint portal and ADSS Server Go>Sign Service.
Signing in SharePoint
It allows enterprise users to "click and sign" a document in SharePoint. The internal process first uploads the target document to ADSS Server, (converting the document to PDF/A if required) then shows it to the user using the ADSS Go>Sign Viewer.
The user can create digital signature fields and use the SharePoint 2013 workflow engine to send the target document(s) to other signers. The signers receive an email notification from SharePoint containing a link to the document.
When these signers open the document, it is displayed using Go>Sign Viewer. The user can sign using a locally held key and certificate (in software, USB token or smartcard), OR their centrally held signing key and (securely held by ADSS Server in software or an HSM).
How has ADSS Connector for SharePoint changed?
What is new is that ADSS Connector for SharePoint now integrates with Active Directory and uses this information to automatically register (or remove) users based on the AD entry. When users are registered on Active Directory, their centrally-held signing key and certificate are automatically generated. Of course, when they are removed their credentials are revoked and deleted.
This integration serves two purposes:
- It automatically generates key and certificate for all Active Directory users - for details follow this link ADSS Server now integrates with MS Active Directory
- It enables signers to use the Active Directory password for authentication and when authorizing digital signature creation
The following example illustrates this process:
The user clicks on the three dots next to a document in their library and selects the 'Sign with Go>Sign' option:
Clicking this opens the document inside the ADSS Go>Sign Viewer. The initiating user can draw one or more blank signature fields and optionally define the field name.
By default, this will be set to Signature 1, then Signature 2, etc and the order of the signer's details will define which field is allocated to which signer.
The user can then re-size the signature field and place it accordingly.
As a special option, the target signers Active Directory name can also be typed into this field to force it to be assigned to them.
Now if some one other than john.doe tries to sign the signature field, an error message is shown:
In this case, when the sixth signer wishes to sign they are asked to sign the field marked 'Signature6':
Clicking this signature field displays this signing dialog:
The 'User' field shows the user's Active Directory UserID. The ADSS Signing Service authenticates this Active Directory user. If okay, it creates their digital signature using their centrally-held key and certificate. If an incorrect password is specified an error message is displayed.
This shows the resulting digital signature:
The updated and digitally signed document is written back to the SharePoint library (and this triggers any configured workflow).
This Active Directory integration feature makes it easy for SharePoint users to access high-trust digital credentials and digitally sign their documents without the overhead of having additional usernames and passwords.