Overview

Each individual approval in the workflow can be configured to require reviewer identity authentication.

This adds a credentials prompt for a reviewer to the workflow popup for the individual approval.

Global administrators can choose the authentication method to be used for the approvals in the workflow.

The required credentials can be configured to be one of the following:

Confluence username and password

E-signature for an approval can be set by global admin to require a reviewer to authenticate their identity by entering their Confluence username and password.

The approval decision buttons are disabled until the reviewer adds the requested credentials to the workflow popup.

This can be:

  • the Confluence password for each user approval decision



  • the Confluence username and a password for each user approval decision

Entering the credentials will activate the Approve and Reject decision buttons. The credentials are validated when the reviewer makes their approval decision.

Signing Token

E-signature for an approval can be set by global admin to require a reviewer to authenticate their identity by entering their Confluence username and a time-based signing token.

The signing token is a time-based one-time password generated by a third-party app. The app must be set up by the user for the instance.

The approval decision buttons are disabled until the reviewer adds the requested credentials to the workflow popup.

This can be:

  • the time-based token for each user approval decision



  • the Confluence username and the time-based token for each user approval decision

Entering the username and token will activate the Approve and Reject decision buttons. The credentials are validated when the reviewer makes their approval decision.

Each reviewer will need to set up their own personal code for the instance using their Confluence login email address to set up a third-party app to generate the signing token for each review.

Setting up a signing token

The workflow popup for the approval will display a prompt to set up a personal code for a user if:

  • the approval requires reviewer authentication AND
  • the global e-signature configuration is set to require the use of a signing token

If the user has already set up a personal code the workflow popup will only display the credentials prompt for the username and a signing token.

To be able to electronically sign using a signing token a reviewer will need:

The user can then set up an account on the app to generate a time-based signing token. The signing token generated by the authentication app will be required each time the user needs to approve a page that requires an e-signature.



Once a user sets up the code with the third-party app the workflow popup will prompt for a signing token generated by the app to initialize the app to the user and the instance.

Each individual approval will then require a signing token from the authenticator app to activate the approval for the user.

  • the token is then validated when the user makes the approval decision.
  • the authenticator app generates a new valid numeric signing token every 30 seconds.
  • if the user navigates away from the content without undertaking the approval the next time they view the content a new time-based signing token will be required to activate the approval buttons.


Global administrators can reset existing valid setup codes for a user by choosing to Remove the user signing token in the Comala Document Management E-signatures Configuration screen

Global admins can also amend the signing token setup expiry date for a user signing token.

If the expiry date for the user signing token expires or the user signing token is removed by the global administrator the user will need to reset their personal code for the instance using the third-party 2FA app. 


User Guide

Authoring Guide

Confluence Administration