OneSpan Sign Release 11.45: Enterprise Administration Enhancements

Duo Liang, December 1, 2021

OneSpan Sign version 11.45 was recently deployed to the preview and sandbox environments. In this latest version, we continued to improve the Enterprise Administration feature, delivered new features for the Virtual Room Signing, redesigned the Cookie Policy in a more user-friendly manner, and more. For a complete list of product updates, check the 11.45 Release Note. Also, refer to our Trust Center to find the deployment dates for all our environments.

In this blog, we will start with the newly introduced role permission in Enterprise Administration and showcase how this permission could allow you to perform actions on other user's transactions and templates. Then we will walk you through other new features which could benefit your integration. Without further delay, let’s get started!

Manage Other Users’ Transactions 

In OneSpan Sign, the Roles & Permissions feature allows admin users to categorize their users with similar needs and group them into a Role and then grant a set of permissions to the role, so that it determines which resources or actions these users can perform. 

As of release 11.45, a new permission "Manage users' transactions, templates, layouts (API)" has been introduced, which allows an API/SDK caller with this permission to create new transactions, templates, and layouts on behalf of other users and the ability to access and manipulate other users' ongoing transactions or existing templates and layouts.

12-1-1

To enable this feature, make sure the API/SDK caller has been granted the “API Access” and this new permission, and you are ready to create a transaction on behalf of other senders.

For REST users, when building the request payload, specify the sender information in the “sender” node, like below:

HTTP Request

POST /api/packages

HTTP Headers

Authorization: Basic api_key / Bearer access_token
Accept: application/json
Content-Type: multipart/form-data

Request Payload

{
  "roles": [
    {
      "id": "Role1",
      "signers": [
        {
          "email": "[email protected]",
          "firstName": "1.firstname",
          "lastName": "1.lastname",
          "company": "OneSpan Sign"
        }
      ]
    }
  ],
  "documents": [
    {
      "approvals": [
        {
          "role": "Role1",
          "fields": [
            {
              "page": 0,
              "top": 100,
              "subtype": "FULLNAME",
              "height": 50,
              "left": 100,
              "width": 200,
              "type": "SIGNATURE"
            }
          ]
        }
      ],
      "name": "Test Document"
    }
  ],
  "name": "Example Package",
  "language": "en",
  "description": "New Package",
  "status": "SENT",
  "sender": {
    "email": "sender's email"
  }
}

Similarly, SDK users need to specify the .withSenderInfo() function when building the transaction:

Java SDK

		DocumentPackage pkg = PackageBuilder.newPackageNamed("Example Transaction")
		        .withSigner(SignerBuilder.newSignerWithEmail("[email protected]" )
		                .withFirstName("John")
		                .withLastName("Smith")
		                )
		        .withDocument(DocumentBuilder.newDocumentWithName("document 1")
		        		.fromFile("file_to_path")
		        		.withSignature(SignatureBuilder.signatureFor("[email protected]")
		        				.onPage(0)
		        				.atPosition(100, 100)
		        				.withSize(250, 75))
		        		)
		        .withSenderInfo(SenderInfoBuilder.newSenderInfo("[email protected]"))
		        .build();

.NET SDK

            DocumentPackage superDuperPackage = PackageBuilder.NewPackageNamed("Example Transaction")
                    .WithSigner(SignerBuilder.NewSignerWithEmail("[email protected]")
                        .WithFirstName("John")
                        .WithLastName("Smith")
                        .WithCustomId("Signer1"))
                    .WithDocument(DocumentBuilder.NewDocumentNamed("SampleAgreement")
                            .FromFile("file_to_path")
                            .WithSignature(SignatureBuilder.SignatureFor("[email protected]")
                                    .OnPage(0)
                                    .AtPosition(175, 165))
                                  )
                    .WithSenderInfo(SenderInfoBuilder.NewSenderInfo("[email protected]"))
                    .Build();

Note:

  1. Creating layout on behalf of other users will be supported in the upcoming release.
  2. For now, the “Admin” role won’t be granted this permission by default. You’ll have to manually create a customized role and assign the role to your admin user. 

Show Signer Logo within iFrame

OneSpan Sign New Signer Experience features a more professional and intuitive UI interface and offers even more options to personalize your signing interface with your own corporate brand, including whether to show your logo when the signing experience is displayed within an iFrame.

This behavior is determined by the package setting: 

The screenshot below resembles what you can expect in both scenarios.

12-1-2

You can either specify the settings on a package basis or set the default value at the account level by contacting our support team.

Note:

  • Only available in New Signer Experience
  • The default value is false which maintains the existing behavior

Store Accepted Cookie Consent

To better protect users’ online privacy, it’s essential for OneSpan Sign signers to be aware what kind of cookies will be collected during their signing process and how these cookies could improve their user experience, functionality, and performance. 

When a transaction signer accesses the signing ceremony, they will be presented with the Cookie Policy and prompted to read carefully and determine whether to change their browser cookie settings. As of release 11.45, if a signer has accepted the cookie policy once, their acceptance will be stored in the browser cache, and the cookie policy will not reappear in subsequent visits. 

12-1-3

Since the cookie policy agreement is browser-specific, the same browser won’t have to re-accept the consent even visiting a different transaction or signing for a different signer. However, if the signer has cleared their browser cache or is accessing their browser window in Incognito/Private mode, the cookie policy will show up again.

Conclusion

There it is. In this blog, we demonstrated how the new account role permission allows admin users to perform actions on other user's transactions and templates and walked you through some other changed behaviors and improvements. If you have any questions regarding this blog or anything else concerning integrating OneSpan Sign into your application, visit the Developer Community Forums. Your feedback matters to us!
 

Duo Liang is a Technical Evangelist and Partner Integrations Developer at OneSpan where he creates and maintains integration guides and code shares, helps customers and partners integrate OneSpan products into their applications, and builds integrations within third party platforms.