Tip of the day

Support tickets can be submitted directly from application

Information Security

Estimated reading: 3 minutes 55 views

This chapter describes information security options in the template.

Also, apart from the identification options shown in this chapter, there are additional security settings under Projects.  For more information read here.

Activate OTP

Activating this option will generate a random 4-digit one-time password for entering the form by the person filling out the form. The password will be sent to the destination to which the action was sent.

In case the operation cannot be sent through Cellosign in SMS or email, it is not possible to use the OTP.

Default OTP validity is 5 minutes. Selecting the OTP option allows you to set a validity between one minute and 1440 minutes (which is a day).


The eIDAS standard implemented in the template generates a log of activity in the signature fields. Every event of signing or deleting a signature is saved in the system log and exported together with the results of the operation in an archive to email or to the core systems of your organization.

The sample output below is a sample of a signature deletion event:

Add browser timestamp to signature field

When set to ON the timestamp of the browser will be added to signature field:

Clone graphic signature for approval

When set to ON it will use the last signature added by the customer and insert it into the signature field for the customer’s approval.

Note: Although this is a signature that requires approval, it is recommended to consult the legal department to validate the solution of the process.

Combining input fields from the form to the signature field

In addition to a digital signature that is embedded in the product, it is also possible to embed input fields from the form into the signature field. In this way a signed document can be presented when the signature fields contain identifying details of the client.

Require password

When activated the client will be asked to fill in data that was inserted by the agent into the form, for example an ID Number. To activate this option, you must select an input field from the list of fields in the form.

The field label will also serve as a guide to the client regarding what to type.

Expiration in hours

A working assumption is that a form contains sensitive information such as personal details, photographs of sensitive documents and signatures. Each operation has a predefined lifetime, according to the following hierarchy:

  • At the project level: valid for 24 hours [1 day], unless otherwise applied.
  • At the template level: valid for 48 hours by default. Valid values between 1 to 960 hours. This value overrides the project default.
  • At the operation level [in integration only] that overrides all defaults.

If the form is not sent by the client, the token [the unique link to the action] will be deleted automatically after the action is expired and will no longer be accessible. The message to the customer “404”.

Additional parameters

Initialize controls on form loadWhen set to ON will clear all values when client opens a form. (Pre-populated values will also be cleared).
Collect geolocation dataWhen set to ON will collect geolocation data.


Leave a Comment

Share this Doc

Information Security

Or copy link