This site has moved to the integrated Appfire documentation and information site for our apps.

From February 2024 this site is no longer updated.

Take a look here! If you have any questions please email support@appfire.com

Set up a reviewer signing token

Personal code setup prompt

If instance is using signing token, the first time a user is required to approve content in the in Approval state they will be prompted in the workflow popup to set up a signing token.

This needs to be set up before they can approve or reject the content. 

Choose setup personal code in the workflow popup.



A user can also set up a personal code through the Signing Token option in the page tools menu.


Both these options will open the Signing Token tab in the current user's profile

User Signing Token tab

Initial set up instructions for the authentication app are displayed in the Signing Token tab in the current user's profile.


The user must:

  1. Download and install an authentication app to a smart device or computer.
  2. Validate the setup of the app for the current instance using the email address that the user is currently using to login to Confluence.

Set up will vary according to the chosen app and the smart device operating system. Existing authentication apps on your device can be used to set up a new account to manage the personal code.


Initialize the signing token

Once the authentication app is installed on the user's device:

  • add the user email address used to login to Confluence to Step 2 Email Validation in the Comala Document Control signing token setup dialogue box.
  • choose Validate to generate a confirmation email with a link that will allow the set up of the authentication app account for the user on the device.


If required there is an option to resend this validation email.


To validate your email address choose the Go to Approval signing token settings link in the email.


The link for the email validation is time-limited to 15 minutes. After this period a new validation email is required.

The link returns you to the instance. A QRCode is displayed to use for the signing token setup using the authenticator app installed on your smart device.


To initialize the approval signing token, the QRCode must be scanned to your smart device authenticator app. This will generate an authentication account specific to the user email and Comala Documentation Control in the current instance.

Adding the approval signing token account to the authenticator app

The QR code will be used by the authenticator app to set up the authentication account linked to the user and the Confluence instance.

A signing token will be generated by your authentication app using the QRCode. 

  • the signing token code required is set as a 6 digit numeric code. This should be automatically set up in the app when the QRCode is scanned.
  • do not use any other options (if offered by the app) as only a 6 digit code is accepted by Comala Document Control.

This signing token is specific to the content review and will be different from any signing token you may use for access to your Confluence instance.


Scan the QRCode generated to your authenticator app.

The authenticator app will display a 6 digit numeric token.

The signing token is renewed every 30 seconds by the authenticator app.

Validating the authenticator app for the instance

Add the approval signing token to the user Comala Document Control signing token setup dialogue box.


Choose Validate.


  • signing token creation date and the token expiration date are displayed for the user.
  • Confluence global administrators can reset the need to initialize the signing token.


Signing tokens generated by the authenticator app can be used to undertake the In Approval state content review.

  • addding the signing token and the username to the workflow popup activates the content review for the user
  • the token is then validated when the user makes the approval decision.
  • the authenticator app generates a new valid numeric signing token every 30 seconds.
  • if the user navigates away from the content without undertaking the approval the next time they view the content a new time-based signing token will be required to activate the approval buttons.