Overview
Setting up the first time requires a few special steps. You must
add an authentication app to your smart device
initialize the signing token for the user for Comala Document approvals by adding a new authentication account to the app
generate a token from the linked authenticator app
E-signature must also be enabled for the workflow.
Add the authentication app to your smart device
Download and install a 2 Factor Authentication (2FA) app through your device app store. Here are some possible examples:
Android: Authy, Google Authenticator, 1Password
iPhone: Authy, Google Authenticator, 1Password
You may already have an app installed if you have 2FA for other internet sites.
If you are already using 2FA for Confluence login, this is not the same.
A new authentication account will need to be added to the app that is just used for Comala Document approvals.
For example, the first time a user is required to approve content in the QMS workflow, they will be required to initialize the signing token to create their authentication account in the authentication app.
inWebo multi-factor authentication can also be used with Comala Document Management for Cloud. Using inWebo will disable the use of other 2FA apps and the OTP authentication is managed through inWebo.
Initialize Signing Token
The very first time a user is expected to approve a page, they are asked to set up a personal code.
Choose setup personal code.
The two-step setup process is shown:
You must first download and install the 2FA app on your smart device.
the approval signing token can be generated using a number of different apps such as Google Authenticator available from Google Play and Apple App Store
the authentication client must be installed and be linked to your email for the Confluence instance
Once the 2FA app is installed on your device
add your email address to Step 2 in Comala Document Management signing token setup dialogue box
choose Validate to generate a confirmation email with a link that will allow you to set up the authentication app installed on your device
There is an option to resend this email if required.
To validate your email address choose the Go to approval signing token settings link in the email.
The link for the email validation is time-limited to 15 minutes. After this period a new validation email is required.
The link returns you to the instance. A QR code is displayed to use for the signing token setup using the authenticator app installed on your smart device.
use of this QRCode or key is time-limited to 30 minutes
a key is also shown for the manual set up of the authenticator app
To initialize the approval signing token, the QRCode must be scanned to your smart device authenticator app. This will generate an authentication account specific to the user email and Comala Documentation Management.
Add the approval signing token account to the authenticator app
The QR code will be used by the authenticator app to set up the authentication account linked to the user and the Confluence instance.
A numeric signing token will be generated by your authentication app using the QRCode. This signing token is specific to the content review and will be different to any 2FA token you may use for access to your Confluence instance.
Scan the QRCode generated to your authenticator app.
Choose the account details (such as logo or name, if appropriate).
Choose Save.
note the six-figure numeric signing token
the approval signing token is renewed every 30 seconds by the authenticator app
Add the approval signing token to the Comala Document Management signing token setup dialogue box.
Choose Validate.
signing token creation date for the setup and the expiry date are both displayed
Confluence administrators can reset the need to initialize the signing token
Set up the approval signing token through the workflow report
An individual user can set up the signing token through the Document Report.
Select Document Report in the sidebar.
Choose the E-signature token setup link.
If the signing token setup is complete and valid, the link will display the Comala Document Management signing token setup complete! confirmation box.
If there is no valid token setup, the link will display the signing token setup dialogue box.
once set up for a user, new numeric signing tokens are generated every 30 seconds by the authentication app
at the time a user with e-signature set up undertakes an approval, the numeric signing token displayed by the authentication app will be required to activate the content review
The e-signature credentials are checked when the approve or reject decision is made.
Navigating away from the popup and returning later may require a new 6-figure numeric token generated by the authentication app.
Use an approval signing token to activate a review
In the content review workflow popup add your email address and the current authenticator app generated signing token displayed on your smart device.
If the signing token and email are accepted, the popup content review buttons become active for that user.
The content review for the In Approval state also requires an e-signature.
If the current user has already set up a signing token there is no prompt in the workflow popup. The approval buttons are simply disabled until the email and a token are added.
A different approval signing token generated by the authenticator may be required for the same user if more than one minute of time has elapsed since the use of any previous token.
When a valid signing token and email address are added, the review buttons are activated.
Where there are multiple reviewers, a separate approval signing token will be required by each reviewer.
Please note:
for usability, user validation is provided against previous, current, and the next calculated signing tokens generated by the authenticator app
the e-signature process will submit the user email address and approval signing token through Comalatech's secure server without storing these details
e-signature does not work if your site is configured to use single sign-on (SSO) through Atlassian Access
Approval signing token admin
Administrators can view all setup tokens for users in the instance.
Admins can:
remove the signing token for users, requiring users to re-authenticate with the app.
set a signing token expiry date for a user.