For business objectives that require a high threshold of transaction
security, configure your DocuSign integration to require additional authentication from
the envelope recipients.
For example, some businesses or government
institutions might require digital signatures to be verified by a Qualified Trust Service
Provider (QTSP).
Pega Platform supports the following advanced identity
verification methods:
Authentication through a Qualified Trust Service Provider (QTSP)
Authentication through a text message
Before you begin:
Save the pyRecipientIdentityVerification data transform
rule as part of your application ruleset, in the case type class that integrates
the DocuSign services.
Ensure that step 2.7 in the
pyAssignRecipientsToEnvelope data transform is enabled.
See the following figure for reference:pyAssignRecipientsToEnvelope step that enables recipient identity
verification
Verifying recipient identity with a Qualified Trust Service Provider
In this method, DocuSign requires a proof of identity that is verified by a
Qualified Trust Service Provider (QTSP) to complete an envelope.
Some industries, countries, or government entities might require recipients to digitally
sign documents by using a QTSP-verified proof of identity because this method provides
an increased level of identity assurance for digital signatures.
Before you begin: Add the advanced identity verification feature to your
DocuSign developer or production account by contacting your DocuSign account
administrator. For more information, see the DocuSign Developers documentation.
Find and open the pyRecipientIdentityVerification data
transform.
On the Definition tab, in step
2, ensure that the
.pyEnableIdentityVerification property is set to
false.
The .pyEnableIdentityVerification property enables or
disables phone-based identity verification.
Select the identity verification mode that matches your business needs:
For advanced identity verification that includes a QTSP with no
additional authentication steps, skip to step 4 of this task.
For advanced identity verification that includes a QTSP with such
additional security assurance as one-time password or text message, skip to
step 5 of this task.
If you use a QTSP but your business use case does not require additional
recipient authentication, perform the following actions:
In data transform step 9, enter the
following information:
Step
Property
Description
9.1
.pySignatureProviderName
The name of the digital signature provider for
the recipient to use.
For example, you can use the following
providers:"UniversalSignaturePen_ICP_SmartCard_TSP""universalsignaturepen_opentrust_hash_tsp""docusign_eu_qualified_idnow_tsp""universalsignaturepen_signer_held_eu_qualified"For more information, see the following
article in the DocuSign Developers documentation:
Use Digital
Certificate-Based Signatures for More Secure
Agreements
If you use a QTSP and your business use case requires an additional step for
recipient authentication, perform the following steps:
Disable step 9.1 of the data
transform.
In step 11, enter the following
information:
Step
Property
Description
11.1
.pySignatureProviderName
The name of the digital signature provider for
the recipient to use.
For example, you can use the following
providers:"UniversalSignaturePen_ICP_SmartCard_TSP""universalsignaturepen_opentrust_hash_tsp""docusign_eu_qualified_idnow_tsp""universalsignaturepen_signer_held_eu_qualified"For more information, see the following
article in the DocuSign Developers documentation:
Use Digital
Certificate-Based Signatures for More Secure
Agreements
Choose the additional authentication method:
Important: Consider the following
points:
The available authentication methods include a one-time
password or a text message.
You can use only one additional authentication method.
After configuring the data transform step for the preferred
authentication method, disable the step that corresponds to
the other method.
Step
Property
Description
11.2.2
.pyOneTimePassword
Specify a pre-shared, case-sensitive, one-time
password that the recipient must enter to
authenticate.
11.2.4
.pySms
Specify the phone number to which to send an
authentication text message.
The format is a + character, followed by
the country code, followed by the full mobile
phone number, without spaces or special
characters. For example:
"+48123456789"
For example: The following figure shows the advanced identity verification settings with
two-step authentication by using a text message. The steps that require your
input are highlighted.Advanced identity verification settings for DocuSign
Confirm your settings by clicking Save.
Verifying recipient identity with a text message
In this method, the envelope recipient receives a text message with an authentication
code that the recipient must enter to view their documents.
Find and open the pyRecipientIdentityVerification data
transform.
On the Definition tab, in data transform step
2, enable phone-based identity verification by
configuring the following step:
Step
Property
Description
2
.pyEnableIdentityVerification
Change the default value to
true.
The default value is
false.
Use SMS for phone-based authentication by configuring the following
steps:
Step
Property
Description
4
.pyRequireIdLookup
Enable ID lookup authentication by changing the sample
value in the Source column to
"true"
5
.pyIdCheckConfigurationName
Specify the authentication check type by changing the
sample value in the Source column to
"SMS Auth $"
In data transform step 6, provide the recipient's
phone numbers to which DocuSign sends the text message with an authentication
request:
Step
Property
Description
6.1.1
.pyValue
Provide the recipient's primary phone number, including
the country code.
The format is a + character, followed by the
country code, followed by the full mobile phone number,
without spaces or special characters. For example:
"+48123456789"
6.2.1
.pyValue
Provide the recipient's secondary phone number that
includes the country code.
The format is a + character, followed by the
country code, followed by the full mobile phone number,
without spaces or special characters. For example:
"+48123456789"
Optional: To add more phone numbers, perform the following actions:
For each additional phone number, create a copy of data transform step
6.1 or step
6.2.
In each copy, set the value of the .pyValue
property to the phone number to which you want to send an SMS
authentication request.
Disable data transform steps 9 and
11.
For example: The following figure demonstrates the SMS authentication configuration, in
which the steps that require your input are highlighted:Configuring additional SMS authentication for a DocuSign
envelope
