Enterprise setting for requiring authentication method by default (Box Login, SMS Authentication)
Currently on a per document basis require a user to authenticate into Box before completing a Box Sign request. Similar to file request we would like to see this as an enterprise default option under admin > enterprise settings > box sign
AdminKaitlin K
(Admin, Box)
shared this idea
-
Anonymous
commented
Building on this, the ability to have a default that is different for people managed in our environment vs. people external to our organization would be really beneficial.
-
Anonymous
commented
for our Federal Customers = they need stronger controls for esignature which require external signers to use some for of 2fa.
Request is to enforce 2FA at tenant level for all external signers - including when using CAC/PIV -
Anonymous
commented
If the signature request email is forwarded, it is possible to sign it by impersonating someone else.
Therefore, we would like to make sure that the BoxSign signer is always identified (Box sign-in) as a tenant-wide setting.
和訳:署名依頼メールを転送すれば、他人になりすまして署名が可能です。
よって、テナント全体の設定としてBoxSignの署名者は必ず本人確認(Boxサインイン)が行われるようにしたい。 -
The ability to lock specific authentication methods by admin across the enterprise for any signature request sent by sender.
-
Anonymous
commented
Allow Box admins to set SMS authentication as a default mandatory requirement in Box Sign
-
Anonymous
commented
We recognize that BoxSign is a very convenient function because it allows the signer's workflow to be completed on Box, but we have determined that it cannot be used in actual operations because it does not provide sufficient assurance of the signer's identity.
As described in the following website, signer authentication can be added, but it must be configured individually on each workflow, and we believe it is very risky to leave the configuration to the user.
https://support.box.com/hc/ja/articles/4406861109907-%E8%BF%BD%E5%8A%A0%E3%81%AE%E7%BD%B2%E5%90%8D%E8%80%85%E8%AA%8D%E8%A8%BCTherefore, we would appreciate it if you could improve the functionality so that the following parameters can be restricted in the Enterprise settings.
In particular, if (3) can be implemented, we recognize that Box login can be enforced and the identity of the signer can be verified more robustly and reliably.
(1) When two-factor authentication is applied, an SMS text message is sent to the recipient to confirm his/her identity.
②If a password is applied, the signer must enter the provided password before starting the signing process.
(iii) If Box login is requested, the signer must login to his/her Box account before starting the signing process. Only available for Enterprise Plus plans.----------------
BoxSignについては、利用することができれば押印ワークフローがBox上で完結することができるため大変便利な機能と認識しておりますが、署名者の本人確認の担保が不十分のため、実運用では利用できないと判断しております。
下記HPに記載の通り署名者認証を追加することはできますが、あくまで1ワークフロー上で個別に設定する必要があり設定をユーザに任せるのは大変危険だと考えております。
https://support.box.com/hc/ja/articles/4406861109907-%E8%BF%BD%E5%8A%A0%E3%81%AE%E7%BD%B2%E5%90%8D%E8%80%85%E8%AA%8D%E8%A8%BCそのため、下記パラメータをEnterprise設定で制限できるように機能改善いただけないでしょうか。
特に③が実装されることができれば、Boxログインを強制することができ、署名者の本人確認がより強固により確実に実施できると認識しております。
①2要素認証を適用した場合、本人確認を行うためのSMSテキストメッセージが受信者に送信されます。
②パスワードを適用した場合、署名者は署名プロセスを開始する前に、提供されたパスワードを入力する必要があります。
③Boxログインを要求した場合、署名者は署名プロセスを開始する前に、自分のBoxアカウントにログインする必要があります。 Enterprise Plusプランでのみ使用できます。 -
Michael
commented
Hi, it would be nice if this feature could be pre-assigned for all signings. We use the function as an additional identification criterion. Most of our signings are between people with Box accounts.
-
Vincent
commented
Specific content type must require signers to go through 2-factor authentication. We would like to have a way to enforce this, either as a folder option, or to set up this requirement to a user group.
