Box Sign is now available on all business (Business , Business Plus) and enterprise (Enterprise, Enterprise Plus, Enterprise Suites) plans. Box will notify customers before Box Sign becomes available on Starter plans.
A sender initiating a signature request in Box must have the appropriate permissions to the file being sent out and the destination folder. Without download permissions, a user cannot initiate a signature request. In other words, a sender's collaborator role needs to be set as one of the following to send out a signature:
- Viewer Uploader
For more information on collaborator roles, visit: Understanding Collaborator Permission Levels
File and Folder Permissions
If the file for which a signature request is being initiated and folder where a signature request is being saved falls under one or more of these conditions, then additional permissions are needed to continue with signature request process:
- Restrictive collaborator permissions are set: see rows "Create Signature" and "Save Signature to a folder" for which permissions can be set.
- Classification label of content restricted to:
- shared link status set “people with the link”,
- downloading to a specified modality such as box drive, web app, or mobile.
- Malware scan detects threat within content, restricting downloads.
- See Restrict download of content in Shield Malware Detection.
- Contains a watermark.
When a sign request is triggered from a file in Box, or that is uploaded to Box via Box Sign, Box prepares the document as a PDF. This PDF document then goes through the sign workflow.
These PDF documents within the Box Sign workflow are always stored in Box regardless of whether the workflow is completed or is in progress. The content within the Box Sign workflow is always protected in the same way as your other Box content.
After all recipients sign the document, Box creates the signed copy as a PDF with a digital certificate, and generates a unique hash from this PDF so that any changes made to the document after the signing process is closed can be detected by comparing hash codes.