Box Sign provides an extra layer of security by allowing senders to apply additional recipient authentication methods, including:
- Box account login: Requires the recipient to log in to their Box account before starting the sign process. (Available only on the Enterprise Plus plan)
- SMS authentication: Box sends the recipient an SMS text message to verify the recipient’s identity.
- Password authentication: Requires the recipient to input a password provided by the sender before starting the signature request process.
Senders can only select one of the available authentication methods from the dropdown per signature request.
- Activating additional authentication does not mean the signers also receive a signature request via text message.
- Box login is selected by default and locked as a requirement for CFR Part 11 signature requests.
To add a password for a recipient:
When preparing a document for signature:
- Add the email address of a recipient.
- Click the recipient's email address.
- Click Require Password.
- Under Enter Password type a password.
- Separately provide the password to this recipient.
To add SMS Authentication for a recipient:
When preparing a document for signature:
- Add the email address of a recipient.
- Click the recipient's email address.
- Select SMS Authentication in the dropdown.
- Select a country code.
- Visit Multi-Factor Authentication Set Up for your Account to learn more about which countries support SMS authentication.
- Type the recipient's phone number.
To require recipients to log in to Box:
When preparing a document for signature:
- Add the email address of a recipient.
- Click the recipient's email address.
- Select Box Login in the dropdown.
Note: If the recipient is part of an enterprise that has a Box account, they may need to contact their account Admin and confirm that they can be provisioned to authenticate themselves. If the recipient does not have a Box account to authenticate themselves, they can sign up for a free Box account here.
Revise Request
When revising a request that has already been sent out,, and the recipient has not signed or approved the request, senders can change the security settings for the recipient.
If SMS authentication and/or password authentication are applied, you will not have access to the previously chosen password or phone number, but you can replace them by clicking on ‘Change Password’ and ‘Change Phone Number’, if needed.
Once the recipient has signed or approved the signature request, the security settings cannot be changed.