We will soon introduce the ability for admins and co-admins to enforce recipient authentication on all signature requests sent on behalf of the enterprise, giving them centralized control over how signers verify their identity before accessing and signing critical documents in highly regulated industries, public sector organizations, and security-conscious enterprises.
Government signers are often mandated to use CAC/PIV (Common Access Card / Personal Identity Verification) cards or multi-factor authentication (MFA) to sign documents. With this capability, we ae giving organizations in heavily regulated industries the ability to comply with strict compliance requirements
Currently, enforcing recipient authentication for each signature request is a manual process that relies on individual senders or template creators selecting the right settings for every single signature request, introducing compliance risks, human error, and operational overhead.
With the ability to enforce recipient authentication, admins will be able to automatically ensure that all signature requests sent from their enterprise are configured with a recipient authentication method, eliminating the need for manual user configuration and guaranteeing that every transaction meets your organization's strict security standards.
Admins will have the flexibility to enforce verification rules globally or target specific users or groups, like enforcing SMS authentication for external signers while allowing standard authentication for internal employees.
With this capability enabled, newly created signature requests and templates automatically pre-populate with the required verification method. Senders and template creators cannot bypass or configure the signer authentication settings. If a sender attempts to edit an existing request or template with an incorrect verification method, Box Sign will surface a clear validation error and a red banner, preventing non-compliant requests from being sent. Additionally, Existing active requests sent prior to the policy change remain unaffected, but any subsequent edits to those requests will automatically trigger the new enforcement rules.
Stay tuned to learn more about this release.