Document Management / Digital signature in apps

Digital signature in apps

In ELMA365, an electronic digital signature (EDS) is available for almost any app item, a document, a calendar event or a standard item, a loan request, for example.

In ELMA365, documents are signed with an encrypted and certified digital signature. EDS requires the crypto-provider certificate to be installed in the system. By now, ELMA365 supports the certificates issued by CryptoPro and NCA crypto-providers.

You can sign with a digital signature:

  • A file that you uploaded into an app item, a contract in .docx format, for example.
  • An app item attribute. Attributes are fields you fill in when creating or editing the app item. For example, a “Loan Request” app item has the “Loaner Name,” “Approver,” ”Loan Sum,” “Loan Security” attributes.

Configuring digital signature

Step 1. Enable digital signature provider extension

Go to Administration>Extensions>Digital Signature. Enable the appropriate extension: CryptoPro or NCA. Further setup is not needed.

Step 2. Configure signature settings in an app.

Open the app menu and select Signature settings. The settings come under two units: Access permissions and Field exclusions.

Access permissions

By default, no one has permission to sign app items. You need to specify the appropriate users, group, or org chart items in the Users with signing permissions field.

Field exclusions

Values of specific fields may be changed when you execute a business process, for example, the system “modification date” field. In case you have signed such a field, its signature will become invalid on a change of the field value.

Two solutions are available:

  • Exclude system fields by default. System fields are standard for all the app items. Created by the system, these fields are often used in business processes. For example, “ID,” “Index,” “Creation date.” If you enable this option, all system fields will not be signed except for Name and File in a document-type app and Start date and End date fields in an event-type app.
  • Configure signature fields manually. Configure the fields that should not be signed manually. A list of fields includes both system fields and the fields you have created during the app setup. Make sure the system fields that the business process may change, such as «status,» are selected for exclusion.

Signing an App item

If a digital signature is configured correctly, the Sign button is displayed on a page of an app item for users with permissions for signing. Click this button and fill in the fields in the window that opens:

  1. Select signature type: sign a document file, attached to an app item or sign attributes
  2. Select a digital signature provider that issued a certificate you are going to use for signing.
  3. Grant the operating system access to the certificate file if needed. The certificate selection window opens.
  4. Specify the certificate.
  5. The system checks whether the certificate is valid and notifies once the app is signed. After that, the Sign button will be hidden on the app page.

Signed App item page

Digital signature details are shown on the right panel of the app item page. They are:

digital-signature-in-apps-1

  • Signature type. Document file or app attributes.
  • Signatory;
  • Date of signature;
  • Signatures archive. The archive keeps the information about all the signed versions of a document. Also, you can download the list of signed attributes and a file with e-signature details there.

Until the signature is valid, you cannot resign the same app item. That’s why the Sign button is hidden on the app item’s page. The signature remains valid until the signed data is unchanged.

Editing a signed App item

If you edit a signed item of an app or the item is changed during process execution, the digital signature becomes not valid.  The bar on the right panel changes the status to “Signature not valid,” and the Sign button is accessible again. You can sign the app item again.

The Signatures archive keeps the details of each signature, so you can find out who and when signed each version.